China’s Ministry of Internet and Information Technology (“MIIT”) has promulgated a new regulation targeting manufacturers of mobile smart devices (such as smart phones) that prohibits them from preinstalling certain apps that raise privacy, security, or prohibited content concerns. Entitled “Notice Regarding Strengthening the Management of Network Access for Mobile Smart Terminals,” the new regulation forbids mobile smart device manufacturers from pre-installing any app that:
- collects or modifies a user’s personal information without express notification and user consent;
- accesses a network without express notification or consent, causing unauthorized bandwidth use, monetary loss, information disclosure, or other negative consequences;
- affects the smart device’s normal operations or the safe operation of the telecommunications network;
- contains content restricted by PRC law (e.g., obscene, anti-government, or hate speech); or
- infringes a user’s personal information, safety, legitimate rights or interests, or prejudices the security of network information.
Under existing PRC law, smart device manufacturers must obtain a “network access” license for the smart devices they manufacture. Under the new regulation, manufacturers will be required to include in their license application materials the version of the operating system and basic information about the configuration of any pre-installed apps. If a manufacturer upgrades its operating system version or adds further pre-installed apps after it obtains a network license, it must file these changes with MIIT. (MIIT may refuse to accept the filing if the new applications violate related laws.)
Notably, the regulation focuses only on “pre-installed apps” and not, as in a previous draft version, “pre-installed apps” and “[applications] provided by other means.” This revision may reduce the likelihood that regulation would apply to apps installed post-sale, e.g., apps delivered via app stores, although we understand that MIIT is also currently drafting regulations targeting mobile app stores. An earlier draft contained a provision, absent in the final regulation, that would have extended the app restrictions described above to certain unnamed “partners” of smart device manufacturers. This revision clarifies that the regulation applies only to smart device manufacturers applying for or in possession of a network access license for the products they manufacture.
The new regulation emerges following increased national attention on consumer personal information disclosures. Most notably, China’s annual consumer affairs show — the “March 15 Consumer Rights Day Gala” produced by state-run CCTV — contained two pieces describing the potential risks of online personal information disclosure. At the close of one such segment highlighting the privacy risks of Android-based applications, the host informed viewers that “our country is already in the process of formulating related laws and regulations targeting the mobile internet.” The mobile device regulation discussed here appears to be the first of these new regulations.
The regulation will become effective November 1, 2013.
Readers interested in how other jurisdictions are addressing this and related issues may wish to review our summary of a recent European Union opinion covering app developers, smart device manufacturers, and app stores.
New Data Privacy Rules in China Target Mobile Smart Device Manufacturers and Online Content Providers (June 2012 Covington E-Alert)
(For Android segment click “安桌系统手机应用软件严重窃取用户资料” on the right hand menu.)