Privacy & Information Security Law Blog

On December 1, 2020, the Cyberspace Administration of China released draft rules on the “Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications” (the “Draft Rules”) (in Chinese).

According to the Cybersecurity Law of China, collection of personal information must follow the principles of legitimacy, propriety and necessity. Under the Draft Rules, “necessary personal information” is defined as personal information that is necessary to ensure regular operation of the basic functions of mobile applications (“apps”), without which the apps could not provide their intended basic functions. So long as users consent to the collection of necessary personal information, an app cannot prevent users from installing and using the app.

The Draft Rules specify 38 common types of apps and the scope of necessary personal information these apps may collect and use, which varies depending on the type of app. The common types of apps include: (1) map navigation; (2) online car-hailing services; (3) instant messaging; (4) online communities; (5) online payment; (6) online shopping; (7) food and beverage delivery; (8) mail, express mail and posting and delivery; (9) transportation ticketing; (10) marriage and dating; (11) job search and recruitment; (12) online lending; (13) housing rental and sales; (14) used car trading; (15) doctor inquiries and appointments; (16) tourism services; (17) hotel services; (18) online gaming; (19) online education; (20) local living; (21) women’s health; (22) car services; (23) investment and financial management; (24) mobile banking; (25) email and cloud storage; (26) remote conferencing; (27) webcasting; (28) online audio and video; (29) music video clips; (30) news; (31) sports and health; (32) internet browsing; (33) input methods; (34) safety management; (35) e-books; (36) photography enhancement; (37) application stores; and (38) utilities and practical tools.

Some types of apps do not require the collection of personal information for basic functional services, such as webcasting, online audio and video, music video clips, news, sports and health, internet browsing, input methods, safety management, e-books, photography enhancement, application stores, and utilities and practical tools. For these apps, users should be able to install and use the apps’ basic functions without providing personal information.

The Draft Rules are open for public consultation until December 16, 2020.