China's cyberspace regulator has released draft guidelines governing how companies collect personal information online, opening public consultation as authorities seek to curb data misuse while balancing technological innovation.
The Cyberspace Administration of China (CAC) has published draft regulations outlining stricter requirements for how companies collect and process personal information online. The guidelines, now open for public consultation until February 25, 2026, represent Beijing's latest effort to address growing privacy concerns while maintaining regulatory oversight of the country's tech sector.
The proposed rules specifically target 'online platforms, app operators, and other entities' engaged in personal information processing. Key provisions include mandatory impact assessments before launching new data collection features, explicit disclosure of collection purposes before gathering user data, and strict limitations on bundling non-essential permissions with core services. Companies would also be required to establish mechanisms for users to conveniently withdraw consent.
This regulatory push comes amid heightened scrutiny of data practices following multiple high-profile breaches, including a recent Instagram incident exposing 17.5 million users' information. Chinese authorities have increasingly emphasized data governance since implementing the Personal Information Protection Law (PIPL) in 2021, with regulators imposing substantial fines on tech giants like Alibaba and Didi for violations.
The draft guidelines notably differentiate between 'basic' and 'extended' functionality permissions - a framework that could force companies to redesign how they request access to sensitive data like location, contacts, and biometric information. For developers, this signals potential compliance challenges but also creates opportunities for privacy-focused solutions. Industry analysts suggest the rules could accelerate adoption of privacy-enhancing technologies like federated learning and differential privacy.
While foreign businesses express concerns about compliance complexity, the regulations appear to exempt small-scale processors handling minimal data volumes. The CAC emphasized the rules aim to 'protect citizens' rights while promoting healthy industry development' - reflecting Beijing's ongoing effort to balance innovation control with consumer protection. Public feedback will inform final regulations expected by mid-2026.
Official Draft Guidelines (Chinese)
Comments
Please log in or register to join the discussion