Apps banned from collecting excessive user data in China
Recently, we'd received the rather disconcerting revelation that China has developed a government-backed system called CAID which is able to bypass Apple's App Tracking Transparency expected with iOS 14.5. Using iPhones' unique fingerprint ID's to track devices, CAID can collect user data even if the user declined to be tracked upon receiving Apple's obligatory prompt. For a while, Apple's silence on the subject made it seem like it was willing to let the Chinese tech giants get away with it in order to avoid souring business relations. Thankfully, Apple appeared to crack down when it recently stated that its privacy extends to all and that non-compliant apps could expect to be removed.
We are hearing a slightly different tune playing in China today when TechCrunch reported impending governmental restrictions on developers. In just over a month, apps within China will no longer be permitted to force users into accepting excessive data collection.
Until now, many developers have been denying users core app functionalities unless they agree to collection of extensive personal data, which is often entirely unrelated to the app's function. Take, for example, a navigation app seeking to collect face biometrics—as of May 1, this will no longer be legal. A China Daily publication claims that people have suffered financial losses due to having financial information coerced out of them and consequently misused.
With increasingly advanced technology, the collection of personal information has been extended to biological information such as an individual’s face or even genes, which could result in serious consequences if such information is misused.
Hereon out, navigation apps will only be able to access users' location, messaging apps—identity and contacts, etc. The Chinese Communist Party has not yet made it clear how this rule will exactly be enforced, although a range of data which 39 common app types are allowed to collect have already been listed out.
We seem to be getting mixed messages, what with this policy enforcement even while the same political bigwigs are funding CAID's development for the facilitation of data farming without user consent to IDFA collection. It would take a fair bit to convince anyone they have suddenly turned pro-privacy, considering all the data privacy fiascos leading to Huawei's disgrace among many other things, including China's immediate subversion of Apple's App Tracking Transparency policy.
Excessive data collection, especially to the extent that it has reached in China, has long been frowned upon in the United States. In Google Play's Developer Program Policy, besides data transparency, apps are already required to "limit [access], collection, use, and sharing of personal or sensitive data acquired through the app to purposes directly related to providing and improving the features of the app." Apple holds a similar policy called Data Minimization: "Apps should only request access to data relevant to the core functionality of the app and should only collect and use data that is required to accomplish the relevant task."
Although the EU's GDPR also has supporting data minimization laws, the United States doesn't enforce any overarching federal data protection laws, instead letting states create their own policies. CPRA, for example, already requires that collection of a consumer’s personal information be "reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed." Either way, it is nearly unheard of to be denied app functionality for failing to agree to collection of data entirely irrelevant to app functions.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: