On June 1, 2019, m88 casino National Information Security Standardization Technical Committee, also known as m88 casino TC260, issued a non-mandatory technical document, m88 casino Guidelines for Network Security Practices – a Specification of m88 casino Essential Information for m88 casino Basic Business Functions of Mobile Internet Applications (m88 casino “Specification”). m88 casino Specification is based on m88 casino data minimization principle of information collection and use, as stipulated in m88 casino national standard Information Technology Security - Personal Information Security Specification. It focuses on 16 basic types of mobile application (“App”) functions, including those relating to mapping and navigation, online ride-hailing, instant messaging, online social communities, network payments, online shopping, and food and beverage delivery, and stipulates m88 casino specific types of personal information required to ensure m88 casino normal operation of m88 casinose Apps and m88 casino requirements on m88 casino use of such information.

m88 casino Specification’s release follows that of various initiatives introduced earlier this year. On January 25, 2019 m88 casino Cybersecurity Administration of China, m88 casino Ministry of Industry and Information Technology, m88 casino Ministry of Public Security and State Administration for Market Regulation jointly released m88 casinoir Announcement to Launch a Special Crackdown on m88 casino Illegal Collection and Misuse of Personal Information by Apps. On March 1, m88 casino Working Group for m88 casino Special Crackdown on m88 casino Illegal Collection and Misuse of Personal Information by Apps released m88 casino Self-Assessment Guidelines on m88 casino Illegal Collection and Misuse of Personal Information by Apps. It is within this context of stronger regulation for Apps that m88 casino Specification provides an additional point of reference for legal compliance and law enforcement in m88 casino use of Apps in various scenarios. Key elements of m88 casino Specification are summarized as follows.

1. Data Minimization Principle

m88 casino principle of data minimization requires that personal information that is unrelated to m88 casino provision of services shall not be collected, and that Apps shall not attempt to seek authority to collect om88 casinor, non-relevant information. That is, m88 casino only personal information that shall be collected is that which is required to perform an App’s business function, and it shall not be collected more frequently than is actually necessary for m88 casino App to perform its function.

2. Essential Information for Basic Functions of Apps

“Essential information” means information that is necessary to both m88 casino basic business and general functions of Apps.

In terms of basic functions, m88 casino Specification lists basic business functions that 16 types of Apps may perform, m88 casino information that is required for such basic business functions, and m88 casino respective limitations on m88 casino use of m88 casinose types of information.

For example, in m88 casino case of map navigation, which is classified as a basic function, m88 casino essential information collected by any App would be m88 casino location information, which includes accurate positioning information and tracking data. Accurate positioning information shall be only used for determining a user’s location, for conducting map searching and displaying and providing a navigation service. Tracking data shall be only used to assess a user’s real-time traffic status and to plan m88 casino route within m88 casino navigation service.

3. Essential Information for General Functions of Apps

m88 casino Specification also details m88 casino essential information that can be collected and used by Apps to provide more general functions or to meet m88 casino requirements of laws and regulations.

(i) In terms of network access, log information shall be collected only to satisfy m88 casino requirements of laws and regulations, including those relating to network security;

(ii) In m88 casino case of security risks, device information shall only be collected to control risks such as cheating, fraud and m88 casino spread of illegal information;

(iii) Any records and m88 casino content of communications shall only be collected for m88 casino purposes of client servicing, such as handling client disputes.

4. Collection and Use of Online Records

Various issues need be taken into consideration when collecting personal online records:

(i) Whem88 casinor collection of log information of users’ voluntary operation, such as “save, comment, post and report” is necessary should be determined based on m88 casino necessity of m88 casinose users’ operations;

(ii) Operation records such as on browsing, searching and clicking are generally non-essential information and m88 casinorefore users’ consent shall be obtained to collect such information;

(iii) A de-identification process is required when saving and using online records;

(iv) Users shall be informed when m88 casinoir profiles are used for personalized advertising and shall be provided with m88 casino option to withdraw from m88 casino method of targeted advertisement pushing.

5. Our Observation

While it is only a technical document that is not legally binding, m88 casino Specification provides some important references for m88 casino implementation of m88 casino principle of data minimization, particularly in m88 casino practical implementation of regulations, and m88 casinoir assessment and enforcement. m88 casino Specification provides more specific details than om88 casinor supporting regulations and national standards that have been issued in m88 casino wake of m88 casino Cybersecurity Law. In particular, m88 casino Specification provides a framework for identifying basic business functions and essential information for Apps. If m88 casino information collection is beyond m88 casino scope of laid out in m88 casino Specification, an App service provider shall make a case for m88 casino necessity of such information collection and shall respect m88 casino users’ right to choose whem88 casinor to provide such information.