Citing Privacy, Wuxi Deletes 1 Billion Pieces of COVID-19 Data
Amid growing calls to plug data breaches and protect privacy, the city of Wuxi in the eastern Jiangsu province has announced that it will delete and destroy all personal data collected during the time that COVID-19 protocols were in place.
The move comes weeks after the southern Guangzhou province announced similar measures in the wake of China scrapping all COVID-19 restrictions last December.
Wuxi’s big data center said Thursday that it had deleted “one billion” pieces of personal information, mainly used for the purposes of testing people and tracking their movement.
The city has also shut down 40 apps related to COVID-19 containment measures, including a health code used to monitor residents’ travel history across public venues.
“The deletion of such data is in line with existing laws and safeguards the personal privacy of citizens against possible theft and misuse in the digital era,” stated a government notice, adding it reflected a “people-centered” philosophy for governing data.
The storage and transferring of all data related to COVID-19 will be strictly prohibited and the data management mechanism will be strengthened to ensure such data won’t be restored further down the line, added the notice.
Over the past three years, China established and deployed a wide set of digital programs, including color-coded health apps, which collected vast amounts of data. They were aimed at containing the spread of infections through mass testing, lockdowns, and travel restrictions.
Based on a 2020 protocol, the health apps were allowed to collect a wide range of personal information, including ID and phone numbers, addresses, travel history, and virus testing and vaccination statuses, among others.
After COVID-19 restrictions were scrapped last December, the massive data that was gathered triggered public debate over its potential privacy and security risks, which were heightened after reports emerged of the data being used for non-COVID-related issues.
Last June, a group of depositors were stopped from entering Zhengzhou, the capital of the central Henan province. While on their way to withdraw money from indebted banks, their health codes turned red, a label mostly reserved for potential COVID-19 carriers or those infected with the virus.
Most recently, Qi Xiangdong, a member of the Chinese People’s Political Consultative Conference, the country’s top advisory body, proposed either deleting all COVID-19-related data or making it anonymous.
“With the shift from urgent management to regular management for COVID-19 prevention, health apps no longer have any legitimacy,” Zhao Hong, a law professor at the China University of Political Science and Law, told state-run People’s Daily.
Zhao cited the personal information protection law, which recommended “active deletion” after the goal of processing had been achieved and is no longer necessary.
“Given that the so-called desensitization process cannot yet completely eliminate the risk of privacy exposure and the misuse of personal information, the complete deletion and centralized destruction are still the most prudent ways to handle the situation,” Zhao said. “Operators should seek permission again for other uses of the data.”
(Header image: VCG)