On 25 October 2019 the App Governance Panel published a new draft of the Information Security Technology – Basic Specification for Collecting Personal Information in Mobile Internet Applications.(1) A previous draft of the specification had been published for comment in August 2019.

The new draft specifies that when an app contains third-party codes or plug-ins which can collect personal data and the data subject cannot refuse such collection, the app operator should ensure that the third-party codes or plug-ins fulfil the obligation of protecting personal information. Further, when app operators collect personal data which falls outside the agreed scope of such collection, they should obtain the data subject's consent for doing so. Consent should also be obtained if sensitive personal data is involved.

The new draft also revises the list of 'necessary' personal data for a variety of apps, such as internet payment, financial loan and exercise and fitness apps.


(1) Further information is available here.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.