Caixin
Nov 30, 2020 08:20 PM
BUSINESS & TECH

Regulator Singles Out Tencent in Diatribe on Tech Sector’s Data Privacy Failings

Lu Chuncong, deputy director of the MIIT’s Information and Communication Administration, speaks at a conference on May 29. Photo: CCTV
Lu Chuncong, deputy director of the MIIT’s Information and Communication Administration, speaks at a conference on May 29. Photo: CCTV

Chinese regulators have fired another shot across the bow of the nation’s tech giants, this time for failing to protect user data, with a senior bureaucrat singling out internet titan Tencent Holdings Ltd. in comments widely reported by state media. 

Despite being continually criticized by regulators for collecting data without user consent, some popular apps “still haven’t learned their lessons, and still suffer from the same issues,” Lu Chuncong, deputy director of the MIIT’s Information and Communication Administration, said at an industry conference on app security Friday.

Lu also singled out the Sina Sports app, which the ministry criticized last December for collecting personal information without permission, and said it was later found to still be violating the same regulations after a spot-check.

Competition creates incentives for companies to skirt data privacy rules, Lu said, as they delay resolving their issues in order to maintain an edge. Some companies even revert to illicit practices in updated versions of their apps after meeting regulatory requirements, he said.

Lu singled out Tencent for criticism, saying, “Tencent’s vice president is here today. I hope you will intensify your efforts to rectify the situation, and that it will not be repeated and will finally be resolved. I hope (Tencent) will take this as an opportunity to have an internal discussion.”

At the same event, MIIT Vice Minister Liu Liehong accused tech companies of misleading conduct, obstruction and deliberate delays in resolving issues pointed out by regulators, and put the firms’ senior leaders on notice, saying they needed to act. 

“Some companies have repeated these issues in multiple product lines, reflecting that the company has not formed an awareness of the bounds of user personal information use… some are unwilling to cooperate because it will affect revenue.”

Observers saw the bureaucratic rebuke as a signal that companies need to clean up their act ahead of a new data privacy regime which is expected to come into effect early next year.

“For the MIIT to criticize (Tencent) by name is quite surprising,” said Nicolas Bahmanyar, a data privacy consultant at Leaf Law Firm. “The signal is very much that big companies are not entirely compliant on some aspects of the data protection and privacy legal framework,” Bahmanyar said.

The regulatory focus had so far been on “building” China’s new privacy regime rather than “explaining” how to comply with it, he added.

Privacy issues and corporate data theft have been increasingly scrutinized in China as the nation prepares to enact sweeping legislation intended to protect personal data from misuse by corporations. A draft Personal Information Protection Law unveiled in October contained remedies for breaches more in line with Europe’s privacy regime, including a maximum fine of 50 million yuan ($7.42 million) or the equivalent of as much as 5% of revenue from the previous year.

“Chinese companies have not (yet) suffered the heavy fines that will make them rethink, and as a collective group, change their behavior,” said Bahmanyar, who noted that the punitive remedies in the European Union’s General Data Protection Regulation, which inspired the Chinese legislation, were also relatively new.

A string of high-profile data breaches in recent years has strengthened public calls for the government to pass a unified law safeguarding the personal information of citizens. In the first seven months this year, more than 8,000 apps and 478 companies were penalized by regulators for violating data collection rules.

The issue has also inflamed tensions overseas. This month, India’s Ministry of Electronics and Information Technology added 43 apps — including several operated by Alibaba Group Holding Ltd. — to a list of more than 170 that had already been banned for allegedly stealing users’ personal data.

Data gathering practices by Bytedance’s TikTok have also been among the reasons it has faced scrutiny overseas.

 Read more 
Cover Story: The Right Over China’s Law to Protect Personal Data

While corporate data handling has been in the spotlight in China, the response to calls from experts and some members of the top decision-making body of China’s national legislature to also define the allowable scope of data collection by government departments has been muted.

“Government agencies managing public affairs and services collect a huge amount of personal data, but at the same time, they are rule makers and regulators,” said Zhang Xinbao, a legal expert who participated in drafting the law. Zhang said there still needs to be further detail on requirements for government bodies.

This spring, the Chinese leadership released guidelines which defined data as a new factor of production, alongside land, labor, capital and technology.

Contact reporter Flynn Murphy (flynnmurphy@caixin.com) and editor Joshua Dummer (joshuadummer@caixin.com)

Download our app to receive breaking news alerts and read the news on the go.

You've accessed an article available only to subscribers
VIEW OPTIONS
Share this article
Open WeChat and scan the QR code