Chinese Regulators Clamp Down on Apps Collecting Excessive Personal Data

Popular “mini-programs”, found on ubiquitous platforms like Wechat and Alipay, often require users to divulge personal information to use the service. (Source: KrASIA)

A coalition of four Chinese regulatory bodies released guidelines this week that will establish more restrictions on the collection of individual user data by digital service providers.

The new rules specifically target apps that withhold services to customers until they consent to requests to share wide-ranging personal information, a common practice that in many cases will become illegal after the changes come into effect on 1 May.

According to a Monday statement from the Cyberspace Administration of China, the upcoming rules will curb the collection of excessive and irrelevant user data by explicitly defining which categories of information can be requested for a given service. Under this policy, apps will only be granted access to information deemed essential for conducting their business. For example, a user’s real-time location may be shared with ride-hailing platforms but will not be made available to personal finance services.

Online user experience in China is often funnelled through a set of ubiquitous platforms such as Wechat and Alipay, through which other companies can reach consumers with “mini programs” that do not require a separate app download. While offering an efficient and convenient channel for conducting business, issues of consumer rights and individual privacy have presented a challenge to authorities.

For many of these online products, users must consent to share their personal information before accessing services. In addition to privacy concerns, other worries include the deployment of data for intrusive targeted advertising and anti-competitive behavior.

Although the announcement extends the regulatory scope of the matter to an unprecedented level, authorities have yet to divulge critical details regarding enforcement or punishments incurred in the event of a breach of the rules.

Industry experts expect that rules surrounding data privacy in China will become increasingly clear-cut as the country’s regulators catch up with the new range of products and services that have emerged in the digital era. Similar efforts have been made outside China, most notably in 2018 when the European Union implemented its sweeping General Data Protection Regulation policy, setting a new multinational standard for the protection of users’ private data.

In addition to advancing the regulation regarding the collection and use of digital user data, this week’s announcement can be seen as part of a much broader initiative on behalf of Chinese authorities to extend its influence in the burgeoning domestic tech industry.

SEE ALSO: Five Chinese Group-Buying Platforms Fined 6.5M Yuan ($1M) for Improper Pricing

Earlier this month, antitrust regulators announced the latest wave of fines levied against some of the country’s leading tech firms, including Tencent and Baidu. In November last year, authorities scuttled Alibaba’s intentions to list on the Shanghai and Honk Kong stock exchanges, in what would have been among the largest initial public offerings in history.

As China’s domestic tech industry continues to expand, regulatory bodies in the country will be faced with the difficult challenge of ensuring secure and ethical behavior by what have become some of the world’s most powerful and iconic corporations.