China’s internet watchdog posts revised app rules to tighten cybersecurity provisions even further
- It requires that app providers carry out a tough security assessment before launching ‘new technologies, new applications and new functions’
- The new amendments come amid a huge overhaul of China’s legal framework for online security and privacy in the past few years
The Cybersecurity Administration of China (CAC), the country’s internet watchdog, has published draft amendments to a 2016 app regulation that will place even more emphasis on data security and user privacy for app developers and publishers.
It requires that app providers carry out a rigorous security assessment before launching “new technologies, new applications and new functions” that have “opinion elements” or are capable of mobilising the public.
App providers should also immediately report to regulators if “any risks such as security flaws or loopholes” are detected. When apps process data, they should “perform the duty of protecting data security” and must not “harm national security, or legitimate public or individual rights”.
The new draft also stipulates that apps should collect user data in a “legal, proper, necessary and principled [way]” and that they must not reject users if they refuse to offer “unnecessary” personal information.
The new amendments come amid a huge overhaul of China’s legal framework for online security and privacy in the past few years, including introduction of the Personal Information Protection Law, the Data Security Law and the revised Minor Protection Law, which all became effective this year.
