China: TC260 requests opinions on Guidelines for Management of Processing Activities of Mobile Apps
The National Information Security Standardisation Technical Committee ('TC260') requested, on 14 June 2022, public comments on the Guidelines for the Management of Personal Information Processing Activities of Mobile Internet Applications for Mobile Intelligent Terminals of Information Security Technology. In particular, the TC260 highlighted that the guidelines apply to the personal information security functions of mobile apps, and the management of personal information security risks. In addition, the guidelines outline five principles for personal information processing by mobile apps, requiring openness and transparency, convenient management, security of processing, detailed management control, and reasonable and appropriate management measures.
More specifically, the guidelines provide for the establishment of access controls to sensitive data, and for access controls to storage directories or the media, with authorisation required by the user where applicable. Furthermore, the guidelines note that with regard to access controls, mobile apps must establish access controls using unchangeable and unique device identifiers, including, among other things, restricting the apps capability of changing such unique identifiers, or the ability to randomise unique device identifiers.
Public comments can be submitted to [email protected] until 12 August 2022