Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Comments)" to standardize the collection and use of personal information by internet applications, protect personal information rights, and promote reasonable utilization of personal information [1] Group 1 - Internet applications must inform users of personal information collection and usage rules prominently at the first launch through pop-ups [1] - Internet applications are required to provide a one-click access feature to personal information collection and usage rules in noticeable locations within the settings page for user convenience [1] - Internet applications can only request necessary personal information permissions when users are using specific functions and must inform users of the purpose of use, prohibiting preemptive requests [1] - If users refuse to provide information, internet applications must not frequently request it in a way that affects the normal use of other functions [1]

Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Comments)" to standardize the collection and use of personal information by internet applications, aiming to protect personal information rights and promote reasonable use of personal data [1][3]. Group 1 - Internet applications should only access camera and microphone permissions when users actively choose to use related functions, and must not access these permissions when users stop using the functions or in unrelated scenarios [3]. - The frequency of location permission access for applications requiring real-time positioning, such as navigation and delivery, should be limited to the minimum necessary for business functionality [3]. - Applications must not request background access to user location information unless required by law or necessary for the provided service [3]. Group 2 - Applications can use storage access frameworks provided by smart terminals when users choose to upload or send images or files, and must not request access to the user's photo album, contacts, messages, or storage [3]. - When requesting permissions for calendar, call records, camera, contacts, location, microphone, phone, messages, storage, and physical activity, smart terminal operating systems must prompt users for consent and provide options for fine-grained authorization based on time, frequency, and precision [3][4]. - Smart terminals should prominently display icons to inform users about the current use of permissions such as microphone, camera, and location [4].

Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Comments)" to enhance personal information protection and regulate the collection and use of personal information by internet applications [1][5]. Group 1: General Principles - The regulations aim to standardize the collection and use of personal information by internet applications, ensuring that such activities comply with relevant laws and protect personal information rights [5][6]. - Collection and use of personal information must follow principles of legality, necessity, and honesty, and must not mislead or coerce individuals [6][7]. Group 2: User Consent and Information Collection - Internet applications must inform users of the rules regarding personal information collection and obtain explicit consent, especially for sensitive information [1][6]. - Users should not be denied services if they refuse to provide personal information, except when such information is essential for service provision [1][6]. Group 3: Application Security Management - Internet applications must adhere to security management requirements, including clear disclosure of information collection rules and obtaining user consent through prominent notifications [8][9]. - Applications must provide options for users to manage their personal information collection preferences based on specific functionalities [11][17]. Group 4: Third-Party Data Sharing - Internet applications must obtain separate consent from users before sharing personal information with third parties [2][10]. - Applications are prohibited from collecting information from users outside their own data, except in specific cases where it is necessary for communication or data backup [2][10]. Group 5: Software Development Kits (SDKs) - SDKs must provide options for personal information configuration based on functionality, allowing applications to manage data collection practices [2][17]. - SDKs are required to respond promptly to user requests regarding personal information management [17][25]. Group 6: Distribution Platforms - Distribution platforms must strengthen the review process for applications, ensuring compliance with personal information collection regulations and maintaining a record of any violations [3][18]. - Platforms are required to complete audits of existing applications within six months of the regulations coming into effect [3][18]. Group 7: Smart Terminal Management - Smart terminals must obtain user consent for accessing various permissions and provide clear notifications regarding the use of such permissions [20][22]. - The operating system of smart terminals should display information about the permissions currently being accessed by applications [22][23]. Group 8: Supervision and Compliance - The National Internet Information Department is responsible for coordinating and supervising personal information protection across applications, SDKs, distribution platforms, and smart terminals [24][26]. - Entities that fail to comply with the regulations may face legal consequences, including criminal liability for serious violations [26][27].

