Members of a syndicate that buys mainland Chinese schoolchildren’s personal information and sells the data to online education centres have been arrested by police in eastern Jiangsu province, as the country with the world’s largest Internet population continues to grapple with privacy concerns.
The personal data – including the children’s age, gender, city of residence, their parents’ information and phone numbers – were sold by an unnamed local company for as low as 0.06 yuan, equivalent to less than US$0.01, according to a statement last week from Jiangsu’s Xuzhou City police.
The unnamed online education centres use the data they acquire to send spam calls to the children’s parents. The syndicate receives a commission for every successful sign-up. Typically, Chinese K-12 pupils – referring to those in kindergarten to 12th grade – take extracurricular tutoring on top of their studies on campus to perform well in examinations.
Their operations were initially uncovered by police in January, following the arrest of several suspects connected to a company with more than 20 employees dealing in the illegal trade. Two of the company’s bosses are now in custody, state broadcaster China Central Television reported on Tuesday.
Online leaks of personal information remain a common problem in mainland China, where lax controls over the collection, storage and use of individual digital data persist. Authorities have regularly launched crackdowns in response to consumer demand for better protection.
In October 2019, the Cyberspace Administration of China rolled out the Provisions on Cyber Protection of Personal Information of Children. This regulation raised the level of protection required for the collection, storage, use, transfer and disclosure of children’s personal information in the country.
Concerns have risen, however, over leaks of facial recognition data amid the broad use of the technology across China in recent years, including in government and private surveillance systems as well as commercial apps. In January last year, GDI Foundation security researcher Victor Gevers found a middle school database in China full of photos of students’ faces, identification and student numbers, and Global Positioning System locations.
Beijing has stepped up to curb unauthorised personal information collection, imposing penalties on widely used apps that violated data privacy. On Tuesday, the Ministry of Industry and Information Technology said it has examined more than 730,000 apps over the past two years to clamp down on infringement of user rights.
The ministry along with three other major government agencies also launched a campaign to investigate how apps collect and use personal data, with a focus on improving industry standards for protecting private information.
Those moves are part of the government’s “Digital China” initiative presented during the country’s biggest annual political gathering known as the “two sessions”, which ended last week. The initiative includes a new piece of legislation aimed at preventing private data leaks and abuses, the Personal Information Protection Law (PIPL), proposing fines of up to 50mil yuan (RM31.59mil), or 5% of a company’s annual revenue, for such offences.
“China’s draft PIPL will definitely help stem personal information leak and breaches,” Wang Xinrui, a lawyer at Beijing-based law firm Anli Partners, said in a previous interview. – South China Morning Post