While apps are incredibly popular in China, in recent months some have been disappearing from app stores in the country because they do not comply with recent apps regulations. Indeed many companies are not even aware of the comprehensive new privacy compliance obligations for apps in China.
Under the new framework, app operators in China must:
- obtain express, voluntary, unbundled consent from app users to processing of their personal information in accordance with clear, concise privacy notices available on the app itself;
- provide unsubscribe (opt-out) mechanisms for personalised advertisements delivered via the app, and to enable users to de-register their accounts; and
- undertake a self-evaluation of their apps against 32 stringent and detailed compliance requirements (which are largely focused on the form, format and content of privacy notices/consents rather than the content of the app itself).
These requirements are set out in a joint announcement by China's cybersecurity regulators (MIIT, CAC and MPS, together with SAMR, published in January 2019), alongside subsequent self-evaluation guidelines (published in March 2019) and an Internet Safety Action Plan (published in June 2019).
These measures also confirm that non-compliant apps, and even those suspected of non-compliance, will be taken down from app stores in China. Reports have indicated that the regulators have already been proactively investigating app compliance and interviewing app operators over the past several months. Alongside these privacy enforcement activities, app stores have been taking down apps that do not have the requisite operating licenses from the relevant authorities (e.g. telecoms license, gaming license, etc.). The regulators have also issued formal requests demanding app operators rectify non-compliant practices within a prescribed period.
Therefore, businesses operating apps in China should as a matter of priority:
- review and update their app privacy notice, consent and unsubscribe language;
- undertake a self-assessment of the app against the new requirements;
- check whether your apps require any specific licenses and ensure that such licenses have been obtained; and
- continue to monitor developments, as draft amendments to the PIS Specification are anticipated to require some further changes to China privacy notices and consent languages in the coming months.