The Compliance and Security Guideline of the TalkingData SDK

Last updated on: September 8, 2023

Introduction

In order to effectively regulate the rampant collection of personal information through coercive permission, excessive requests of permission or beyond the Approved scope by App, and to protect the security of personal information, the Secretary Bureau of the Cyberspace Administration of China, the General Office of the Ministry of Industry and Information Technology, the General Office of the Ministry of Public Security and the General Office of the State Administration for Market Regulation jointly issued the Announcement of Carrying out Special Campaigns against App Collecting and Using Personal Information in Violation of Laws and Regulations in January 2019. At the same time, the National Information Security Standardization Technical Committee, the China Consumers' Association, the Internet Society of China, and the Cybersecurity Association of China are authorized by the four departments to establish the Special Campaigns Working Group against App Collecting and Using Personal Information in Violation of Laws and Regulations, specifically promoting the evaluation of the collection and use of personal information in violation of laws andregulations by App.In March 2019, the Special Campaigns Working Group against App Collecting andUsing Personal Information in Violation of Laws and Regulations issued the "Self-assessment Guideline for the Collection and Use of Personal Information by App" to help App operators to conduct self-inspection and self-correction of their collection and use of personal information activities.In November 2019,the Secretary Bureau of the Cyberspace Administration of China, the General Office of the Ministry of Industry and Information Technology, the General Office of the Ministry of Public Security and the General Office of the State Administration for Market Regulation jointly released the Measures for the Determination of the Collection and Use of Personal Information by Apps in Violation of Laws and Regulations.These Measures clarify the Approaches to determine six main kinds of behavior of collecting and using of personal information by Apps inviolation of laws and regulations, provide reference for supervision and administration departments' determination of the collection and use of personal information by Apps in violation of laws and regulations,and the guidance for App operators' self-examination and self-correction.In December 2019, at the seminar on App personal information protection hosted by the Special Campaigns Working Group against App Collecting and Using Personal Information in Violation of Laws and Regulations, the relevant authorities expressed that they would put more efforts to their work, and strengthened the protection of personal information.In March 2020, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation jointly issued the "Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications", clarifying the basic functions and necessary scope of personal information for common types of Apps.In October 2020, the "GB/T 35273-2020 Information Security Technology - Personal Information Security Specification" was officially implemented, which detailed the compliance requirements for personal information collection, storage, use, sharing, and public disclosure.In September 2021, the "Data Security Law" was officially implemented, clarifying the obligation to protect data security at the legal level.In November 2021, the "Personal Information Protection Law" was officially implemented, which clearly stipulates the compliance requirements for the entire life cycle of personal information. "GB/T 39335-2020 Information security technology - Guidance for Personal Information Security Impact Assessment " specifies the implementation mechanism for the personal information security impact assessment proposed by the "Personal Information Protection Law"In November 2021, the Ministry of Industry and Information Technology issued the "Notice on Carrying out the Perception Enhancement Action of Information and Communication Services", requiring the establishment of "dual lists" for personal information protection. The list of collected personal information should concisely and clearly list the basic information of personal information collected by apps (including embedded SDKs), including the type of information, purpose of use, and use scenarios.In February 2023, the Ministry of Industry and Information Technology issued the "Notice on Further Enhancing the Capability of Mobile Internet Application Services", requiring App developers and operators to concentrate on displaying and timely updating the names, functions, and personal information processing rules of embedded SDKs.In May 2023, the "GB/T 42574-2023 Information Security Technology - Implementation Guidelines for Notices and Consent in Personal Information Processing" was officially released, detailing the implementation requirements for informing and obtaining consent. Appendix B specifically elaborates the effective methods for implementing informed consent in the scenario of Apps embedded with third-party SDKs.In conclusion, the collection and use of personal information by Apps (including third-party codes and plug-ins embedded in Apps) and the protection of the rights and interests of the personal information subject have become a major governance issue for relevant competent authorities, with increasingly intensified supervision and stricter supervision standards.To help App developers and operators (hereinafter referred to as "you") of the TalkingData SDK to implement the end-user personal information protection more effectively, avoid violating the provisions of the relevant laws and regulations, policies and standards due to the third-party SDK, and have a clearer understanding of the TalkingData data compliance and safety protection technology has been adopted,especially the Approaches and measures to protect the privacy of personal information, TalkingData introduced The Compliance and Security Guideline of the TalkingData SDK for your reference.This guidelineconsists of three main sections:1. Compliance requirements for personal information protection of App developers and operators2. Important compliance issues when using the TalkingData SDK services3. Data security protection capability of the TalkingDataIf you have any other questions,please contact the TalkingData.

