China: TC260 releases guidelines on using software development kits on mobile apps
The National Information Security Standardisation Technical Committee of China ('TC260') announced, on 27 November 2020, that it had released its Cyber Security Standards Guidelines for using Software Development Kits on Mobile Internet Applications. In particular, the guidelines highlight the responsibilities of app and software development kits ('SDK') providers in ensuring the protection of user information, noting that if both app and SDK providers determine the purpose and method of processing, they will be joint controllers and have joint liability. In addition, the guidelines examine common security issues surrounding the collection and use of personal information on SDKs, such as collection beyond the original scope and failure to specify the purposes of processing. Moreover, the guidelines outline basic principles and safety measures for apps that use SDK, app providers, as well as SDK providers.