Can people secure their data and privacy in the digital age?
Tian Li is sure her smartphone spies on her.
To her, the evidence is clear: “Often, once I mention something in chats with friends or search for it in the browser or other apps on my phone, Taobao will soon feed me ads for relevant products or services…this happens on JD and other apps too,” Tian explains, referring to China’s two biggest e-commerce services. Her friends have had the same experience, she claims.
After this discovery early this year, Tian, a Shanghai resident in her 30s who wished to use a pseudonym, has been on guard against any apps’ requests to access functions on her mobile phone, including the microphone and photo album—unless it’s required to activate a platform she really needs.
Similarly, Li Ao, an employee at an e-commerce company in Chengdu, Sichuan province, only allows access to his data when he uses the apps. “Most apps require access to the contact list and album, even though I don’t see any connection between the accessibility and their function. You have to accept the terms they impose in order to use them,” he complains.
Their concerns are well-founded. For the last year or so, China’s regulators have been on the case of technology firms’ relentless harvesting of data. According to an announcement by the Cyberspace Administration of China (CAC) this July, Chinese ride-hailing giant DiDi has collected perhaps billions of pieces of data from a dozen categories of users’ and drivers’ information, including screenshots from users’ photo albums, information from their clipboards and app lists, facial recognition images, age, occupation, kinship, and addresses, drivers’ education and ID information. DiDi reportedly failed to clarify the purpose of collecting 19 of these items of personal information.
The company was fined over 8 billion yuan (approximately 1.2 billion US dollars) for its “severe” and “abominable” (in the words of the CAC) violations of China’s Cyberspace Security Law, Data Security Law, and Personal Information Protection Law; while its CEO Cheng Wei and president Liu Qing were fined 1 million yuan each.
Meanwhile, a 2018 report released by the China Consumers Association showed that 91 out of the 100 common apps it surveyed request “excessive” information from users, including 59 apps asking for users’ locations, 28 requesting contact lists and identity information, and 22 requesting mobile phone numbers. Others asked for access to users’ photo albums, financial information, biometrics, occupation, transactions, and online browsing records.
The public have been increasingly concerned with their privacy and data security, struggling to negotiate between the convenience brought by new technologies and devices, and their side effects, including excessive or illegal collection of data, leaks and illegal trade of data, and consequent spam messages, scams, and other risks. This concern has only heightened during the Covid-19 pandemic, when more personal information has been exposed due to digitalized anti-epidemic efforts.
“The illegal collection and abuse of data has gotten worse,” as the country goes digital, while relevant laws and regulations are yet to catch up, observes Zhao Yong, a computer science professor from the University of Electronic Science and Technology of China. As co-founder of the Big Data Center at Tsinghua University Suzhou Automotive Research Institute (which Zhao claims to be China’s first professional big data research institute) and an associated company to promote research and application of relevant technologies in 2012, Zhao has closely observed the country’s digital development over the last decade, as data has become a new factor of production.
In the 21st century, data has also become a strategic resource vital to the nation’s economy. As Chinese President Xi Jinping put it during a visit to the China Academy of Sciences in July 2013: “The vast ocean of data, just like oil resources during industrialization, contains immense productive power and opportunities. Whoever controls big data technologies will control the resources for development and have an advantage.” In the following year, the Chinese government included big data in its government work report for the first time, and officially launched its “big data strategy.”
According to statistics released during a press conference by the CAC last August, the size of China’s digital economy, driven by technologies such as big data, cloud computing, and artificial intelligence (AI), grew from 11 trillion yuan in 2012 to 45.5 trillion yuan in 2021, accounting for 39.8 percent of the country’s GDP—up from 21.6 percent in 2012. This helped China rank second in the world for size of digital economy.
The digital trend has swept every aspect of people’s lives: Around 85.2 percent of personal consumption in the shopping sector is online as of in 2021, as well as 78.6 of consumption in the catering sector, 66.7 percent in culture and entertainment, over 50 percent each in travel, accommodation, and transportation according to a report issued in May 2021 by the Institute of Quantitative & Technological Economics at the Chinese Academy of Science.
