China is often seen as the wild west of privacy protection, where unscrupulous companies collect and trade personal data as regulators and consumers stand idly by. The Chinese government has been trying to change that, most recently by drafting a privacy law akin to the EU’s General Data Protection Regulation (GDPR). While the implications for businesses are still murky, it’s clear that China is determined to tackle this issue its own way, at its own pace.
Since last fall, the country’s top legislature has unveiled two drafts of the Personal Information Protection Law (PIPL). The latest draft strengthens protections for minors and makes it easier for users to revoke their consent to share data. If passed, the law would also improve the ability to prosecute the misuse of personal data.
For businesses, it provides clearer guidance on processing by third parties, including overseas partners. Online platforms would be required to set up external independent entities that oversee their data practices and to publish social responsibility reports.
This is likely welcome news for consumers in China. Recent research dispels the popular belief that they are indifferent to protecting their personal data. Last June, Cisco asked adults in select countries about their feelings toward privacy legislation where they were. Among respondents in China who were aware of the 2017 Cybersecurity Law—which offers some data privacy regulation—80% said they felt positive about its impact. This was the highest response rate among all countries in the survey.
Further, YouGov polling from April found that more than half (52%) of adults in China said they prioritize an app’s security over its functionality and convenience. That was 9 percentage points higher than the average across the countries in the survey. This finding is especially notable given how mobile-centric China is.
The second draft PIPL was open for public comment until late May. A third and final draft is expected to be up for review before the law passes by the end of this year.
In the meantime, Beijing is continuing to clamp down on high-profile tech companies over their data practices. In mid-May, the China Cyberspace Administration—the state’s internet watchdog—called out tech giants Baidu, ByteDance, Kuaishou, and Microsoft for improperly collecting user data there.
Behind the government’s push for greater data privacy and security is not just its desire to be seen as a responsible global partner that adheres to international norms. It’s also eager to get ahead of the scrutiny ByteDance, Tencent, and other homegrown giants will likely face as they expand overseas. Having an official data privacy framework on the books should help China dictate the matter on its own terms.
In its latest five-year plan, the government declared in that consumption will play a growing role in driving economic growth. Policymakers view digital marketing and data as vital cogs in that wheel—and ones they want full control over. In the era of 5G and breakneck tech development, data has become a matter of national sovereignty and security.
China’s response to the iOS 14.5 privacy update is a case in point. Under Apple’s new framework, apps must ask each user for consent before they can track the user’s activities across apps and websites. Many expected this update to drastically reduce the viability of Apple’s Identifier for Advertisers (IDFA), which marketers had relied on to better target ads and measure the success of campaigns.
About a month before the framework’s rollout, reports emerged that China’s digital giants, including ByteDance and Tencent, were testing an alternative developed by the state-backed China Advertising Association (CAA). Dubbed the China Advertising ID (CAID), the identifier circumvents Apple’s tracking restrictions using device fingerprinting, which creates a unique user profile based on device and usage data. Though Apple has preemptively warned companies against using CAID, it has not taken any concrete action yet.
More recently, Apple announced earlier this month that its new Private Relay feature would not be available in China, due to regulatory reasons. The feature is designed to veil iOS users’ web browsing behavior from internet service providers and advertisers.
As the data privacy landscape there takes shape, Apple and other digital giants will likely struggle to adapt right out the gate, and more international tussles will ensue. Ultimately, however, the transparency and regulatory benefits that PIPL and other such laws will provide may be worth the pain.