Chinese authorities have identified a number of popular mobile applications that have allegedly collected personal information without the users’ consent.

China’s Ministry of Industry and Information Technology said on its official WeChat account that its report on the quality of telecommunications services in the first quarter of 2019 showed that major mobile developers allegedly over-collected or misled users regarding their personal information.

Popular apps such as CM Browser (a web browser), Ele.me (a platform that offers online food delivery service), Xiaohongshu (also known as RED, a social media and e-commerce platform for cosmetics), NetEase Kaola (a cross-border e-commerce market), Rong360 (a provider of customized financing and loan services) were named in the report. The ministry report claimed they had all been excessively collecting personal information without the user’s consent, and they also misled the users to agree to collect and use their personal information, jcrb.com reported.

According to an App Personal Information Disclosure survey conducted by China Consumers Association in July 2018, 85.2% of respondents said they had experienced unauthorised personal information disclosure, and 62.2% of respondents believed that the companies had collected their personal information without consent in the first place.

As early as in January this year, the Central Network Information Office, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the General Administration of Market Supervision, issued a joint statement on the governance of collecting and using personal information by app violations. This paved the way for law enforcement to step up actions against companies who were allegedly involved in illegal practices from January to December across China.

The announcement also pointed out that mobile app operators must strictly abide by the cybersecurity law when collecting personal information, and they are responsible for the security of any personal information they obtain. Also, they should not collect any information that is unrelated to the services provided.

Despite the announcement, however, some enterprises were still “going their own way”, putting their corporate image and their credibility at risk, the report said.

Although the cybersecurity law, consumer rights protection law, and e-commerce law all set out rules guiding mobile app developers on how they should hande personal information, there are loopholes or grey areas that some companies use to their advantage.

To better safeguarding users’ information, Chinese authorities might look at overseas regulations, such as the General Data Protection Regulations promulgated by the European Union in 2015 and the California Consumer Privacy Protection Act of 2018. These regulations give users the right to request the data controller to delete any personal information it has collected, the data controller must not refuse to provide goods or services due to the user’s prior refusal to provide relevant information, or charge different prices and rates for goods and services.