TC260 published draft “Information security technology-personal information security specification”

On 4th February, TC260 (National information security standardization technical committee) published draft “Information security technology-personal information security specification” for public comments. The feedback deadline is the 3rd of March.

SESEC summarized the key points and changes as bellow:

  • The revision defines clearly the term of “personal information” and states that the products or services supplier/operator could not collect personal information compulsorily with any additional requirement against the users’ will;
  • The draft defines for the first time the term of “individual information display” which is based on personal information collection and analysis. The services supplier/operator should show distinctly marks of “individual information display” and cancel option;
  • Supplier/operator should inspect API (application programming interface) of the third parties to ensure proper personal information gathering.

https://www.tc260.org.cn/front/postDetail.html?id=20190201173320