事关互联网应用程序个人信息收集使用,新规来了
21世纪经济报道·2026-01-10 09:51

Core Viewpoint - The article discusses the draft regulations for the collection and use of personal information by internet applications, aiming to standardize practices, protect individual rights, and promote reasonable use of personal data [1]. Group 1: General Principles - The regulations are established to standardize the collection and use of personal information by internet applications, ensuring compliance with relevant laws such as the Cybersecurity Law and the Personal Information Protection Law [2]. - Internet applications operating within China must adhere to these regulations, including those collecting personal information from Chinese citizens while operating abroad [2]. - The collection and use of personal information must follow principles of legality, necessity, and integrity, and consent must be obtained from individuals [2][3]. Group 2: Responsibilities of Operators - Internet application operators are responsible for the collection and use of personal information and must ensure security measures are in place [3][4]. - Operators must conduct audits of embedded software development kits (SDKs) and distribution platforms to ensure compliance with personal information protection standards [4]. Group 3: User Information Transparency - Internet applications must provide clear and transparent information regarding the collection and use of personal information, including the purpose, method, and types of data collected [5]. - Applications with over 50 million registered users or 10 million monthly active users must publicly solicit feedback on their personal information collection rules [6]. Group 4: User Consent and Rights - Users must be informed of personal information collection rules at the first launch of the application and must provide explicit consent [9]. - Users should have the option to manage their personal information, including the ability to withdraw consent and request deletion of their data [10]. Group 5: Security Measures - Internet applications must implement adequate management and technical measures to protect the personal information of minors and prevent data breaches [9][20]. - In the event of a data breach, operators must promptly inform users and report to the relevant authorities [20]. Group 6: Supervision and Compliance - The national internet information department is responsible for overseeing compliance with these regulations, while local departments will manage enforcement within their jurisdictions [18]. - Operators must establish internal compliance management systems to prevent misuse of personal information and cooperate with regulatory inspections [19].