The Secretariat of the National Information Security Standardization Technical Committee ("NISSTC") recently enacted and issued the Practical Guide to Cyber Security Standards: Guide to Self-evaluation of Collection and Use of Personal Information by Mobile Internet Applications (App) (Draft for Comments) (the "Draft for Comments") for public consultation, which has ended by the moment.

The Draft for Comments outlines six key points of the evaluation: (1) whether the rules for collection and use of personal information are made public; (2) whether the purposes and methods to collect and use personal information and the scope of personal information to be collected and used are explicitly clarified; (3) whether users' consent to collection and use of personal information is obtained; (4) whether the principle of necessity is observed to collect and use only personal information directly related to the services offered; (5) whether personal information is offered without consent to others; and (6) whether the function for deleting or updating personal information is available as legally required, or information on how to lodge a complaint or submit a report is published. The Draft for Comments further clarifies the specific circumstances regarding each of these six points. For instance, the first point is crystallized into six specific questions, including whether the privacy policy and other rules on collection and use of personal information are provided.

(Source: National Information Security Standardization Technical Committee)