Youdao(US:DAO) Zhong Guo Jing Ying Bao·2025-05-08 13:26Core Viewpoint - The ongoing governance of personal information collection by applications is highlighted, with specific issues identified in 15 apps and 16 SDKs regarding transparency and compliance with personal information protection laws [1][2][7]. Group 1: Issues Identified - 15 apps, including popular ones like Moji Weather TV version and Youdao Premium Course, failed to list the SDKs used for personal information collection and did not accurately state the purposes, methods, and scope of data collection [1][3][5]. - 16 SDKs were found to lack clear rules for personal information collection and did not respond timely to user rights requests, leading to increased risks of data misuse and compliance violations [2][6][7]. - The lack of transparency in data collection practices violates the "notice and consent" principle outlined in the Personal Information Protection Law, potentially exposing users to risks such as data theft and unauthorized sharing [7][9]. Group 2: Company Responses and Compliance - Companies like Moji Weather and Youdao have acknowledged the issues and are working towards compliance, with Moji Weather indicating that the TV version is not their main product and will undergo necessary rectifications [4][8]. - Some apps, such as Tuhu Car Maintenance, have already updated their versions to comply with the requirements, while others like Youdao Premium Course have not yet made necessary updates [8][9]. - The need for companies to enhance their understanding of legal regulations and improve compliance practices is emphasized, as non-compliance can lead to significant operational risks and reputational damage [9][10]. Group 3: Recommendations for Improvement - Companies are advised to integrate privacy design principles during the development of apps and SDKs, including data minimization and encryption [10]. - Establishing a security assessment system for SDKs and implementing dynamic permission management mechanisms are recommended to enhance data protection [10]. - Regular compliance audits and the establishment of user rights response systems are crucial for ensuring user rights are adequately protected [10].