To build a ‘Digital China’, the country must first deal with its rampant black market for personal information

Underground trading of personal information has become a professional and industrialised value chain in China. The central government is seeking to establish a data governance regime, highlighting the responsibility of online platforms to protect user data. — SCMP

When Sharon Liu, a finance professional in the eastern Chinese city of Tianjin, bought a flat through an online brokerage platform late last year, she never agreed to give strangers her personal information. Now, up to three times a day, she receives calls from people she has never met who know her full name and home address.

“They’re seriously disturbing my work and personal life,” said Liu, who answers them for fear of missing important calls. “Given that they know my address and my phone number, I don’t feel safe,” she told the Post.

Liu is not alone. From job seeking sites with lax privacy controls to company insiders actively abetting personal data theft, China is still grappling with data privacy concerns as underground trading of personal information thrives amid Beijing’s push to have the digital sector play a bigger role in China’s domestic economy.

Without a law dedicated to protecting personal information, and the lack of clear guidelines, China’s enforcement agencies have struggled to keep up with an increasingly skilled industrial chain of insiders and data brokers.

Signage for the digital yuan at a self checkout counter inside a supermarket in Shenzhen. China’s central government wants to build a digital economy but first must ensure that personal information is not abused. Photo: Bloomberg

“We have to acknowledge that [the situation of] Chinese citizens’ personal information leakage and infringement is grim,” said Steve Zhao, a partner and intellectual property lawyer at the Beijing-based Gen law firm.

Zhao, who specialises in the underground online economy, described China’s black market for data as a professional and industrialised value chain connected to a range of illegal activities including fraud, extortion, and violent debt collection.

Last year, five employees at Chinese courier company YTO Express were found to have been renting their company accounts to an underground data broker group for 500 yuan (US$77) a day, leading to the personal information of more than 400,000 users being leaked, including names, addresses, national identification numbers and phone numbers.

Even though the brokers were arrested for selling the data to telemarketing fraudsters in China and South-East Asia, it is too late to remove victims’ information from the internet once it is disseminated.

In March last year, personal data from 538 million users of microblogging site Weibo was leaked and sold on the dark web, including phone numbers, gender and their geographical location. In August 2018, one of the biggest hotel chains in China, Huazhu Hotel Group, reported a leak that resulted in information from 130 million of its customers appearing on a dark web forum.

“We’re a populous country with a flourishing digital economy, so the underground data industry involves a large amount of personal information,” said Samuel Yang, a partner and specialist in cybersecurity and data protection at the Anjie law firm.

Tianjin flat buyer Liu suspects a real estate brokerage leaked her personal data, but without proof she cannot take any action.

“Trying to defend your rights won’t hurt these big platforms,” Liu said. “If the leak is not from buying a flat it would be from buying something else, and the salespeople won’t stop calling.”

Challenges lie ahead for policymakers, who need to strike a balance between stronger government control, protecting personal privacy and encouraging companies to leverage the full potential of data.

“The Chinese government is preparing for a concerted push to create the regulations and norms that will support the buying, selling and circulation of data throughout the digital economy,” said Kendra Schaefer, head of tech policy research at Trivium China.

Last year, the central government signalled that data would play a leading role in China’s social and economic development when it listed data as a new factor of production along with land, labour and capital, with the goal of integrating the physical and digital economies.

The central government has been trying to figure out how to create a viable market for data and establish rules around it, to ensure the smooth and secure circulation of data by pushing its bureaucracy to openly share its data, but also companies to share data from search, e-commerce and social media services for the development of a third-party big data platform.

The country’s 14th five-year plan, unveiled earlier this month, fast tracked the roll-out of two “fundamental” pieces of legislation, the Personal Information Protection Law (PIPL) and the Data Security Law. The PIPL, as its name suggests, will address personal privacy issues, while the Data Security Law will establish rules around the market for data and the basic regime of data security management, legal experts said.

With insider theft being a major source of personal information leaks, companies need to improve their own control measures and both laws will push them to do that, said Anjie’s Yang. The draft version of the PIPL, for instance, says that companies can be fined up to 50mil yuan (RM31.58mil) for violations.

“Hefty fines proposed by the Personal Information Protection Law will have a great deterrent effect on companies, who will be more motivated to protect user data,” Yang added. – South China Morning Post

Article type: free
User access status:

Data privacy


Next In Tech News

Amazon says to create 10,000 new jobs in Britain in 2021
TSMC sees no expect major impact on chip exports from Taiwan airline woes
Toshiba unit confirms hacked in May; blames DarkSide
Exclusive: TSMC looks to double down on U.S. chip factories as talks in Europe falter
Foxconn sees Q2 surge after profit leaps on COVID-19 work-from-home boom
Toshiba unit hacked in Europe, conglomerate to undergo strategic review
Chip shortage to cost automakers $110 billion in revenues in 2021 - AlixPartners
DBS private bank offers wealth succession planning for cryptocurrencies
So you want to delete WhatsApp? This is what you need to do first
Amazon seeks renewable power for Japan data centres - Nikkei

Stories You'll Enjoy