TechCrunch reported impending governmental restrictions on developers. In just over a month, apps within China will no longer be permitted to force users into accepting excessive data collection.We are hearing a slightly different tune playing in China today when
Until now, many developers have been denying users core app functionalities unless they agree to collection of extensive personal data, which is often entirely unrelated to the app's function. Take, for example, a navigation app seeking to collect face biometrics—as of May 1, this will no longer be legal. A China Daily publication claims that people have suffered financial losses due to having financial information coerced out of them and consequently misused.
Hereon out, navigation apps will only be able to access users' location, messaging apps—identity and contacts, etc. The Chinese Communist Party has not yet made it clear how this rule will exactly be enforced, although a range of data which 39 common app types are allowed to collect have already been listed out.
We seem to be getting mixed messages, what with this policy enforcement even while the same political bigwigs are funding CAID's development for the facilitation of data farming without user consent to IDFA collection. It would take a fair bit to convince anyone they have suddenly turned pro-privacy, considering all the data privacy fiascos leading to Huawei's disgrace among many other things, including China's immediate subversion of Apple's App Tracking Transparency policy.
Excessive data collection, especially to the extent that it has reached in China, has long been frowned upon in the United States. In Google Play's Developer Program Policy, besides data transparency, apps are already required to "limit [access], collection, use, and sharing of personal or sensitive data acquired through the app to purposes directly related to providing and improving the features of the app." Apple holds a similar policy called Data Minimization: "Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task."
Although the EU's GDPR also has supporting data minimization laws, the United States doesn't enforce any overarching federal data protection laws, instead letting states create their own policies. CPRA, for example, already requires that collection of a consumer’s personal information be "reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed." Either way, it is nearly unheard of to be denied app functionality for failing to agree to collection of data entirely irrelevant to app functions.