This article originally appeared on ABACUS Facial recognition controversies in 2019 -- including data leaks and the viral deepfake app Zao -- have resulted in more scrutiny of the technology and data collection in China. Now the country is now introducing new measures for apps that collect biometric data. Last week, the country updated guidelines on collecting biometric data and consent requirements. The Personal Information Security Specification that went into effect in 2018 is China’s answer to Europe’s GDPR . Newest updates to the law that take effect on October 1 stipulate that users need to give active consent for the collection of biometric data, either through a pop-up window, a prompt or other means. Service providers also have to inform users about the purpose, method, and scope of collection, along with offering other information. The update also recommends companies store biometric information separately from personally identifiable information and offers several clarifications on handling data, including access by third parties. Chinese app makers have been heavily criticized by both users and the government for over-collecting data. Research from Comparitech in December showed that China is the worst in nearly every way at protecting biometric data. China had its first facial recognition lawsuit in November when law professor Guo Bing sued a wildlife park for introducing the technology without consent. Purchase the China AI Report 2020 brought to you by SCMP Research and enjoy a 20% discount (original price US$400). This 60-page all new intelligence report gives you first-hand insights and analysis into the latest industry developments and intelligence about China AI. Get exclusive access to our webinars for continuous learning, and interact with China AI executives in live Q&A. Offer valid until 31 March 2020.