Recently the Secretariat of the National Information Security Standardization Technical Committee ("NISSTC") released the Information Security Technology: Personal Information Security Specifications (Draft) (the "Draft") for public consultation. The Draft clearly bans the forced collection of personal information and entitles users to refuse personalized information push.

   Draft states that when a product or service provides multiple business functions that require the collection of personal information, the personal information controller may not force the personal information subject to accept the business functions provided by the product or service and the corresponding request for the collection of personal information against the will of the personal information subject. 

   Draft specifies that The period that personal information can be stored shall be limited to the shortest time needed to realize the purposes of use authorized by the personal information subject, unless otherwise specified by laws and regulations or agreed by the personal information subject; after the period that the personal information can be stored has expired, the personal information shall be deleted or anonymized. If a personal information controller suspends operation in regard to its products or services, it shall a) promptly stop activities that will continue to collect personal information; b)    serve a notice of suspended operation on each personal information subject or publicly release an announcement for this purpose; and c) delete or anonymize the personal information it holds.

(Source: www.Chinanews.com)