For Chinese people, the year 2018-19 could be considered as the time for ‘wake up’ to privacy. After Zao apps controversy, Chinese users recently challenged another internet giant, Alibaba. Alibaba’s financial arm, Ant Financial has launched Zhima (Sesame) Credit which is an online credit scoring service that offers loans based on users’ digital activities, transaction records, and social media presence. The users found that they had been enrolled in the credit scoring system without their consent. This made Alibaba apologize under pressure.
Chinese users are becoming increasingly vocal about their privacy in front of internet giants. Reportedly, the Cyberspace Administration of China (CAC), the highest administrative internet regulator, issued the Data Protection Regulatory Guideline in June 2019. It illustrates specific rules regarding the dos and don’ts for internet companies in terms of collection and usage of customer data. This has effectively set up personal data protection standards in China. Even for its market, the regulation provides a reference for the future direction of the national law.
For example, the guidelines from the Cyberspace Administration of China especially focuses on how users can get more control of their data in mobile apps. The following situations have been set up by the institution that involves the illegal or excessive collection of user information by mobile apps:
- No publicly available user data rules;
- No explicit statement of the purpose, method or scope of collecting user information;
- Information collection without consent;
- Collecting personal information unrelated to the service provided;
- Failure to delete or correct personal information as required by law;
- Bundling the main service with extended functions to force the user to provide personal data for all services.
Also, the CAC along with the Ministry of Public Security, the Ministry of Industry and Information Technology and the State Administration for Market Regulation, has launched a national campaign to inspect smartphone apps in order to determine if they illegally or excessively collect users’ information or not.
After the CAC’s guidelines released, by July 2019, a group of widely used apps had been ordered to correct their data collection practices. Around 10 apps, including from the Bank of China, were discovered to have no user privacy rules. Also, nearly 40 apps, including those from many online financial platforms, were flagged for “serious issues” in their data collection.
China has the largest mobile internet user market and data economy and its individual data rights framework has significant global implications. Such frameworks may stimulate the US as it still doesn’t have any national-level position on data protection, to expedite relevant legal measures.
For major emerging economies such as India, Brazil and the ASEAN countries it can work as a reference point as these regions are looking forward to regulating cyberspace activities and emerging technologies.
Amid all the cybercrimes and data insecurity, it is interesting to see some real action on the emergence of individual data protection which may lead to global dialogue and the formation of a global practice on this critical issue. It will further help in avoiding a potentially suffering global legal landscape.