China’s Cyperspace Regulator Unveils New Personal Data Standards for Fintech Apps Following Harassment Issues


The Cyberspace Administration of China (CAC) has unveiled new standards for the collection of the personal data of users by apps, following problems with the use of such information by online lending platforms to harass late-paying borrowers.

CAC recently issued the draft version of the “Required Personal Information Scopes for Common Types of Mobile Online Apps” (常见类型移动互联网应用程序(App)必要个人信息范围), for the solicitation of opinions from the public.

The Scopes outline the required personal information scopes for 38 common types of apps, including online payments, online lending, investment and wealth management and mobile banking apps.

Analysts say the Scopes mark a major step forward for the protection of the personal data of fintech app users.

“The unveiling of such regulations and polices is highly necessary” said Yu Baicheng (于百程), head of the Lingyi Research Institute, to Securities Daily.

“Following the increasingly frequent usage of apps, the issue of personal privacy protections has become increasingly important

“This includes the common collection of excess information by apps, in breach of the principle of necessity, and the forced collection of personal information that is unrelated to their operational purposes.”

A number of online lending apps in China have come under fire for exposing the contact and messaging records of users, and using personal data as tool for harassing borrowers and expediting payment.

Under the draft regulations the required personal information scope for apps does not include contact records or camera data, and locational data is only categorised as required for navigational and ride hailing apps

For online payments apps, online lending apps and mobile banking apps, the required personal information only includes the registered mobile phone number and other identifying information of users, such as full names, identification numbers, and bank card numbers, as well as other information required for the completion of transactions.