China News Service, April 26. According to the website of the Ministry of Industry and Information Technology on the 26th, the Ministry of Industry and Information Technology, together with the Ministry of Public Security and the State Administration of Market Supervision, drafted the Interim Provisions on the Protection and Management of Personal Information in Mobile Internet Applications (Draft for Solicitation of Comments).

Among them, it is proposed that apps with serious violations such as failure to complete rectifications as required, repeated problems, technical confrontations, etc., will be directly removed; and apps that have been removed shall not be released again through any channels within 40 working days .

  According to reports, in recent years, the protection of personal information in my country has continued to increase, but there are still ambiguities in the rules, purposes, methods, and scope of personal information collection and use in apps. There are still loopholes in some links, and personal information protection is facing many problems and challenges.

  Considering that App governance is a long-term and complex system governance work, it is necessary to convert mature experience practices and management measures in recent years into institutional normative documents.

At the same time, in order to strengthen the system, integrity and synergy of the personal information protection management of the App, based on the summary of the special governance work experience, the "Interim Provisions on the Management of Personal Information Protection of Mobile Internet Applications (Draft for Comment)" were drafted and formed.

  The "Draft for Comment" has a total of 20 articles, which define the scope of application and the subject of supervision; establish the two important principles of "informed consent" and "minimal necessity"; detail App development operators, distribution platforms, third-party service providers, Terminal manufacturers and network access service providers have five types of subject responsibility and obligations; four regulatory requirements are proposed, including complaints and reports, supervision and inspection, disposal measures, and risk warnings. The main contents are as follows:

  The first is to define the scope of application and clarify the subject of supervision.

In terms of the scope of application, the "Draft for Comments" clarifies that App personal information processing activities carried out within the territory of the People's Republic of China shall comply with these regulations.

Where laws and administrative regulations have other provisions on personal information processing activities, those provisions shall prevail.

In terms of regulatory bodies, the "Draft for Comments" clarifies the joint working mechanism for personal information protection of apps. The State Internet Information Office, in conjunction with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration of Market Supervision, will improve and improve the joint working mechanism for the supervision and management of personal information protection for apps. Coordinate the promotion of policies, standards, and other related work, and each department is responsible for personal information protection and supervision and management of App within their respective responsibilities.

  The second is to clarify the two important principles of "informed consent" and "least necessary".

The "Informed Consent" of the "Draft for Comments" stipulates that those engaged in App personal information processing activities shall inform users of the personal information processing rules in clear and easy-to-understand language, and the users shall make a voluntary and clear expression of their intentions with full knowledge. And clarified the "six should" requirements.

The “Minimum Necessity” stipulates that those engaged in App personal information processing activities shall have a clear and reasonable purpose, and follow the principle of minimum necessity, and shall not engage in personal information processing activities beyond the scope of the user’s consent or irrelevant to the service scenario. Item shall not be required.

  The third is to standardize the responsibilities and obligations of subjects in key links.

The "Draft for Solicitation of Comments" regulates the entire chain, the entire subject, and the entire process of App governance, and stipulates App development operators, App distribution platforms, App third-party service providers, mobile smart terminal manufacturers, and network access service providers Specific obligations regarding the protection of personal information in the App.

  The fourth is to refine the procedures and specific measures for handling violations.

The "Draft for Solicitation of Comments" clarifies that if the relevant entities engaged in personal information processing activities violate the requirements, they shall be dealt with in sequence in accordance with the notice rectification, social announcement, removal of the shelves, disconnection, and credit management procedures, and specify the specific time limit requirements.

In particular, it is proposed that apps with serious violations such as failure to complete rectification as required, repeated problems, technical confrontations, etc., will be directly removed; and apps that have been removed shall not be released again through any channels within 40 working days Management requirements.

In addition, the supervision and management department will guide App distribution platforms and mobile smart terminal manufacturers to carry out risk warnings in the integration, distribution, pre-configuration, and installation links, and take prohibition measures if the circumstances are serious.

  In addition, the "Draft for Solicitation of Comments" also stipulates the legal responsibility and confidentiality obligations for violations of this regulation.