Release Date: 3/22/2021
Source: Cyberspace Administration of China website
Original Title: 关于印发《常见类型移动互联网应用程序必要个人信息范围规定》的通知
All provinces, autonomous regions, municipalities directly under the Central Government and Xinjiang Production and Construction Corps Network Information Office, Communications Administration, Public Security Department (bureau), Market Supervision Bureau (department, committee):
In order to implement the provisions of the “Network Security Law of the People’s Republic of China” that “network operators shall follow the principles of lawfulness, fairness, and necessity in collecting and using personal information” and “network operators shall not collect personal information irrelevant to the services they provide”, etc., The State Internet Information Office, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation jointly formulated the “Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications”, which clarified that mobile Internet application (App) operators shall not force users to agree to the collection non-essential personal information, nor refuse users to use App basic functions and services if they refuse such.
The “Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications” are hereby issued. Please guide and urge App operators in the region to implement them, strengthen supervision and inspection, promptly investigate and deal with violations of laws and regulations in the collection and use of personal information, and earnestly safeguard citizens’ legal rights in cyberspace.
Hereby informed.
Secretariat of the State Internet Information Office
General Office of the Ministry of Industry and Information Technology
General Office of the Ministry of Public Security
General Office of the State Administration for Market Regulation
Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications
Article 1 In order to regulate the collection of personal information by mobile Internet applications (Apps) and protect the safety of citizens’ personal information, these regulations are formulated in accordance with the “Network Security Law of the People’s Republic of China”.
Article 2 Apps running on mobile smart devices that collect users’ personal information shall comply with these regulations. Where laws, administrative regulations, departmental rules and regulatory documents provide otherwise, follow those provisions.
“App” includes mobile smart device presets, downloaded and installed application software, and mini programs that are developed based on the open platform interface of application software and can be used by users without installation.
Article 3 The “necessary personal information” mentioned in these regulations refers to the personal information necessary to ensure the normal operation of the basic functional services of the App. Without this information, the basic functional services cannot be implemented by the App. Specifically, it refers to the personal information of users on the consumer side, excluding the personal information of users on the service provider side.
Article 4 App shall not refuse users to use its basic functions and services because users do not agree to provide non-essential personal information.
Article 5 The scope of necessary personal information for common types of apps:
(1) Map navigation – the basic function service is “positioning and navigation”, and the necessary personal information is: location information, place of departure, and place of arrival.
(2) Internet car-hailing category – the basic functional services are “online taxi reservation service, cruise taxi call-up service”, necessary personal information includes:
1. Registered user’s mobile phone number;
2. Departure place, arrival place, location information, and whereabouts of passengers;
3. Payment information such as payment time, payment amount, payment channel, etc. (Internet rental car reservation service).
(3) Instant messaging – the basic functional service is “provide text, picture, voice, video and other network instant messaging services”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. Account information: account, instant messaging contact account list.
(4) Online community – the basic function service is “blog, forum, community and other topic discussion, information sharing and follow-up interaction”, the necessary personal information is: registered user’s mobile phone number.
(5) For online payment – the basic functional service is “online payment, cash withdrawal, transfer and other functions”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. Registered user’s name, certificate type and number, certificate validity period, bank card number.
(6) For online shopping – the basic functional service is “purchase goods”, and the necessary personal information includes:
1. Registered user’s mobile phone number;
2. The name (name), address, and telephone number of the consignee;
3. Payment information such as payment time, payment amount, and payment channel.
(7) For food and beverage delivery – the basic functional service is “food and beverage purchase and delivery”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. The name (name), address, and telephone number of the consignee;
3. Payment information such as payment time, payment amount, and payment channel.
(8) For express mail delivery – the basic functional service is “mails, parcels, printed matter and other items delivery services”. The necessary personal information includes:
1. Identity information such as the sender’s name, certificate type and number;
2. The sender’s address and telephone number;
3. Recipient’s name (name), address, and telephone number;
4. The name, nature and quantity of the items to be delivered.
(9) For transportation ticketing – the basic functional service is “traffic-related ticketing service and itinerary management (such as ticket purchase, ticket modification, ticket refund, itinerary management, etc.)”. The necessary personal information includes:
1. Registered user’s mobile phone number;
2. Passenger’s name, certificate type and number, and passenger type. Passenger types usually include children, adults, students, etc.;
3. Passenger departure place, destination, departure time, train number/ship number/flight number, seat type/class of class, seat number (if any), license plate number and license plate color (ETC service);
4. Payment information such as payment time, payment amount, payment channel, etc.
(10) Marriage and blind date category – the basic function service is “marriage and blind date”, necessary personal information includes:
1. Registered user’s mobile phone number;
2. The sex, age, and marital status of the relatives.
(11) For the job search and recruitment category – the basic functional service is “job search and recruitment information exchange”. The necessary personal information includes:
1. Registered user’s mobile phone number;
2. The resume provided by the job applicant.
(12) Online lending – the basic functional services are “personal loan application services for consumption and daily production and operation turnover realized through the Internet platform”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. Borrower’s name, certificate type and number, certificate validity period, bank card number.