Core Points - The National Internet Information Office of China is soliciting public opinions on the draft regulations for personal information collection and usage by internet applications, aiming to protect personal information rights and promote reasonable use of personal data [1][2] Group 1: Regulations on Personal Information Collection - Internet applications must only access camera and microphone permissions when users actively choose to use features like taking photos or sending voice messages, and not in unrelated scenarios [1] - The draft emphasizes that personal information collection should minimize impact on user rights and should be limited to what is necessary for providing products or services, prohibiting excessive data collection [1] - Applications are required to inform users of personal information collection rules prominently at the first launch and obtain explicit consent from users [1] Group 2: User Rights and Account Management - Internet applications must provide a convenient option for users to delete their accounts, and must complete the account deletion process within 15 working days, including deleting or anonymizing collected personal information [2] - Feedback on the draft regulations is open until February 9, 2026 [3]

Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Comments)" to standardize personal information collection and usage, protect personal information rights, and promote reasonable use of personal information [1]. Group 1: Internet Applications - Internet applications must inform users of personal information collection and usage rules prominently at the first launch through pop-ups [1]. - Applications should provide a one-click access feature to personal information collection rules in prominent locations within the settings [1]. - Applications can only request necessary personal information permissions when users are using specific functions and must inform users of the purpose of use [1]. - Users should not be frequently prompted for permissions that affect their normal use of other functions if they refuse [1]. - Applications should only access camera and microphone permissions when users actively choose to use those features, and not in unrelated scenarios [1]. - For real-time location services, the frequency of location permission requests should be limited to the minimum required for business functionality [1]. Group 2: Smart Terminals - When applications request permissions such as calendar, call logs, camera, contacts, location, microphone, phone, SMS, storage, and physical activity, smart terminal operating systems must obtain user consent through pop-ups [2]. - Smart terminals should display clear indicators at the top of the screen to inform users when permissions like microphone, camera, and location are being accessed [2]. - Terminal manufacturers must verify the identity and contact information of application operators when processing pre-installation requests, and applications without proper information or personal information collection rules will not be pre-installed [2]. Group 3: Feedback Deadline - The deadline for feedback on the draft regulations is February 9, 2026 [3].

Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Public Comment)" to standardize the collection and use of personal information by internet applications, protect personal information rights, and promote reasonable use of personal information, with feedback due by February 9, 2026 [1]. Group 1: General Principles - The regulations aim to standardize the collection and use of personal information by internet applications, ensuring compliance with relevant laws such as the Cybersecurity Law and the Personal Information Protection Law [3]. - Internet applications operating within China must adhere to these regulations when collecting and using personal information, including those that collect information from individuals in China while operating outside the country [3]. - The collection and use of personal information must follow principles of legality, legitimacy, necessity, and integrity, and must not involve misleading or coercive practices [3]. Group 2: Responsibilities and Transparency - Internet application operators are responsible for the collection and use of personal information and must conduct audits on embedded software development kits (SDKs) and distribution platforms [4]. - Operators must provide clear and transparent information regarding the collection and use of personal information, including the purpose, method, types of data collected, and user rights [6]. - Users must be informed of any changes to the collection and use rules, especially for applications with over 50 million registered users or 10 million monthly active users [7]. Group 3: User Consent and Rights - Internet applications must obtain explicit user consent before collecting personal information and cannot refuse service based on a user's refusal to provide information, except when the information is necessary for service provision [4]. - Users should have easy access to options for managing their personal information, including the ability to view, copy, delete, or restrict processing of their data [12]. - Applications must provide a straightforward process for users to cancel their accounts and must delete or anonymize personal information within 15 working days after account cancellation [12]. Group 4: Security and Compliance - Internet applications must implement adequate management and technical measures to protect the personal information of minors and prevent unauthorized access or data breaches [11]. - The regulations encourage the establishment of self-regulatory mechanisms within the industry to guide members in lawful personal information collection and usage [6]. - The National Cybersecurity Department will oversee compliance with these regulations, and violations may lead to administrative penalties or criminal liability [37].

Macro Dynamics - The National Internet Information Office has drafted regulations for the collection and use of personal information by internet applications, aiming to protect personal information rights and promote reasonable use [2] - The regulations require apps to request necessary personal information only when users are using specific functions and to inform users of the purpose of data collection [2] Market Regulation - The State Administration for Market Regulation has revised the "Complaint and Reporting Handling Measures" to enhance consumer rights protection and regulate malicious claims [3] - Key revisions include strengthening rights protection, optimizing complaint jurisdiction, improving reporting procedures, and preventing abuse of the system [3] Market Data - On January 9, US stock indices closed higher, with the Dow Jones and S&P 500 reaching all-time closing highs [7] - Intel saw a significant increase of over 10%, marking its largest single-day gain since September, while Tesla and Meta also experienced gains [7] Company Dynamics - Walmart will be included in the Nasdaq-100 Index on January 20, 2026, replacing AstraZeneca [9] - OpenAI and SoftBank announced a joint investment of $1 billion in SB Energy, part of the "Stargate" initiative, with plans for a 1.2GW data center in Texas [10]

Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Public Comment)" and is seeking public feedback on the proposed rules [1] Group 1: Personal Information Collection and Use - Internet applications must fully inform individuals about the rules for collecting and using personal information and obtain consent from the information subjects [1] - Separate consent is required for the collection and use of sensitive personal information [1] - Internet applications must obtain individual consent before providing personal information to third parties [1] Group 2: User Access and Control - Internet applications are required to provide a one-click access feature to the rules for collecting and using personal information in prominent locations, facilitating user review and storage [1] - Clear and understandable language must be used to outline methods for users to access, copy, transfer, correct, supplement, delete, restrict processing of personal information, as well as account cancellation and consent withdrawal [1] Group 3: Application Pre-Approval Process - Smart terminal manufacturers must register and verify the true identity and contact information of internet application operators when processing pre-installation applications [1] - Applications that do not provide the required information or provide false information will not be pre-installed if they lack personal information collection rules, account cancellation features, or methods for deleting personal information [1]

Core Viewpoint - The National Internet Information Office has drafted the "Regulations on the Collection and Use of Personal Information by Internet Applications (Draft for Comments)" to standardize the collection and use of personal information, protect individual rights, and promote reasonable utilization of personal data [1] Group 1: Regulations on Personal Information Collection - The draft stipulates that the collection and use of personal information should minimize the impact on the rights of individuals and be limited to what is necessary for providing products or services [1] - Internet applications must inform users of the rules regarding personal information collection and usage through prominent means, such as pop-ups, at the first launch, and obtain explicit consent from users [1] Group 2: Restrictions on Data Access - Internet applications are prohibited from accessing personal information of individuals other than the user, such as contacts, call logs, and SMS, unless necessary for communication, adding friends, or data backup [1] - Any provision of personal information to third parties requires separate consent from the user [1] Group 3: User Account Management - Internet applications must provide a convenient function for users to cancel their accounts [1] - Upon account cancellation, the application is required to complete the process within 15 working days and delete or anonymize the collected personal information [1]

Core Viewpoint - The article discusses the draft regulations for the collection and use of personal information by internet applications, aiming to standardize practices, protect individual rights, and promote reasonable use of personal data [1]. Group 1: General Principles - The regulations are established to standardize the collection and use of personal information by internet applications, ensuring compliance with relevant laws such as the Cybersecurity Law and the Personal Information Protection Law [2]. - Internet applications operating within China must adhere to these regulations, including those collecting personal information from Chinese citizens while operating abroad [2]. - The collection and use of personal information must follow principles of legality, necessity, and integrity, and consent must be obtained from individuals [2][3]. Group 2: Responsibilities of Operators - Internet application operators are responsible for the collection and use of personal information and must ensure security measures are in place [3][4]. - Operators must conduct audits of embedded software development kits (SDKs) and distribution platforms to ensure compliance with personal information protection standards [4]. Group 3: User Information Transparency - Internet applications must provide clear and transparent information regarding the collection and use of personal information, including the purpose, method, and types of data collected [5]. - Applications with over 50 million registered users or 10 million monthly active users must publicly solicit feedback on their personal information collection rules [6]. Group 4: User Consent and Rights - Users must be informed of personal information collection rules at the first launch of the application and must provide explicit consent [9]. - Users should have the option to manage their personal information, including the ability to withdraw consent and request deletion of their data [10]. Group 5: Security Measures - Internet applications must implement adequate management and technical measures to protect the personal information of minors and prevent data breaches [9][20]. - In the event of a data breach, operators must promptly inform users and report to the relevant authorities [20]. Group 6: Supervision and Compliance - The national internet information department is responsible for overseeing compliance with these regulations, while local departments will manage enforcement within their jurisdictions [18]. - Operators must establish internal compliance management systems to prevent misuse of personal information and cooperate with regulatory inspections [19].