1.Compliance requirements for personal information protection of App developers and operators

In this part, the interpretation of the compliance requirements for the protection of personal information of App developers and operators mainly aims at explaining the legal authorization for the collection and use of personal information and the important compliance requirements for the protection of personal fundamental rights and interests during the process of using the TalkingData SDK.

1.1 What supporting compliance documents should be needed for the end user when the App is launched?

At the least, you need to draft a separate personal information protection policy (privacy policy).Personal information protection policy is an important document that describes the current situation of the collection and use of personal information by App, obtains the legal authorization of users and protects the rights of personal information subjects. Its contents should comply with relevant national laws,regulations, policies and standards as well as your agreement with TalkingData. In particular:a) In accordance with the GB/T 35273-2020 Information Security Technology - Personal Information SecuritySpecification, the four Appendices of this document are also of important reference value for your understanding of personal information security requirements and personal information protection policy drafting:Appendix A: Examples of personal informationAppendix B: Identification of sensitive personal informationAppendix C: Methods to safeguard independent choice of personal information subjectAppendix D: Personal information protection policy template) The purpose, method and scope of your deployment of TalkingData SDK in the App to collect and use personal information shall be exposed to the end user clearly through your personal information protection policy, and the privacy protection standard provided shall not be lower than that of the TalkingData.

1.2 What contents of the third-party SDK should be disclosed in the personal information protection policy of the App?

You should specify to the end user regarding the purpose, method, and scope of the personal information collected and used by the third-party SDK you have embedded. In the personal information protection policy, you should also clearly inform that you have carefully selected TalkingData as a partner, and some functions required for App operation need to be realized through TalkingData SDK, so you and TalkingData jointly decide how to collect, use and process end users' personal information.TalkingData recommends that you refer to the terms stated in the data sharing and disclosure section of your personal information protection policy as follows:"For the purposes of data statistics and analysis, our products may integrate with the SDK of a third-party or other similar Applications, such as the 【TalkingData】SDK, and we need to share the purpose, method and scope of your relevant personal information, as shown specifically in the 【table】below. For the sake of your information security, we have signed a strict data security and non-disclosure agreement with the third-party SDK service providers. These companies will comply with our data privacy and security requirements strictly. To help you have a better understanding of the type and use of the collected data, and personal information protection methods of 【TalkingData】, you can log on tohttp://www.talkingdata.com/privacy.jsp?languagetype=zh_cnfor more information regarding 【TalkingData】 personal information protection policy. Meanwhile, we understand and respect your choice,if you don't want to participate in 【TalkingData】 big data calculation, you can also exercise your opt-outrights through http://www.talkingdata.com/optout.jsp?languagetype=zh_cn.You understand and agree that TalkingData has the right to de-identify and aggregate the collected data, and build the database to provide the data services.If the purpose, manner and scope of the personal information collected and used by the 【TalkingData】SDK changes, we will notify and remind the end user to read it in anAppropriate means."
The name of cooperative products The name of cooperative companies Cooperative Approaches The types and fields of the shared personal information The purpose and use The data processing means
TalkingData Application statistical analysis SDK Beijing Tendcloud Tianxia Technology Co., Ltd. Embedding TalkingData SDK Device information:【Android】Device brand, model, software version and other basic information and Application list information【IOS】Device brand, model,software version and other basic informationThe network information: WiFi connected by devices and base station informationThe location information: geographical location of devicesApplication information: Application package name, version number and other information of the App embedded the SDK Application statistical analysis;Cheating protection;Marketing and pushing information Data encryption technology is used to transfer data;The information is desensitized and displayed by the method of de-identification
TalkingData game operation analysis SDK Game operation analysis;Cheating protection;Marketing and pushing information
TalkingData mobile advertisements monitoring SDK Mobile advertisements monitoring;Cheating protection
It is recommended that you refer to this table and disclose to your users according to the type of service provided by the TalkingData SDK you actually choose. You should know and understand that some device information (device IMEI information, Mac address, hardware device number information), location information and network information need to be Applied for authorization through the App function page where you install the TalkingData SDK, and we will only collect it after obtaining the user's consent.
The name of authorizations The purpose of authorizations Related products
INTERNET Allowing the application to access the internet and send statistical data. App Analytics
Game Analytics
Ad Tracking
ACCESS_NETWORK_STATE Allowing the application to detect the network connectivity status and suspend data transmission during periods of abnormal network conditions.
READ_PHONE_STATE Allowing an Application to access information from a mobile device in a read-only manner to identify the user.
ACCESS_WIFI_STATE Obtaining the MAC address of the device to identify the user.
WRITE_EXTERNAL_STORAGE Storing device information, as well as logging.
ACCESS_FINE_LOCATION(optional) The location information of the device obtained by GPS can be used to correct the geographical distribution data of the user, making the report data more accurate, and providing anti-fraud functions.
ACCESS_COARSE_LOCATION(optional) Obtaining rough location information of the Application, and providing anti-fraud functions.
GET_TASKS (optional) Obtaining information on whether the current application is being actively used will allow for more accurate tracking of user activity levels.
RECEIVE_SMS Allowing an Application to receive system SMS broadcasts, and when SMS is automatically authenticated, SMS messages can be received. eAuth
READ_SMS Allowing an Application to read SMS records, and when SMS is automatically authenticated, SMS records can be read. eAuth
If you need to disclose data security capabilities of the TalkingData, see section 3.