(13) For housing rental and sale – the basic functional service is “personal housing information release, housing rental or sale”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. Basic information about housing: housing address, area/house type, expected price or rent.
(14) Second-hand car transaction category – the basic functional service is “Used car buying and selling information exchange”, the necessary personal information includes:
1. Registered user’s mobile phone number;
2. Purchaser’s name, certificate type and number;
3. The seller’s name, certificate type and number, vehicle driving license number, and vehicle identification number.
(15) For consultation and registration – the basic functional service is “online consultation and consultation, appointment and registration”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. When registering, the patient’s name, certificate type and number, and the hospital and department of the appointment should be provided;
3. A description of the condition should be provided during the consultation.
(16) Travel service category – the basic functional service is “Release and Order Travel Service Product Information”, and the necessary personal information includes:
1. Registered user’s mobile phone number;
2. Traveler’s destination and travel time;
3. Traveler’s name, certificate type and number, and contact information.
(17) Hotel service category – the basic function service is “hotel reservation”, and the necessary personal information includes:
1. Registered user’s mobile phone number;
2. The name and contact information of the guest, check-in and check-out time, and the name of the hotel.
(18) For online games – the basic functional service is “providing online game products and services”, and the necessary personal information is: registered user’s mobile phone number.
(19) For learning and education – the basic functional service is “online tutoring, online classroom, etc.”, and the necessary personal information is: registered user’s mobile phone number.
(20) For local life – the basic functional services are “housekeeping maintenance, home decoration, and second-hand item trading and other daily life services”. The necessary personal information is: registered user’s mobile phone number.
(21) For women’s health – the basic functional services are “health management services such as women’s menstrual period management, pregnancy, and beauty and body care”, and basic functional services can be used without personal information.
(22) Car service category – the basic functional services are “bicycle sharing, car sharing, car rental services, etc.”. The necessary personal information includes:
1. Registered user’s mobile phone number;
2. The certificate type and number of the user who uses the shared car or rental car service, and the driving certificate information;
3. Payment information such as payment time, payment amount, payment channel, etc.;
4. The location information of users who use shared bicycles and car sharing services.
(23) Investment and financial management – the basic functional service is “stocks, futures, funds, bonds and other related investment and financial management services”. The necessary personal information includes:
1. Registered user’s mobile phone number;
2. Investment and wealth management user’s name, certificate type and number, certificate validity period, certificate photocopy;
3. Fund account, bank card number or payment account number of investment and wealth management users.
(14) Mobile banking – the basic functional services are “bank account management, information inquiry, transfer and remittance services through mobile smart terminal devices such as mobile phones”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. User name, certificate type and number, certificate validity period, certificate photocopy, bank card number, mobile phone number reserved by the bank;
3. The payee’s name, bank card number, and account bank information must be provided when transferring funds.
(25) Mailbox cloud disk type – the basic function service is “mailbox, cloud disk, etc.”, the necessary personal information is: registered user’s mobile phone number.
(26) For remote conferences – the basic function service is “providing audio or video conferences through the network”, and the necessary personal information is: registered user’s mobile phone number.
(27) Webcasting – the basic functional service is “continuously provide the public with real-time video, audio, graphic and other forms of information browsing services.” Basic functional services can be used without personal information.
(28) Online audio and video – the basic functional service is “movie and music search and playback”, you can use the basic functional service without personal information.
(29) For short videos – the basic functional service is “video search and playback within a certain period of time”, and basic functional services can be used without personal information.
(30) News information – the basic function service is “browsing and searching of news information”, you can use the basic function service without personal information.
(31) In the sports and fitness category – the basic functional service is “sports and fitness training”. You can use the basic functional service without personal information.
(32) Browser category – the basic function service is “browsing Internet information resources”, you can use the basic function service without personal information.
(33) Input methods – the basic function service is “input of characters, symbols, etc.”. You can use the basic function service without personal information.
(34) Security management category – the basic functional services are “checking and killing viruses, cleaning malicious plug-ins, fixing vulnerabilities, etc.”, and you can use basic functional services without personal information.
(35) For e-books – the basic functional service is “e-book search and reading”, and you can use the basic functional services without personal information.
(36) Photo shooting and beautification category – the basic functional services are “shooting, beautifying, filters, etc.”, you can use the basic functional services without personal information.
(37) App store category – the basic function service is “App search, download”, you can use the basic function service without personal information.
(38) Practical tools – basic functional services are “calendar, weather, dictionary translation, calculator, remote control, flashlight, compass, clock alarm, file transfer, file management, wallpaper ringtones, screenshot recording, recording, and document processing, smart home assistant, constellation personality test, etc.”, without personal information, you can use basic functional services.
(39) For performance ticketing – the basic functional service is “purchase tickets for performances”, and necessary personal information includes:
1. Registered user’s mobile phone number;
2. The number of performances and seat number (if any);
3. Payment information such as payment time, payment amount, and payment channel.
Article 6 Any organization or individual who discovers violations of these regulations may report to relevant departments.
After the relevant department receives the report, it shall deal with it in accordance with the law.
Article 7 These regulations shall come into force on May 1, 2021.