In recent years, APPs have been increasingly serious in violating regulations by collecting personal information, over-reach in rights, frequent harassment, infringing on user rights and privacy issues. How APP operators can meet regulatory requirements and achieve active defense of mobile risks has always been a key focus of the national government.

In order to further strengthen internet safety management and the compliant operation of mobile applications, the internet industry experienced a major wave in 2019, with a series of internet safety laws and regulations being successively issued. Today, let's take a look back together!

2019 Year-end Summary 

Review of Mobile Application Security Laws, Regulations, and Policies

• April 22nd, 'Guidelines for Internet Personal Information Security Protection'

Public security organs, in combination with the investigation and handling of network criminal cases of infringing on citizen personal information and the situations mastered in the safety supervision and management work, have worked with units such as the Beijing Internet Industry Association and the Third Research Institute of the Ministry of Public Security to study and formulate the 'Guidelines for Internet Personal Information Security Protection'.

It is to guide personal information holders to establish and improve the management system and technical measures for the security protection of citizen personal information, effectively prevent illegal behaviors of infringing on citizen personal information, and ensure the security of network data and the legitimate rights and interests of citizens.

• April 30th, 'Administrative Measures for Supervision and Management of Online Transactions (Consultation Draft)'

To implement the E-commerce Law, improve the norms and systems of online transactions, and promote the continuous and healthy development of online transaction activities, the State Administration for Market Regulation, based on the revision of the 'Administrative Measures for Online Transactions', drafted the 'Administrative Measures for Supervision and Management of Online Transactions (Consultation Draft)' and solicited public opinions.

• May 5th, 'Identification Methods for Illegal and Irregular Collection and Use of Personal Information by Apps (Consultation Draft)'

In order to clearly define illegal and irregular behaviors of Apps in collecting and using personal information, provide guidance for self-inspection and correction for App operators, and provide reference for App evaluation and disposal, the Specialized Work Group for App Governance drafted the 'Identification Methods for Illegal and Irregular Collection and Use of Personal Information by Apps (Consultation Draft)' and solicited public opinions.

• On May 13th, the 'Basic Requirements for Cybersecurity Protection of Information Security Technology Network Security Protection' was released.

In order to meet the security protection requirements of new types of network systems, the 'Basic Requirements for Information System Security Protection Technology' has been renamed to 'Basic Requirements for Network Security Protection Technology', and has been modified and updated in terms of standard name, protection object, chapter structure, control measures, etc., marking the formal entry of China's network security level protection work into the '2.0 era'.

• On May 28th, the National Internet Information Office: Comprehensive Implementation of the Anti-Addiction System for Minors in Network Video Platforms

Based on the experience of the pilot phase, the National Internet Information Office has expanded the coverage of the 'Anti-Addiction System for Minors', covering not only short video platforms but also 14 short video platforms such as Xiashu Video, Bilibili, Weishi, Weibo, and 4 online video platforms such as Tencent, iQIYI, Youku, and PP Video.

And for the first time, it incorporates major long video platforms into the anti-addiction system, implements unified standards, and further enhances the protection of minors.

• On June 1st, the Information Security Standardization Technical Committee: 'Practical Guidelines for Network Security - Basic Business Function and Necessary Information Specification for Mobile Internet Applications'

The focus is to implement the requirements proposed in Article 41 of the 'Cybersecurity Law', which states that 'network operators collecting and using personal information shall follow the principles of legality, propriety, and necessity, publicly disclose the rules for collection and use, explicitly indicate the purposes, methods, and scope of collection and use of information, and obtain the consent of the person collected', and 'network operators shall not collect personal information that is irrelevant to the services provided'. Adhering to the principle of 'minimum personal information required' proposed by relevant national standards, it addresses the issues of over-range collection, forced authorization, and excessive rights requests in the collection of personal information in mobile Internet applications with a large number of users and high social attention.

• On June 1st, the Ministry of Industry and Information Technology issued the 'Administrative Measures for Network Security Vulnerabilities (Draft for Comments)'

In order to standardize the reporting and publication of network security vulnerabilities (hereinafter referred to as 'vulnerabilities'), ensure that the vulnerabilities of network products, services, and systems are timely repaired, and improve the level of network security protection, this regulation is formulated in accordance with the 'National Security Law' and the 'Cybersecurity Law'.

