Jan 07, 2020 07:56 PM

Editorial: To Stop Rampant Abuses of Big Data, China Needs a Law

China is moving to curtail the activities of apps that illegally collect users’ personal data. In the last few days, four Chinese government departments, including the cyberspace administration, have jointly issued a document defining six ways of illegally collecting and using user information. Two of them particularly stick in the craws of Chinese internet users: the practice of unnecessarily collecting personal data unrelated to the app’s services, and providing personal information to third parties without users’ consent.

The release of the document, which is a concrete step toward implementing China’s Cybersecurity Law and other related legislation, can be viewed as the culmination of a yearlong effort to rein in China’s rapidly developing digital economy.

Growing the digital economy and protecting personal information shouldn’t be a binary choice. But lessons from the past — from the rise and fall of traditional industries to the advent of new ways of doing business — remind us that development and regulation rarely evolve hand in hand.

China’s huge domestic market gives it a natural advantage in developing the digital economy, and the collection and use of big data is key to the sector’s health. Yet the conflict between the digital economy and personal data protection is becoming clearer by the day. Data protection regulations are not up to standard, enforcement is both weak and slow, and platforms frequently violate user rights. If we don’t resolve these issues rapidly, they will come to weigh heavily on the sector as a whole.

To do so, we first need to root out the popular but specious view that, at least during the digital economy’s initial development, we should make the collection of big data a top priority, even if it carries the risk of violating user privacy rights. Advocates for this approach often frame privacy violations as the lesser of two evils, but their contempt for citizen’s rights is disturbing.

At its heart, the relationship between big data collection and the protection of personal information is a series of black-and-white questions: Either something is legal, or it isn’t. We should encourage and offer legal protection to big-data companies who do things by the book, but cannot afford to indulge the sector’s rotten apples. Once apps leak personal data, the affected users are often harassed with sales calls, text messages and emails. In the worst cases, fraudsters steal their account passwords and swindle them out of their money. Only when we safeguard individual rights and interests can development of the industry proceed smoothly.

The sector’s desire for vast amounts of data mustn’t lead us to conclude that any platform should be able to collect personal information at will. Some platforms, when facing regulation or trying to influence legislation, claim loudly — and illogically — that they’re contributing to “national strategy.” In reality, this is cynical profiteering. Sensitive personal information involving, for instance, someone’s property, gender, identity or whereabouts must be defined within legal limits. Platforms must be clear on whether what they’re collecting is against the law.

Moving forward, we should have laws governing the collection, synthesis, processing, use, and sale of data. These laws should be strongly enforced and violators should be investigated.

To start with, legislators — particularly those at higher levels — must systematically clarify the nature of data-related property rights. Otherwise, different entities will squabble endlessly over who owns the information, an outcome that would seriously impact the development of the digital economy. We need unified legislation on which data can be collected and used, which data must be strictly protected, and to whom such data belongs after it is collected. We look forward to finally reading the long-awaited Personal Information Protection Law and the Data Security Management Measures recently added to the government’s agenda.

A pressing concern is how to prevent violations of personal data and correct rights infringement in a timely manner. Last year, a government investigation revealed 683 apps that had illegally collected personal information, but that is just the tip of the iceberg. Such apps aren’t hard to spot: The general public is sick to death of them and has shown strong motivation to report them and protect their rights.

But it’s worth reflecting on why a timely investigation wasn’t launched before. Cases involving the unsolicited collection and abuse of personal information carry prohibitively high legal costs for most individuals; they involve submitting a complaint to authorities that may never respond. Responsibility for personal data protection is shared among many government departments, dampening the need to seize the initiative. And because the regulatory environments lags behind the times, complainants often find there is no legal basis for resolving their issue, or that the punishment is too light. Case-by-case rectification is clearly not a long-term solution, so we should put our efforts into honing our legal and regulatory systems.

Large platforms should play a leading role in protecting rights and interests relating to personal data. The biggest platforms have advantages in terms of technological capability and market share, and can afford to lead the way when it comes to exploring solutions. Experts have pointed out that data monopolies and abuse are largely caused by the concentration of data analysis models. To combat this, we can promote emerging technologies like federated learning and secure multi-party computation.

However, no matter how our technological models change, large platforms must also act in accordance with laws and regulations. Authorities mustn’t accept the slightest bit of laxness in policing them.

China moves into 2020 facing increased downward pressure on the economy, making the need for transformation and growth more urgent. To ensure that the digital economy lives up to its vast potential, we should constantly seek stronger adherence to rules and regulations. The illegal collection of personal data by unscrupulous apps is by no means a minor issue. Based on their own feelings, China’s 800 million smartphone users will make their own judgment on the progress in eradicating this problem and thereby shape society’s expectations of the digital economy.

Contact translator Matthew Walsh (

You've accessed an article available only to subscribers
Share this article
Open WeChat and scan the QR code