China Daily Brief
China Daily Brief
TechnologySource: NeTe

Beijing Issues 15-Day Ultimatum to 30 Apps in Sweeping Data Privacy Enforcement

China's Cyberspace Administration has ordered 30 apps to rectify privacy violations within 15 days, targeting issues such as excessive data collection and the absence of account deletion features. This joint enforcement action by three ministries marks a significant escalation in the practical application of China's Personal Information Protection Law.

White letter tiles spelling 'PRIVATE' on a red background, offering conceptual minimalist design.

Key Takeaways

  • 1The CAC, MIIT, and Ministry of Public Security have jointly targeted 30 apps for violating personal data protection rules.
  • 2Major violations include failing to disclose data rules, requesting excessive permissions, and providing no way for users to delete accounts.
  • 3Prominent entities like CTG Travel were cited for inadequate disclosure regarding third-party SDK data usage.
  • 4App operators have exactly 15 working days to complete rectifications before facing potential legal and administrative penalties.

Editor's
Desk

Strategic Analysis

This enforcement sweep demonstrates the maturity of China's data governance regime. While 2021 was defined by the passage of the landmark Personal Information Protection Law (PIPL), 2026 is becoming the year of strict technical audits. By including state-linked players like CTG Travel alongside niche education and financial apps, regulators are sending a clear message: no entity is exempt from the 'minimum necessary' principle of data collection. The focus on SDK transparency is particularly noteworthy, as it addresses a common loophole where apps offload data processing to third parties to evade direct scrutiny. For global tech companies operating in China, this signifies that compliance is no longer a matter of 'privacy policy' text, but a requirement for deep-level technical architecture that respects user sovereignty over their data.

China Daily Brief Editorial
Strategic Insight
China Daily Brief

China’s top internet regulator has signaled a new phase of regulatory rigor in the country’s digital economy, naming and shaming 30 mobile applications and mini-programs for persistent violations of personal information protection laws. The Cyberspace Administration of China (CAC), acting in concert with the Ministry of Industry and Information Technology and the Ministry of Public Security, issued a formal notice targeting a diverse range of services, from education and finance to travel and e-commerce.

The enforcement action, part of a broader 2026 initiative to safeguard digital privacy, highlights four specific categories of non-compliance. Seven apps, including Ruixin Education and Quxueche, were cited for failing to disclose any rules regarding data collection. Another group, led by Lanmao Yunshang and Daxiang Youpin, was reprimanded for demanding excessive permissions that were not necessary for their core functions. This move underscores Beijing's intent to curb the 'wild growth' of data harvesting that has characterized much of China's app ecosystem for over a decade.

Perhaps most significant for international observers is the focus on SDK transparency and the 'right to be forgotten.' Five apps, including the major state-affiliated CTG Travel (Zhonglü Luxing), were found to have inaccurately listed how third-party software development kits (SDKs) process user data. Furthermore, 14 apps—nearly half of the list—failed to provide functional account deletion features, a direct violation of the Personal Information Protection Law (PIPL) which mandates that users have control over their digital footprint.

Operators of the blacklisted applications have been granted a narrow 15-day window to implement rectifications and report back to the CAC. Failure to comply is expected to trigger more severe penalties, including potential removal from app stores or heavy administrative fines. This latest crackdown serves as a stark reminder that Beijing’s regulatory regime is shifting from high-level legislative drafting to granular, technical enforcement, ensuring that the legal framework established by the PIPL and the Data Security Law is strictly upheld in the marketplace.

Related Tags

#CAC#PIPL#Data Privacy#China Tech Regulation#Mobile Apps#Cybersecurity

Share Article

Related Articles

📰
No related articles found