Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
China: TC260 releases guidelines on using software development kits on mobile apps
The National Information Security Standardisation Technical Committee of China ('TC260') announced, on 27 November 2020, that it had released its Cyber Security Standards Guidelines for using Software Development Kits on Mobile Internet Applications. In particular, the guidelines highlight the responsibilities of app and software development kits ('SDK') providers in ensuring the protection of user information, noting that if both app and SDK providers determine the purpose and method of processing, they will be joint controllers and have joint liability. In addition, the guidelines examine common security issues surrounding the collection and use of personal information on SDKs, such as collection beyond the original scope and failure to specify the purposes of processing. Moreover, the guidelines outline basic principles and safety measures for apps that use SDK, app providers, as well as SDK providers.
You can read the press release here and the guidelines here, both only available in Chinese.