The Secretariat of the National Information Security Standardization Technical Committee ("NISSTC") recently enacted and issued the Practical Guide to Cyber Security Standards: Guidelines for the Safety Protection of Personal Information on Mobile Internet Applications (App) (Draft for Comments) (the "Draft for Comments") for public consultation, which has ended by the moment.

The Draft for Comments lays out the specific circumstances related to ten problems, including collecting personal information beyond the permitted scope, being impossible to cancel the registration of a user account or setting unreasonable conditions for such cancellation, and compelling users to grant authorization, and the corresponding precautionary measures. Among others, the Draft for Comments proposes that specific scenarios of APP's collection of personal information beyond the permitted scope include but are not limited to collecting irrelevant information, collecting non-essential information forcibly, and collecting information at an unreasonable frequency. In addition, the precautionary measures for such problem include but are not limited to seven measures, such as "not collecting personal information irrelevant to App services, not demanding the system authorization irrelevant to App services (such demand is not allowable even if the user is given an option to refuse to grant authorization)" and "observing the minimum necessity principle to collect/demand personal information/system authorization directly related to App services".

(Source: National Information Security Standardization Technical Committee)