I believe that many iOS developers or iPhone users have received the following email, in fact, the domestic “personal privacy security” adapt wind has been blowing in the domestic major app stores for a while, this time Apple is also to comply with the trend to follow the policy, because on November 1 this year, the Personal Information Protection Law was officially implemented.

Developers who receive email may be a little confused, just implement it, and I have what to do with it?

However, with the recent update of iOS apps, more and more apps have started to “adapt” this rule, and you can also feel the trend of the picture.

We can see that each major application manufacturer has its own way to remind users, such as:

  • The home page popup box after updating the application (wechat, Bank of Communications, Ping an, B station), etc.
  • Remind users of agreement updates through the notification center (Ctrip);

Yes, adaptation is actually very simple, is to add reminders in the application, tell the user that the privacy terms and user agreement has been updated, the most important thing is to let him agree, and release a new privacy policy.

The updated content is mainly around several parts, among which the key content can be seen in the guidance of wechat:

  • A new export mechanism for personal information is added;
  • Disclosure of the scope and method of use of the collected information;
  • The standardization and processing of advertising using personal information to push advertising and big data killing;
  • Norms for sharing information;

Among them, the new export mechanism of personal information is very interesting. After the Personal Information Protection Law took effect, apps of various platforms began to adapt and upgrade. But if you look carefully, you will notice a key point: the right to “obtain copies of personal information”.

If you take a closer look at your update terms, you’ll see a lot of ways to “get a copy of your personal information”, such as the mysettings privacy Center personal Information download path.

To borrow the summary of the article “After the Individual Protection Law takes effect, the application for obtaining copies of Personal Information on major platforms”, that is:

  • The premise of obtaining a copy of personal information is basically expressed as follows:

    • (1) Compliance with relevant laws and regulations + technical feasibility;

    • (2) Permitted by law;

    • (3) Identity verification + no contrary provisions of laws and regulations + no contrary provisions of privacy policy;

    • (4) Directly inform the user of the right to obtain a copy without stating the premise in the terms;

 

  • The content contained in the copy of personal information is basically expressed as follows:

    • (1) Contents of personal account name;

    • (2) Collected personal information;

    • (3) We collect and store personal information;

    • (4) Basic information and identity information;

 

  • The means of obtaining copies of personal information are basically expressed as follows:

    • (1) Export from APP (no manual review required);

    • (2) Submit the application from the APP designated feedback interface (manual review is required);

    • (3) Contact the relevant privacy protection department through the designated contact information by email or telephone;

That is, users have the right to download and migrate their personal information, which can be pushed to the mailbox.

Because “individual protection law” article 45 provides that individuals have access to, copy their personal information (except for laws and regulations otherwise provided) and transfer personal information to its designated personal information processing rights (need to meet the requirements of the national network information department).

Regarding this point, you can refer to Alipay. The privacy protection functions of Alipay App update mainly include:

  • Check personal information files at any time
  • Managing Privacy Settings

The Personal Information Protection Act also specifies:

  • When information is pushed and commercial marketing is carried out to individuals through automated decision-making, options that are not specific to their personal characteristics should be provided or convenient rejection methods should be provided;

  • The processing of sensitive personal information such as biometrics, medical and health care, financial accounts, whereabouts and tracks should obtain the individual’s separate consent;

  • To order the suspension or termination of the provision of services to the application programs that deal with personal information illegally;

Yes, violations will be taken down. For example, the article “Rectification Plan summary of Common Problems of The Ministry of Industry and Information Technology” summarizes common problems caused by personal information being taken down.

In addition, not only your App has been adapted, the SDK also needs to be adapted. For example, the AUtonavi SDK pushed new updates for compliance, so remember to ask yourself about the SDK and non-compliance.

There is another important point, that is, the user does not agree, you do not use, users do not agree, you have to not collect, if really do not collect will affect the function, then please provide necessary feedback and proof to the platform.

What about Android? In fact, domestic personal privacy issues on Android has already been deployed, if it is in this year’s domestic application market should feel, but before each platform has its own standards, now is a unified specification.

Google Play has also updated its deployment protocols regarding permissions and privacy requirements. In fact, this privacy update is similar to the previous iOS privacy TAB update.

In addition, there is an important update about personal information in the future, that is to provide account cancellation function. As long as there is account function, to provide cancellation services.

I believe many large factories have followed this, but this time the platform stipulated a date, starting from the end of January mandatory service requirements, for example, the bank APP also provides cancellation services.

If the app does not include important account based features, please allow users to use it without logging in. If your app supports account creation, you must also provide account deletion within your app.

Finally, on November 8, the Ministry of Industry and Information Technology (MIIT) issued an interpretation of the Notice on promoting awareness of Information and Communication Services, in which it was pointed out that a list of personal information to be shared with third parties should be established.

The use of third-party SDK and other third-party services has become a common technical means in the process of App development and operation. It not only helps the rapid realization of App functions and services, but also causes some problems that infringe the rights and interests of users.

Alipay, for example, has a list of all the management of authorized third parties, and you can click on it to see what information each third-party app has about you.

Therefore, after the implementation of the Individual Protection Law, what we need to do is:

  • Let users and platforms know we’ve updated our terms;
  • When the user does not agree, it cannot be used but not collected;
  • Be prepared to export personal information support;
  • Support account logout;
  • Sharing personal information needs to provide management list, pay attention to laws and regulations;