亚洲不卡一区二区av,国产精品乱一区二区三区,另类亚洲综合区图片小说区,99人妻精品日韩欧美一区二区`

GB/T 41391-2022

Information security technology—Basic requirements for collecting personal information in mobile internet applications (English Version)

GB/T 41391-2022
Standard No.
GB/T 41391-2022
Language
Chinese, Available in English version
Release Date
2022
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Latest
GB/T 41391-2022
Scope
This document specifies the basic requirements for apps to collect personal information, and gives the scope and usage requirements of common service types of apps necessary for personal information. This document is applicable to App operators regulating their personal information collection activities, and also applicable to the supervision, management and evaluation of App personal information collection activities by regulatory authorities and third-party evaluation agencies.
Introduction

Interpretation of the core content of the standard

Core principles Specific requirements Compliance examples
Minimum necessary collection Personal information collection is limited to the minimum scope of realizing the function, and the frequency and accuracy must be reasonable Map navigation apps only collect the departure point, arrival point, and real-time location
Functional division Distinguish between basic business functions and extended business functions, corresponding to necessary/non-essential personal information respectively E-commerce apps list product purchase as a basic function and personalized recommendations as an extended function
Information and consent Inform core policies in a prominent manner, and separate consent for necessary and non-essential information Use layered pop-up windows to clearly indicate the separate purpose of use of biometric information

Key implementation requirements

Permission management specifications

Application for system permissions must meet the following requirements:

  • Camera, Location and other sensitive permissions must provide a one-time authorization option
  • It is prohibited to apply for irrelevant permissions in advance (such as applying for address book permissions when not using social functions)
  • An alternative solution should be provided after permission is denied (such as manual input instead of positioning)

Compliance guidelines for typical scenarios

Service type Necessary personal information Sensitive permission control
Online ride-hailing Departure point, arrival point, whereabouts Anonymize trajectory data immediately after the trip
Financial payment Name, ID number, bank card number Biometric information shall not be used as the only verification method

GB/T 41391-2022 Referenced Document

  • GB/T 25069 Information security techniques—Terminology
  • GB/T 35273-2020 Information security technology—Personal information security specification

GB/T 41391-2022 history

  • 2022 GB/T 41391-2022 Information security technology—Basic requirements for collecting personal information in mobile internet applications


Copyright ?2007-2025 ANTPEDIA, All Rights Reserved