征意见！APP收集使用个人信息将有新规：不得偷拍偷听

Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Comments)" to enhance personal information protection and regulate the collection and use of personal information by internet applications [1][5]. Group 1: General Principles - The regulations aim to standardize the collection and use of personal information by internet applications, ensuring that such activities comply with relevant laws and protect personal information rights [5][6]. - Collection and use of personal information must follow principles of legality, necessity, and honesty, and must not mislead or coerce individuals [6][7]. Group 2: User Consent and Information Collection - Internet applications must inform users of the rules regarding personal information collection and obtain explicit consent, especially for sensitive information [1][6]. - Users should not be denied services if they refuse to provide personal information, except when such information is essential for service provision [1][6]. Group 3: Application Security Management - Internet applications must adhere to security management requirements, including clear disclosure of information collection rules and obtaining user consent through prominent notifications [8][9]. - Applications must provide options for users to manage their personal information collection preferences based on specific functionalities [11][17]. Group 4: Third-Party Data Sharing - Internet applications must obtain separate consent from users before sharing personal information with third parties [2][10]. - Applications are prohibited from collecting information from users outside their own data, except in specific cases where it is necessary for communication or data backup [2][10]. Group 5: Software Development Kits (SDKs) - SDKs must provide options for personal information configuration based on functionality, allowing applications to manage data collection practices [2][17]. - SDKs are required to respond promptly to user requests regarding personal information management [17][25]. Group 6: Distribution Platforms - Distribution platforms must strengthen the review process for applications, ensuring compliance with personal information collection regulations and maintaining a record of any violations [3][18]. - Platforms are required to complete audits of existing applications within six months of the regulations coming into effect [3][18]. Group 7: Smart Terminal Management - Smart terminals must obtain user consent for accessing various permissions and provide clear notifications regarding the use of such permissions [20][22]. - The operating system of smart terminals should display information about the permissions currently being accessed by applications [22][23]. Group 8: Supervision and Compliance - The National Internet Information Department is responsible for coordinating and supervising personal information protection across applications, SDKs, distribution platforms, and smart terminals [24][26]. - Entities that fail to comply with the regulations may face legal consequences, including criminal liability for serious violations [26][27].