China is on track to launch new rules that place limits on data collection by financial apps, amidst efforts to tighten regulation of the domestic fintech sector.
The Cyberspace Administration of China (CAC) recently led the issuance of a notice concerning the “Regulations on the Required Personal Information Scope of Common Mobile Online Apps” (常见类型移动互联网应用程序必要个人信息范围规定).
The Regulations, which are scheduled to come into effect on 1 May, stipulate that mobile apps are not permitted to collect the personal information of users without their consent unless it falls within the “required scope.”
They also outline the required personal information scopes for 39 types of apps that are common in China, including online payments, online lending, investment and wealth management and mobile banking.
Under the Regulations the required personal information for these four types of financial apps includes the mobile numbers of users, their full names, their identification type and identification number, and their bank card numbers.
It does not include the personal contacts, locational information or photo albums of mobile app users.
The move comes following the strong concern about the forcible collection of personal data and information on users by apps in China, including cases where lending platforms have accessed the chat records and photos of clients to use as leverage when prompting them to make payments.
In December 2019 China’s Ministry of Industry and Information Technology (MIIT) published a list of 41 apps that would be subject to “specialist rectification work,” including over 21 apps that were cited for the collection of personal information in breach of regulations.
In November 2020 the Guangdong province authorities established their own “app regulation platform” and appointed third party investigators to scrutinise over 5,000 apps, uncovering 237 that had potential problems.
“Following the frequent usage of apps by consumers, the issue of personal privacy protections has become increasingly important,” said Yu Baicheng (于百程), to Securities Daily.
“It’s quite common for apps to collect personal information beyond the [required] scope, and infringe the principle of necessity.
“Cases of forcible collection of personal information unrelated to operations are innumerable, and the launch of related regulatory policies is highly necessary.”