Further measures to protect presonal data: new requirements for obtaining type approvals for mobile devices in China

The PRC Ministry of Industry and Information Technology has recently released a draft notice on the proposed introduction of new requirements for granting type approvals for mobile devices to strengthen protection on personal data. The public consultation period for the draft notice will end on 30 June 2012.

The increasing popularity of mobile smart terminal devices such as smartphones and tablet computers also comes with the proliferation of mobile malware, which puts information security at risk. In order to protect the personal data of mobile device users, a draft notice was recently released by the Ministry of Industry and Information Technology (MIIT). The draft notice proposes to introduce new requirements on manufacturers of mobile smart terminal devices when they seek to obtain the type approvals for their products. Michelle Chan, Karen Ip and Clarice Yue provide an overview of key features and some observations below.

Mobile smart terminal devices are defined as "mobile telecommunications devices with an operating system which can allow end users to install application software".

According to the draft notice, manufacturers applying for type approvals for their mobile smart terminal products are prohibited from installing in their products or making available to users any application software which: 

• contains malicious codes;
• collects or changes the personal data of users without putting the user on notice or obtaining consent from the user;
• tampers with the telecommunications functions on the device causing unauthorised data usage and information leakage without putting the user on notice or obtaining consent from the user;
• contains information which is prohibited by the PRC telecoms and internet laws; or
• harms personal data, network or information security in any other means. 

Operators in co-operation with manufacturers in the production of mobile smart terminal devices are also subject to the above restrictions. 

The draft notice also proposes an on-going obligation on the part of the manufacturer to notify the MIIT of any major functional change or any newly installed application software in their products. 

Observations

These new requirements on the type approvals application appear to be for the purpose of enhancing the protection of personal data. In the absence of a general personal data protection law in China at present, these requirements, together with the regulations recently promulgated by the MIIT to regulate behaviours of internet companies do provide certain protection of personal data in China.  See our post on the recent regulations of 6 March 2012.