1.3 The App personal information protection policy demonstration

You should comply with the requirements of relevant nation all aws, regulations, policies and standards to display the App personal information protection policy, including but not limited to: You should ensure that the personal information protection policy is independent and explicit. The personal information protection policy should be written separately and not as part of the end user agreement or other documents. When the App runs for the first time,it will remind the end user to read the collection and use rules of the personal information protection policy through pop-ups and other obvious means, and then initialize the SDK for information collection and processing.You should ensure that the personal information protection policy is readable and accessible. The personal information protection policy shall be drafted in clear, understandable, logical and common language. The simplified Chinese version also should be provided.After entering the main function interface of the App, the end user can access the personal information protection policy by clicking or sliding within 4 times.You should explain the purpose, method and scope of personal information collection and use to the end user clearly. Merely improving the quality of service, promoting user experience, pushing targeted information and developing new products cannot be the reason to force users to agree to collect their personal information.The personal information protection policy should be subject to the discretion of the end user to choose whether to agree or not, and should not be imposed by default or induced by deception.

1.4 What can end users do if they do not want their personal information to be processed?

The end user may demand any of us to respond to the request of exercising the personal information subject right. Once you receive any request from an end user regarding personal information processing by TalkingData SDK, please inform us within 24 hours and we can resolve it together.In order to facilitate the end user to exercise rights directly,you should inform the end user that they can exercise their opt-out rights through TalkingData terminal opt – out mechanism. If the end user exercises this right, their information will neither be collected or processed in any form, nor be subject to frequent user permission. TalkingData opt - out link ishttp://www.talkingdata.com/optout.jsp?languagetype=zh_cn. TalkingData strongly suggests that you embed this opt-out link in your personal information protection policy to make it more convenient for end users to exercise their opt-out rights.

1.5 Important explanations

In this section, the TalkingData's interpretation of the compliance requirements does not constitute the comprehensive and complete legal advice to developers in terms of their personal information protection legal obligations. We strongly recommend that you be fully aware of the personal information protection laws, regulations, policies, standards and enforcement inspection requirements that are available and may be issued in the future. Relevant information for your reference includes but not limited to:Personal Information Protection Law of the People's Republic of Chinahttp://www.legaldaily.com.cn/government/content/2021-08/23/content_8586559.htmData Security Law of the People's Republic of Chinahttp://www.xinhuanet.com/politics/2021-06/10/c_1127552048.htmCybersecurity Law of the People's Republic of Chinahttp://www.gov.cn/xinwen/2016-11/07/content_5129723.htmCivil Code of the People's Republic of Chinahttp://legal.people.com.cn/n1/2020/0602/c42510-31731656.htmlThe Provisions on the Scope of Necessary Personal Information Required for Common Types of Mobile Internet Appshttp://www.gov.cn/zhengce/zhengceku/2021-03/23/content_5595088.htmGuidelines for App Self-assessment of Collecting and Using Personal Information in Violation of Laws and Regulationshttps://www.mpaypass.com.cn/download/202007/25221310.htmlThe Measures for the Determination of the Collection and Use of Personal Information by Apps in Violation of Laws and Regulationshttp://www.cac.gov.cn/2019-12/27/c_1578986455686625.htmNotice of the Ministry of Industry and Information Technology on Launching the Action for Improvements to the Perception of Information and Communications Serviceshttps://www.gov.cn/zhengce/zhengceku/2021-11/06/content_5649420.htmNotice of the Ministry of Industry and Information Technology on Further Improving the Service Capability of Mobile Internet Appshttps://www.gov.cn/zhengce/zhengceku/2023-03/02/content_5744106.htmGB/T 35273-2020 Information Security Technology - Personal Information Security Specificationhttp://pip.tc260.org.cn/jbxt/privacy/detail/20200307123754442334GB/T 39335-2020 Information Security Technology - Guidance for Personal Information Security Impact Assessmenthttps://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=9EA84C0C3C2DBD3997B23F8E6C8ECA35GB/T 41391-2022 Information Security Technology - Basic Specification for Collecting Personal Information in Mobile Internet Applicationshttps://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=977D9EBB32ABF0A7DD6A1215969FE57AGB/T 42574-2023 Information Security Technology - Implementation Guidelines for Notices and Consent in Personal Information Processinghhttps://std.samr.gov.cn/gb/search/gbDetailed?id=FC816D04FFD262EBE05397BE0A0AD5FA

