China Personal Data Protection Gathering Pace

China Personal Data Protection Gathering Pace

Since China’s Personal Information Security Specifications (PISS) took effect in May 2018, China has moved fast in raising the general awareness of personal data privacy.

At this year 3.15 consumer rights protection program, widely watched by millions of Chinese, one of the vendors exposed for blatant violations on consumer rights was an app called  “社保掌上通” (social security pocket app). The app lets users enquire and manage their social security accounts. It also sells financial and other products such as credit cards, job search, hotels booking.

In the program, when the host logged-in to enquire about the social security information, his personal data was simultaneously sent to a 3rd party big data processing company without the user being aware. Worse was its user agreement which states “….you hereby fully, effectively and irrevocably expressly agree and authorize us to use your social security account password to provide you with social security enquiry services……”

Then on 30 Aug, a mobile app called Zao (造 which means “Make” in Chinese), takes creating fake news to a new level (“deepfake” – https://www.youtube.com/watch?v=LNVY51r63Ac ). The app allows users to transpose their faces onto the actors in movies and went viral instantly in China.

But there was a backlash when users found out that its terms and conditions required users to grant it and other users the right to “irrevocably” use their photos. The Ministry of Industry and Information Technology quickly demanded that the company to abide by the laws on collections of personal information. The app’s quick rise and fall sparked heated discussion nationwide about personal information protection.

Demand for better personal data protection is gaining momentum in China. And the Chinese government is responding.

Watch this space as we bring you more updates on data protection trend and regulations in China.

Because when China moves, she moves fast.

(terms: China, Data Protection, PISS, PDPA, GDPR)