On 4th February, TC260 (National information security standardization technical committee) published draft “Information security technology-personal information security specification” for public comments. The feedback deadline is the 3rd of March.
SESEC summarized the key points and changes as bellow:
- The revision defines clearly the term of “personal information” and states that the products or services supplier/operator could not collect personal information compulsorily with any additional requirement against the users’ will;
- The draft defines for the first time the term of “individual information display” which is based on personal information collection and analysis. The services supplier/operator should show distinctly marks of “individual information display” and cancel option;
- Supplier/operator should inspect API (application programming interface) of the third parties to ensure proper personal information gathering.