2. Important compliance issues when using the TalkingData SDK services

2.1 Self-examination compliance is needed before you use the TalkingData SDK service

Prior to downloading the TalkingData SDK, you should carefully read the SDK download compliance statement, and use this statement to conduct self-examination compliance concerning your personal information protection policy and the circumstance of personal information collected and used by your products. You should ensure that when the App runs for the first time,the end user is reminded to read your personal information protection policy in an obvious means and obtain the legal authorization of the end user. After that, the SDK is initialized for information collection and processing.According to the TalkingData personal information protection policy that you have read and agreed to, you should pay particular attention to obtaining authorization and consent of the end user in advance if you need to process personal information from the App end-user through TalkingData. The service provided by TalkingData is based on your commitment to:"(1) You have obtained sufficient and necessary authorization, consent and permission from the end user to allow us to use the App for the purposes necessary for the performance of the service (if your App is designed and developed for children under the age of 14, you should have taken the necessary technical measures to guarantee that you have acquired the authorization, consent and permission of their guardian);(2) You have obtained sufficient and necessary authorization, consent and permission from the end user to allow us to use the collected data to conduct anonymous, polymerized processing (if your App is designed and developed for children under the age of14, you should have taken the necessary technical measures to ensure that you have acquired the authorization,consent and permission of their guardian).(3) You have complied with and will continue to abide by Applicable laws, regulations and regulatory requirements, including but not limited to the formulation and publication of policies related to the protection of personal information and privacy;(4) You have disclosed and explained to the end user that you allow us to de-identify and aggregate the collected data, and build TalkingData database to provide data services. However, you should also provide the end user with a choice mechanism that is easy to operate, and explain how and when the end user can exercise their option, and specify how and when to modify or withdraw their choice, making the end-user can choose to agree or disagree with collecting and using the de-identifying data of their personal information for commercial purposes."

2.2 The TalkingData examines your compliance

As a service provider, TalkingData has defined the security responsibilities and obligations of each party in the service agreement, personal information protection policy and data security and personal information protection commitment entered into with you. In TalkingData's personal information protection policy,it has specified the scope and purpose of collecting the end user's information. It is required that you should explain data sources to TalkingData and guarantee that these sources are legitimate. Moreover, you must inform the end user of the content, purpose, and necessity of the collected data, and obtain the end user's authorization accordingly.In order to ensure that you achieve the effective end user authorization, and the TalkingData obtains the end user's personal information is legitimate, prior to both parties enter into a cooperation agreement, TalkingData will carry out a data compliance due diligence for risk assessment, and examine relevant documents, such as evidence or documents provided by you concerning legitimate sources of personal information you intend to share, and the customer agreement/terms of service as well as personal information protection policy released on the official website to inspect the consent authorization and notification mechanism. In case of non-compliance, TalkingData will require you to add or amend the content and/or notification mechanism of the customer agreement/terms of service and personal information protection policy.

3. Data security protection capability of the TalkingData

TalkingData not only focuses on the accumulation of technical practices and the improvement of product services, but also protects personal information and public data actively, and abides by national laws, regulations, policies and standards strictly.

