APP forces facial recognition? Account cannot be cancelled? The Cyberspace Administration of China takes action

At present, various APPs on mobile phones have greatly facilitated people's daily lives, but personal privacy leaks have also occurred frequently. Some APPs often force users to authorize or they cannot be used, and there are also cases where "face recognition is required to enter the community". In the future, these situations will be governed by law.

On November 14, the Cyberspace Administration of China issued the "Network Data Security Management Regulations (Draft for Comments)", which aims to strengthen the construction of data security protection capabilities, ensure the orderly and free flow of data in accordance with the law, and promote the reasonable and effective use of data in accordance with the law.

The Draft for Comments states that data processors shall not refuse to provide services or interfere with an individual’s normal use of services because the individual refuses to provide information other than personal information necessary for the service.

The draft for comments also states that "it is not allowed to force individuals to agree to the processing of their personal information on the grounds of improving service quality, enhancing user experience, developing new products, etc.; it is not allowed to obtain individuals' consent through misleading, fraud, coercion, etc.; it is not allowed to induce or force individuals to consent to bulk personal information by bundling different types of services or applying for consent in batches."

In addition, when a user requests to terminate the service or cancel an account, the data processor shall delete the personal information or anonymize it within fifteen working days.

Previously, some residential property management companies had forced users to use facial recognition, and the draft for comments also has such provisions. It states that biometric features such as face, gait, fingerprint, iris, and voiceprint should not be used as the only way to authenticate personal identity, in order to force individuals to agree to collect their personal biometric information.

In addition to proposing rules for the processing of personal information, the Draft for Comments also makes various requirements for data processors, pointing out that any individual or organization conducting data processing activities must not illegally sell or provide data to others; nor must they obtain data by stealing or other illegal means.

[[435096]]