China’s internet regulator announced Tuesday that it is soliciting public opinion on a possible new data security policy. The draft regulation focuses on the misuse of user data collected by mobile apps, a rising concern among the Chinese public.
The five-chapter regulation authored by the Cyberspace Administration of China said network operators behind various websites and apps can’t force or mislead users into agreeing to turning over their personal information. Apps shouldn’t be able to justify privacy infringement by arguing that collecting more data helps them to improve targeted advertising or the user experience, the document said.
Notably, app operators would no longer be allowed to refuse to provide their core services even to users who reject all permission requests that aren’t essential to the app’s main function.
The first time a mobile user opens a newly installed app, they’ll likely receive a push notification requesting access to personal data such as location, photos, contacts, messages, calendar, and more. Many apps leave those who hope to use them with no choice but to agree to these terms. In recent years, such excessive and unnecessary collection of user data has led to rampant online fraud, sparking concerns among Chinese authorities and the general public.
In November 2018, China’s consumer rights association released a report saying that 91 out of 100 apps it examined — including the ubiquitous social platforms WeChat and Weibo — were over-collecting data. Many users have also wondered whether apps like search engine Baidu and e-commerce platform Taobao are monitoring their daily conversations since such apps, users claim, sometimes seem to customize their recommended content based on recent chats. Far from being unique to Chinese consumers, however, the collection and use of personal data is increasingly becoming a global issue.
China has yet to introduce a specific law regarding personal data protection, though it’s on legislators’ agendas, and various government authorities have passed their own policies for tackling the issue. A detailed specification came into effect a year ago that outlined how data should be collected and used, as well as the extent of internet companies’ responsibilities. And in April, the Ministry of Public Security released a guideline for such companies on how to protect user privacy.
Zuo Xiaodong, an adviser on internet policy, said in an interview with the Southern Metropolis Daily newspaper that the new draft regulation, if passed, would have more teeth and stronger administrative power over network operators than previous policies. Apart from restricting how data can be collected, the draft would also require internet companies to inform users of who is in charge of data security — and to provide that staff member’s contact information.
“The main aim of this provision is to give users a streamlined channel for complaints and to avoid buck-passing among different departments,” said Zuo.
However, the draft regulation doesn’t specify punishments for violators, with just one line to say they can face public exposure, fines, suspensions, shutdowns, or criminal charges. In contrast, the European Union’s General Data Protection Regulation — widely considered the world’s toughest law on privacy — stipulates that internet companies can be fined up to 20 million euros or 4% of their global annual turnover, whichever is greater.
The Chinese public has until June 28 to give feedback on the draft regulation, which policymakers will consider in deciding whether to make the document official.
Editor: David Paulk.
(Header image: Traffic_analyzer/Getty Creative/VCG)