Zhao compares big data to a “microscope,” as it can analyze all the information companies gather to tailor their services to different customers accurately. “[The companies] may know you better than yourself…When you browse online and like some bag or clothes [even] subconsciously, the algorithm will feed it to you promptly,” he explains. As the algorithm and data can be transformed into economic returns through targeted selling and marketing, some apps have gone to extremes of breaking laws to collect as much information as possible, adds Zhao.
This has its upsides. “It’s convenient. [Online shopping websites] can recommend products tailored to my needs, such as my favorite style and design of clothes,” says Wen Yun, a graduate student from Maoming, Guangdong province, who has turned to platforms like Taobao and Pinduoduo to buy up to 90 percent of her daily necessities since high school.
However, she believes the disadvantages outweigh the benefits. “To some extent, it narrows down our choices and makes our world one-dimensional,” she observes, referring to how apps repeatedly recommend the same products and types of content to her, rather than anything fresh. “I have a cat and sometimes watch pet-themed short videos. The platforms then bombard me with videos of various pets, even exotic pets like marmots.”
Another reason for Tian’s skepticism is her discovery of being “ripped off” by Taobao in late 2020: When she and her boyfriend (who seldom uses Taobao) browsed on the platform respectively for a new food dehydrator, her results were dominated by products costing around 300 yuan, over 100 yuan higher than her boyfriend’s; it took her quite some time to dig out the cheaper options when browsing from her own account.
She believes the platform has restricted her access to more economically price products, due to her being less sensitive to prices in previous transactions.
Price discrimination on online platforms, or “big data ripping off frequent customers (大数据杀熟),” has been a common consumer complaint around businesses’ apparent misuse of big data. In a report issued by the Beijing Consumers’ Federation this May, over 64 percent of the 4,163 users surveyed said they had experienced price discrimination The study included 18 popular apps and websites including Taobao and Pinduoduo, online travel platforms Trip.com and Qunar.com, and food delivery giants Meituan and Ele.me.
In China’s first lawsuit over price discrimination in 2021, a VIP member on Trip.com surnamed Hu in Shaoxing, Zhejiang, sued the platform for charging her 2,889 yuan a night for a hotel room that actually cost only 1,377 yuan. She thought the platform raised the price by taking advantage of users’ past consumption habits, while the platform argued that the price rose that night due to high demand but limited room vacancies, and claimed that so-called “big data-based discriminatory pricing” was a result of consumers’ membership levels, or individual hotels’ sales promotion policies.
Although the court ruled in Hu’s favor and ordered the platform to pay her 4,777.48 yuan in compensation (three times the price difference), it did not support her price discrimination claim due to insufficient proof.
Zhao Zhanling, a lawyer specializing in IT and copyright from Beijing (no relation to Professor Zhao), tells TWOC that to find convincing evidence for such a claim, one must have access to the companies’ servers, and has to check the algorithm, data and other internal management documents, which is seldom possible for ordinary consumers.
Another major issue is the security of the data collected. According to statistics from China Internet Network Information Center, more than 221 million online users in the country have had their personal information leaked. Some 16.6 percent had been scammed, 9.1 percent had had their devices infected with malware, and 6.6 percent reported their accounts or passwords stolen in 2021.
Telecommunication network frauds in 2020 alone caused a loss of over 35 billion yuan, Li Ruiyi, deputy chief judge of the Third Court of the Supreme Court, told news site Jiemian in June 2021.
According to Professor Zhao, this data could be shared with the platform’s associated parties or traded on the black market. But as individuals’ information is exposed to so many parties in each online transaction—for instance, to the e-commerce platform, shop owner, express delivery company, and delivery person for an online purchase—it’s difficult to track who is responsible for the leaks.