3.1 Data security measures of the TalkingData

TalkingData attaches critical importance to the protection of personal information and has adopted different measures to ensure the security of personal information at different stages of the data life cycle.1) Data collection securityTalkingData clarifies and identifies the purpose and usage of collecting data in the process of data acquisition to meet the requirements of the legality, reality, validity of data sources, and different data protection principles, such as data minimization principle. Furthermore, TalkingData establishes the internal data classification and grading system as well as data quality management standard system to specify data collection procedure and define data format, so as to guarantee the legitimacy and consistency of data collection.2)Data transmission securityPrior to transmission, TalkingData will set different data security levels for different kinds of data, so as to adopt different encryption methods,such as MD5, key encryption. HTTPS is used in data transfer to guarantee the encryption security of the transmission channel. Data transmission messages are encrypted by the encryption algorithm RC4, which conforms to the national requirements. Meanwhile, keys of encryption algorithm are managed dynamically to prevent them from being lost or broken. According to the requirement of data transfer within and outside the company, the TalkingData adopts Appropriate encryption measures to ensure the security of transmission channels, nodes and data, preventing data leakage during the process of transmission.3)Data storage securityTalkingData adopts different security storage mechanisms according to different data encryption levels, such as cleartext storage for data with low importance, and encryption storage for data with high importance, and carries out integrity detection for core data regularly to ensure that data will not be damaged or lost in the data storage stage. Moreover, TalkingData will use a partitioned storage strategy based on the value or sensitivity of different data. For example, raw data and desensitized data will be stored indifferent clusters, while high-value data will be stored in a separate cluster. In addition, the company can prevent artificial data leakage by controlling data access rights strictly, Applying for permission in conformity to business needs, and keeping data access audit logs to trace operation records.4)Data processing securityAfter personal data enters the TalkingData statistical platform, TalkingData will conduct data desensitization processing in strict accordance with the requirements of laws and regulations and business needs. The anonymous TDID is used as the primary key of entity identification to associate with business data, and the specific ID that can directly identify the entity is removed to ensure the balance between data availability and security. In addition, the company will control the right of processing strictly in the process of data analysis and processing. Data processers need to pass Kerberos authentication before data processing, so they can proceed with subsequent data operations. Meanwhile, TalkingData adopts multi-tenancy management system, assigns different functional accounts based on various business Applications, grants fine-grained access authorization to prevent unauthorized access, and establishes a security protection mechanism for data processing.5)Data collaboration securityBefore exchanging data, TalkingData conducts multidimensional security assessments on its partners' qualifications, usage behavior, and other factors to determine whether to collaborate. TalkingData uses security measures such as the TalkingData Safety Island when conducting data business with partners to control data security risks, with logging to mitigate security risks in data collaboration.6)Data destruction securityTalkingData formulates different data storage cycle policies and data aging policies for various types of business data, and migrates and cleans up data that does not conform to the storage policies regularly, so as to destroy data effectively and prevent data leakage caused by the recovery of important data of stored media. Furthermore, the TalkingData arranges employees to physically destroy the storage media periodically, and establishes effective data destruction procedures and technical measures to prevent the risk of data leakage.

