Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

China: TC260 requests opinions on Guidelines for Management of Processing Activities of Mobile Apps

The National Information Security Standardisation Technical Committee ('TC260') requested, on 14 June 2022, public comments on the Guidelines for the Management of Personal Information Processing Activities of Mobile Internet Applications for Mobile Intelligent Terminals of Information Security Technology. In particular, the TC260 highlighted that the guidelines apply to the personal information security functions of mobile apps, and the management of personal information security risks. In addition, the guidelines outline five principles for personal information processing by mobile apps, requiring openness and transparency, convenient management, security of processing, detailed management control, and reasonable and appropriate management measures.

More specifically, the guidelines provide for the establishment of access controls to sensitive data, and for access controls to storage directories or the media, with authorisation required by the user where applicable. Furthermore, the guidelines note that with regard to access controls, mobile apps must establish access controls using unchangeable and unique device identifiers, including, among other things, restricting the apps capability of changing such unique identifiers, or the ability to randomise unique device identifiers.

Public comments can be submitted to [email protected] until 12 August 2022

You can read the announcement here and the guidelines here, both only available in Chinese.