The National Information Security Standardization Technical Committee said an app’s collection of personal information must have a clear purpose, be minimal and necessary, seek user consent, be transparent and safe.
The regulation listed detailed requirements on 16 kinds of apps. Short-video, news and dating apps can collect at most three types of personal information. Those offering maps and navigation can only access the user’s location information.[tu_countdown id=4874 design=4][/tu_countdown]
Apps that involve mobile payment functions can collect six kinds of personal information such as mobile phone numbers, bank accounts and IDs.
Personal financing or loan services apps should not access user contact lists without approval, though users can leave information on emergency contacts.