3.2 Data security protection mechanism of the TalkingData

TalkingData establishes information security protection mechanism from different dimensions to guarantee data security of data subjects, and perfects internal management compliance system according to the constant policy change of laws and regulations.1)Organization and managementTalkingData has established an information security committee, which is responsible for organizing information security-related meetings and communications, coordinating the processing of information security-related issues and the decision-making of data security construction in the life cycle, and actively communicating and cooperating with other relevant organizations. TalkingData requires all employees to sign a data security confidentiality agreement and receive information security training before starting work. At the same time, TalkingData will control access to third parties and outsourcing services strictly through risk assessment, analyze security impact and develop corresponding measures.2)Network and information asset managementTalkingData establishes the network and information asset list and asset liability system. On the grounds of the sensitivity and importance of network and information assets, TalkingData classifies them and takes corresponding management measures, and requires each asset to be managed by the designated employee who has the corresponding security management authority and assumes corresponding security responsibilities.3)Physical and environmental securityCritical or sensitive network and information processing facilities forTalkingData are placed in safe areas protected by designated security boundaries. For various security areas, different levels of security protection and access control measures should be adopted to prevent illegal access and interference.4)Operation and maintenance securityTalkingData establishes management system and operational procedure for network and information processing, and separates responsibilities as much as possible. TalkingData increases the awareness of prevention constantly, takes effective measures to prevent and control malicious software, establishes a strict software management system,downloads security patches timely, assesses system security vulnerability regularly. What is more, TalkingData also formulates the management system and disposal procedure of information storage media, especially strengthens the management of removable storage media and system documents, and makes corresponding procedures and standards to protect the security of information and media in the process of transmission.5)Access controlOn the basis of business and security needs, TalkingData establishes access control policies to achieve the principle of authorization minimization, clarifies users'responsibilities, strengthens the management of the user access control, sets Appropriate interfaces at the company's network boundaries, and adopts effective user and device authentication mechanisms to control user access and isolate sensitive information. Accessing to and using the system should also be monitored and incidents logs should be recorded and examined.6)Development and maintenanceThe development of TalkingData system, including network infrastructure, must follow the system security lifecycle management procedure strictly. Security needs should be identified before new systems are developed. In the process of designing, TalkingData adopts Appropriate control measures, audit trail records, and activity logs,including the verification of input data, internal processing and output data. In the process of system development and maintenance, it is necessary to implement system development management process strictly, including changing the control of development, testing and production environment, so as to ensure the security of system hardware, software and data.7)Security incidents response and security auditTalkingData establishes personal information safety incident emergency response mechanism, and organize emergency response training and emergency drills for the staff on a regular basis, makes sure that the network and information system design, operation, usage and management must comply with national laws, policies and regulations concerning security requirements., and inspects the network and information system security, as well as the implementation of the security policy and the technical specifications regularly.

3.3 Data security protection capability certification of the TalkingData

TalkingData has acquired a number of certifications to improve data compliance capability. The details are as follows:(1) The third level of cybersecurity classified protection system:>(2) Privacy information management system certification ISO/IEC 27701:2019;(3) Information security management system certification ISO/IEC 27001:2013;(4) Quality management system certification ISO 9001:2015;(5) Information technology service management system certification ISO/IEC 20000-1:2018;(6) The EAL1 level of SDK security certification issued by the China Information Technology Security Evaluation Center;(7) The data platform security certification by excellent security surpass trusted program;(8) The China Academy of Information and Communications Technology SDK security special assessment;(9) The certificate of Data flow platform security capability assessment;(10) One star rating for social responsibility in data security and personal information protection.In addition, TalkingData has also led and participated in many data compliance projects organized by regulatory authorities, and is a member of many working groups related to data security and personal information protection. The details are as follows:(1) The company of launching the Information Security Technology Personal Information Security Specification pilot program;(2) The company of launching the Information Security Technology Data Security Maturity Model pilot program;(3) The company of launching the Information Security Technology Personal Information Security Impact Assessment pilot program;(4) The National Information Security Standardization Technical Committee?The member of the TC260 big data security standard specific working group; (5) The member of privacy computing alliance group of the China Academy of Information and Communications Technology;(6) The member of the excellent security surpass trusted program of the China Academy of Information and Communications Technology;(7)The member of data security working Committee of the China Cybersecurity Industry Alliance;(8) The first group of members of the promotion of personal information protection compliance and audit team;(9) One of the first group of members of the Data Security Community (DSC) Program of the China Academy of Information and Communications Technology;(10) One of the first group of participating companies in the Green SDK industry ecological co-construction initiative. TalkingData has participated in the drafting of standards, guidelines, white papers, and reports related to data security and personal information protection, as follows: (1)Information Security Technology - Guidance for Personal Information Security Impact Assessment; (2)Information Security Technology - Requirements of Privacy Policy of Internet Platforms, Products and Services;(3)Information Security Technology - Security Requirements for Automated Decision Making Based on Personal Information;(4)Information Security Technology - Security Capability Requirements for Big Data Services;(5)Social Responsibility Evaluation Indicators for Enterprise Data Security and Personal Information Protection;(6)Information Security Technology - Security Requirements for Mobile Internet Applications (App) Software Development Kits (SDK);(7)Security Technical Requirements and Test Methods of Mobile Application SDK;(8)White Paper on SDK Security and Compliance;(9)Compliance Guidelines for Privacy Computing Technology Applications (2022);(10)Implementation Reference for the Data Security Law (First Edition);(11)The reference Casebook for Fulfilling Data Security Protection Obligations;(12)mplementation Guidelines for Subsequent Disposal Measures of "Health Code" Data Deletion.If you have any other problems, please contact TalkingData.