Even the authorities can be a source of information leaks and misuse, especially since the outbreak of Covid-19, the response to which has seen residents’ information such as their travel histories collected and disclosed in the name of anti-pandemic purposes. Some property management companies have even required residents to fill in their educational background, marital status, and WeChat account name, in addition to name, phone number, and address, when applying for an access pass to their residential compounds.
According to a survey by the Southern Metropolis Daily in March 2020, only 20 percent or so of all the correspondents knew how their information collected through Covid-19 health codes by the residential communities, supermarkets, pharmacies, and public transport would be stored and used after the pandemic.
The disclosure of information, including the address, of suspected and confirmed Covid-19 cases can have significant consequences. For instance, during a surge of Covid-19 cases in Chengdu in December 2021, a 20-year-old girl known as ”Miss Zhao” was abused online for her visits to several bars before she was sent to hospital as a confirmed case. Netizens quickly discovered her personal information, including ID number and address.
Wen, in Guangdong, had a similar experience: after she was quarantined on September 2, due to one of her neighbors having had “close contact” with a confirmed case, she was bombarded with harassment messages on WeChat and phone calls from strangers. Days earlier, she had been required to fill in her phone number, ID number, and address in the WeChat groups of her residential community and quarantine hotel, consisting of over 550 members in total.
“We could easily see all other members’ information on that document [on WeChat], including their phone number and address,” the college student recalls, adding that she had been concerned about this method of information collection at the time, but no one else questioned it.
Last summer, several municipal officials in Zhengzhou, the capital city of Henan, were punished for having instructed the local big data bureau, health code management team, and a local big data company, to switch the Covid-19 health code of 1,317 people from “green” to “red” in mid-June, thus restricting their movements. But, it was alleged, these citizens had not contracted Covid-19—they had deposited money at four Henan banks that had halted withdrawals due to cash flow issues, and the codes were changed supposedly to prevent the irate customers from gathering and protesting in the city.
Similarly, in July last year, local residents’ committees in Changping district, Beijing, required residents coming back from Covid-19 risk areas to wear electronic bracelets to track their temperature during their home-stay quarantine, with the app associated with the device able to access the wearer’s location, camera, microphone, and contact list. Both incidents sparked public outcry and discussion over privacy.
Professor Zhao points out that the root cause for all these issues is that “ownership of data has been transferred from users to platforms and companies,” who then often process and use the data without informing users about how they collect, store, and use the information, and may “choose to ignore or violate relevant rules and laws, because to comply with those rules will cost them a lot and impact their algorithm, services, and revenue.”
The Personal Information Protection Law implemented in November 2021 represents a milestone in China’s data privacy laws. It details general rules for personal information processing, individuals’ rights, and the responsibilities of information collectors and processors. For instance, it stipulates that personal information be collected for clear and reasonable purposes and be processed for the stated purposes with minimal influence on an individual’s rights and benefits; insists that the minimal information necessary to realize the stated purpose of the product or service shall be collected; and clarifies that notifications must be sent to individuals for their consent before their information is processed.
On Weibo, Lawyer Zhao hailed its implementation as the start of a “new age” of personal information protection, citing examples that many apps, including Alipay, have revised their personal information or privacy policies, and strengthened their compliance and protection of data.
However, tracking and regulating the millions of apps in China will prove difficult, and stricter laws like the European Union’s General Data Protection Regulations (GDPR) would “reign in the development of the digital economy,” Xu Caisu, a researcher at Shanghai University, told Ximin Daily last July.
Nonetheless, public awareness of digital information and privacy protection is on the rise, and many people are taking things into their own hands. Tian avoids using her real name on deliveries from online shopping websites (though this may not do much good since she must register for them with her ID card), and regularly uninstalls apps and clears her browsing history online to reduce her data footprint. To avoid price discrimination, she compares prices on different shopping platforms.
However, after much trial and error, she knows that, with her smartphone seemingly always spying on her, “no matter how I try to compare, I’ll never find the best value goods!”
Digital Dilemma: Big Data Brings Big Privacy Problems to China is a story from our issue, “The Data Age.” To read the entire issue, become a subscriber and receive the full magazine.