• On August 23rd, the National Internet Information Office issued the 'Network Protection Measures for Children's Personal Information'

On the 23rd, the National Internet Information Office issued the 'Network Protection Measures for Children's Personal Information'. The provisions clearly stipulate that no organization or individual may produce, publish, or disseminate information that infringes on the security of children's personal information.

The provisions state that network operators shall establish special rules and user agreements for the protection of children's personal information, and appoint专人 to be responsible for the protection of children's personal information. The provisions shall be implemented as of October 1, 2019.

• On September 10th, the 'Network Ecosystem Governance Measures (Draft for Comments)'

The 'Network Ecosystem Governance Measures (Draft for Comments)' is formulated based on the 'Cybersecurity Law of the People's Republic of China', the 'Administrative Measures for Internet Information Services', and the 'Notice on Authorizing the National Internet Information Office to Manage Internet Information Content', etc., aiming to strengthen the governance of the network ecosystem, maintain a good network order, safeguard the legitimate rights and interests of citizens, legal persons, and other organizations, and build a clear and clean network space.

• October 22nd GB/T 35273 'Information Security Technology - Personal Information Security Specification' (Draft for Comments)

On December 20th, the National Internet Information Office issued the 'Regulations on the Governance of the Ecological Environment of Network Information Content', which will take effect from March 1, 2020.

The 'Regulations' clearly stipulate that users of network information content services should use the Internet in a civilized and healthy manner, fulfill corresponding obligations in accordance with the requirements of laws and regulations and the provisions of user agreements, and engage in civil and rational interaction, rational expression, and shall not publish illegal and unlawful information when participating in online activities in the form of posting, replying, leaving messages, and danmu. Users, producers, and platforms of network information content services shall not carry out illegal activities such as cyberbullying, human flesh search, deep forgery, traffic fraud, and account manipulation.

• November 20th The work of establishing facial recognition national standards has been fully launched

At the general meeting of the technical committee of the National Information Standardization Technical Committee for Biometric Recognition, the facial recognition national standard working group (hereinafter referred to as the working group) was officially established, consisting of 27 enterprises and institutions jointly organized by SenseTime Technology as the leading unit. The work of establishing facial recognition national standards has been fully launched.

• December 4th The Supreme People's Court issued the 'White Paper on the Internet Judicial Practice of Chinese Courts'

This is the first Internet judicial white paper issued by the Chinese courts and the first white paper in the world that introduces the innovative development of judicial practice in the Internet age.

The 'White Paper' fully showcases the institutional advantages and governance efficiency of China's Internet judicial system from five aspects. The main text includes 7 sections: overall development, professional trial system, convenient and people-oriented mechanisms, online litigation mechanisms, intelligent applications, judicial collaborative governance, and the judicial rule system; the appendix selects 10 representative and influential Internet judicial cases from the cases in the seventh part of the judicial rule system.

• December 30th 'Identification Methods for Illegal and Unlawful Collection and Use of Personal Information by Apps'

According to the 'Notice on Special Rectification of Illegal and Unlawful Collection and Use of Personal Information by Apps', this document provides a reference for identifying illegal and unlawful collection and use of personal information by Apps and implements laws and regulations such as the 'Cybersecurity Law'.

Summary

Personal privacy, vulnerability disclosure, data security, cybercrime, key infrastructure construction and protection, and national security are the hot keywords in the mobile internet field in 2019.

The country has reached an all-time high in the severity of penalties for network security violations and the number of policy and regulatory releases, and mobile application security has penetrated into all levels, including governments, enterprises, social organizations, and netizens.

Data is everywhere, computing is everywhere, and users are everywhere.

Whether driven by policy or the requirements of the security situation, mobile internet security has attracted the attention of governments, enterprises, and users. The world is entering an era of everything being connected, and with the continuous emergence of new technologies, new applications, and new threats, the vigorous development of the digital economy requires the efforts of all people.