China gives 38 app operators five days to change their data collection practices
Dina Temple-Raston November 4, 2021

China gives 38 app operators five days to change their data collection practices

China gives 38 app operators five days to change their data collection practices

China’s Ministry of Industry and Information Technology (MIIT) notified the operators of 38 popular apps that they have five days to change the way they collect user data or face fines and penalties.

“Our department has continued to increase our oversight over apps and their infringements on users rights,” MIIT said in a statement announcing that it had embarked on a third “look back” investigation and found a roster of companies were not collecting user data correctly. “A total of 38 apps were found to have problems and their issues need to be rectified before November 9th.”

MIIT’s Partial List of Offenders

The Ministry’s announcement comes just three days after China’s Personal Information Protection Law (PIPL), went into effect on November 1. It has been seen as a Chinese version of the EU’s super-strict General Data Protection Regulation (GDPR). 

China’s PIPL fundamentally changes the way personal information is treated and gives Beijing a regulatory vehicle that allows it to tighten its control on how the country’s big tech companies use personal information and whether they can move it overseas. 

Yahoo announced late last month that its suite of services wouldn’t be available in mainland China once the law went into effect.

MIIT’s new list of data privacy law offenders reads like a Who’s Who of China tech companies. Tencent’s news and music apps, the social media platform Xiaohongshu, and the online dating app Tantan all stand accused of routinely having “excessive collection of personal information” and were told to make changes. 

Alibaba’s UC Browser was included on a list of companies MIIT says “forces, misleads, and deceives users” into giving the company personal information so, among other things, they can be targeted by push notifications.

The app developers could face fines of up to 50 million reminbi, or some $7.8 million, or up to 5 percent of their annual revenue. Authorities said they also reserve the right to remove platforms from app stores or pull their operating license. 

Back in March, Chinese regulators laid out the “appropriate amount of personal information” apps would be able to collect in order to maintain their core services. If they collect beyond that amount, they can be held accountable. Thursday’s announcement is part of that effort. The companies did not immediately respond to requests for comment. The full list of offenders (in Mandarin) is here.

Dina Temple-Raston is a senior correspondent at The Record, and previously served on NPR's Investigations team focusing on breaking news stories about national security, technology, and social justice.