Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
China: TC260 requests opinions on Guidelines for Management of Processing Activities of Mobile Apps
The National Information Security Standardisation Technical Committee ('TC260') requested, on 14 June 2022, public comments on the Guidelines for the Management of Personal Information Processing Activities of Mobile Internet Applications for Mobile Intelligent Terminals of Information Security Technology. In particular, the TC260 highlighted that the guidelines apply to the personal information security functions of mobile apps, and the management of personal information security risks. In addition, the guidelines outline five principles for personal information processing by mobile apps, requiring openness and transparency, convenient management, security of processing, detailed management control, and reasonable and appropriate management measures.
More specifically, the guidelines provide for the establishment of access controls to sensitive data, and for access controls to storage directories or the media, with authorisation required by the user where applicable. Furthermore, the guidelines note that with regard to access controls, mobile apps must establish access controls using unchangeable and unique device identifiers, including, among other things, restricting the apps capability of changing such unique identifiers, or the ability to randomise unique device identifiers.
Public comments can be submitted to [email protected] until 12 August 2022
You can read the announcement here and the guidelines here, both only available in Chinese.