News

Recently, the Ministry of Industry and Information Technology (MIIT) issued a notice identifying 20 smart terminal products that infringe upon user rights, encompassing categories such as smart speakers, smart door locks, and learning terminals. Whereas previous regulatory actions primarily targeted non-compliant applications (apps), this initiative expands to encompass comprehensive measures against entire smart terminal product lines. Analysts suggest this underscores the imperative to strengthen personal information protection and establish robust security defences during the evolution of smart terminals. Fortifying the security defences of smart terminals is not only the cornerstone for steady progress in the digital era, but also a requirement for safeguarding individual rights, fostering healthy industry development, and defending national information security. Accordingly, Mr Zhao Zhanling, a special researcher at the Intellectual Property Research Centre of China University of Political Science and Law and partner at JAVY Law Firm, provided an in-depth interpretation of issues related to user rights infringements by certain smart terminals in an interview with Xinhua News Agency.

1. Personal Information Security Concerns Warrant Vigilance

Forced permission requests, excessive data collection, unauthorised sharing of personal information... These violations in collecting and using personal data represent typical manifestations of user rights infringements by certain smart devices or applications.

Taking the recent MIIT notification as an example, the issues exposed across 20 products exhibit high convergence, with commonalities manifesting in three areas: failure to provide personal information processing rules, excessive collection of non-essential personal data, and unauthorised transmission of personal information to cloud platforms.

On platforms like Black Cat Complaints and social media, journalists have observed similar user grievances: certain smartphone and smart speaker brands utilise user conversations for targeted advertising. Other users report their smart televisions excessively gathering viewing habits and internet browsing history, with some even secretly recording audio. Concerns have also been raised that facial recognition data registered with smart door lock manufacturers is uploaded to cloud servers for processing and verification, creating vulnerabilities for potential hacking.

The unauthorised collection and use of personal information represents only part of the security challenges facing certain smart devices. Enhanced by large-scale models and intelligent agent technologies, smart speakers, cameras and other devices have seen significant improvements in their intelligence. Yet precisely because they are deeply integrated into daily life, the security risks they harbour become more complex.

This year, the nation launched the ‘AI Plus’ initiative, advocating vigorous development of next-generation smart terminals including AI-enabled mobile phones, computers, and wearable devices. Against this backdrop, fortifying the security foundation of smart terminals has become particularly crucial.

2. Where Do Security Issues Originate?

Regarding compliance management for smart terminals, China has established a governance framework characterised by ‘legislation to follow, standards to adhere to, and regulatory oversight as a safety net’ across legal, standardisation, and supervisory dimensions.

Attorney Zhao Zhanling notes, ‘Legally, the Personal Information Protection Law and Cybersecurity Law establish fundamental rules for personal information processing, requiring explicit and legitimate purposes alongside individual consent. Additionally, departmental regulations such as the “Provisions on the Protection of Personal Information of Telecommunications and Internet Users” provide detailed implementation guidelines.’

Attorney Zhao further states that at the policy enforcement level, relevant ministries have jointly conducted annual special campaigns on personal information protection for several consecutive years, establishing a routine regulatory mechanism. For instance, the 2025 campaign announcement explicitly prioritises addressing unlawful collection and use of personal information in apps, SDKs, smart terminals, and offline consumption scenarios. The MIIT's regular ‘Notifications on Apps (SDKs) Violating User Rights’ constitute the concrete implementation of these legal and policy requirements.

3. How can user rights be better safeguarded?

Enhancing the security and privacy protection of smart terminals particularly requires joint participation and collaborative efforts from both enterprises and users.

For enterprises, beyond fulfilling notification obligations, establishing a robust compliance framework is paramount. A mobile security solutions provider advocates that smart device manufacturers should integrate the concept of ‘privacy by design’ throughout the entire R&D process, establishing sound mechanisms for data classification and grading, permission control, and encrypted transmission to effectively shoulder primary responsibility for personal information protection.

Furthermore, manufacturers can enhance user privacy protection by addressing the devices themselves, employing ‘technology to manage technology’.

The security of smart terminals requires collective safeguarding by multiple security entities across all links in the chain. This entails strengthening technical constraints, refining collaborative governance systems, and promoting industry self-regulation to help consumers identify potential security risks. Only through concerted efforts can we ensure the sustained and healthy development of the digital intelligence era.