The Substandard Situation of Personal Data Protection in China
The China Consumers’ Association released the “Application Personal Information Disclosure Report” on August 29, 2018, which showed that more than 85% of respondents experienced personal information disclosure. This figure reflects that a large number of APP users in China are suffering from the threat of being leaked through illegal processing of their personal information. Most of the respondents believe that the Mobile App can obtain users’ privacy rights by letting them Sign-Up a new account or connect to their social account. However, this kind of privacy information registered is not necessary for the APP’s normal using functions. At the same time, most respondents believe that the Mobile APP collect users’ information for promotion and advertising.
It’s important to bear in mind that, for lack of consciousness of being protected by data protection regulation and safeguarding their rights, one-third of the 85% of respondents made a compromise that they are unlucky. Therefore, in today’s China, even if the electronic economy is developing rapidly, the relevant regulations and supervision measures for purifying the market environment are not yet effective. Users’ personal data are still over-collected, unauthorizedly disclosed or even illegally resold through various improper channels.
These days, China’s “Personal Data Protection Law” has not yet been introduced. Due to the absence of a standard for proper exploitation of personal information, the enterprises have more maneuver space to use in “illegal” means to obtain private data and profit from it, even by leading to cases of online deception more often. As a consequence, users are freely-restricted to choose not to disclose their own privacy.
There is a Mobile Application of Android system, if the User does not agree to eliminate the privacy restrictions, this APP cannot be downloaded neither used. The User’s privacy is forced to be violated in this way because they do not have the right to refuse access to personal information. In order to solve this problem, after the Android 6.0 system is developed, the permission application of sensitive private data is separated from the entire procedure. When there is a usage need which should be met by certain permission, it must apply the User dynamically in the App.
Faced with such situation, the Chinese government has also responded accordingly. A regulation on the protection of personal data in the field of telecommunications and online personal information came into force on September 1, 2013. It generally regulates the collection activities and use of personal data collected, which brings to light the requiring the consent of both sides as a priority.
The regulation also declares some protection measures, such as clarifying the security responsibility of each person, entity, for institutions to adopt antivirus measures, update software, etc. At the governmental level, the administration is responsible for monitoring the personal data protection situation and ensuring the proper use of the data by means of security measures. In addition, the sanctions are pointed out. If it incites great prejudice, there will be a fine or an imprisonment sanction.
By referring to Japan’s Personal Information Protection Act (PIPA), which was implemented on May 30, 2017, there are two points which are worth learning from for the improvement of China’s future personal data protection legislation. One is to identify the range of sensitive information, including ethnic, religious beliefs, medical history, social status, criminal record, victim history and other personal information which can cause discrimination in the society; the other is the introduction of the “Opt-out-consent”, which states that if the user has been previously informed by operator that his/her personal information may be provided to a third party, there is no need to obtain an express consent from the user when transferring the information. This effectively balances the needs of business operations, usage experience, and user rights protection.