Is China's data protection scene reaching maturity?

Consumer mindsets on data in China have generally been fairly relaxed, with younger consumers in particular willing to share information about their location or habits in exchange for shopping convenience and efficiency.

“Whilst data privacy is no doubt of paramount importance in this day and age, this is not as prevalent in China as there is currently no organisation or government entity to regulate the security of data,” says Alex Khan, managing director, APAC, Smaato. “But [this] is not without its merits, as less regulation in this area has led to a smarter and more insightful use of the data collected, which in turn has led to a much healthier ecosystem.

“This is especially true with large ecommerce platforms such as Alibaba and WeChat, where consumers can buy almost anything via their smartphones, and algorithms within these platforms make use of the data to alert consumers on products and services based on their spending habits and personal preferences.”

For advertisers and brands, this means China has represented a huge opportunity to collect data about customers.

Awareness around data collection is on the rise

Around 60% of Chinese consumers aged 20-49 have authorised mobile apps to access their GPS information, according to Mintel research. They have also used their WeChat, Weibo or QQ accounts to log into new platforms or provided their addresses for online shopping or takeaways.

This does not mean, however, that Chinese consumers are naïve or willing to sacrifice their private information, says Alina Ma, director of research, Mintel China Reports.

“In fact, Chinese consumers do have concerns around insufficient protection of their personal data, especially with the rise of livestreaming. Nearly half of consumers claim that livestreaming makes them worry more about their privacy.”

“We do see the data collected becoming increasingly important as consumers are beginning to realise the value of targeted advertising, which makes their choices easier whilst also satisfying the need for instant gratification,” agrees Khan.

The Cyberspace Administration of China has deleted nearly 8,000 mobile phone apps that were in violation of data privacy and and online security since September 2018.

This growing awareness about the field of data protection and privacy in China is starting to affect the habits of consumer and the brands targeting them.

The China Consumers Association found in November that of 100 apps tested, 59 were retaining too much information about the user, and 47 apps were deemed to have inadequate privacy protections. Over a third didn’t have a privacy policy at all.

Jet Deng, senior partner at law firm Dentons, says that the Cyberspace Administration of China has deleted nearly 8,000 mobile phone apps that were in violation of data privacy and online security since September 2018.

There is, however, no single body that oversees the area of data protection in China and the country's complicated advertising technology landscape also muddies the water, explains Smatoo’s Khan. In China a supply-side platform might build a demand-side platform (DSP) and then earn a percentage of revenues from each side, but it isn’t uncommon for a company to own a DSP and then an ad network consisting of their own traffic and inventory. This can make transparency and data protection across systems difficult.

Chinese consumers such as this person in Shenzhen, are used to the convenience of payment through smartphone apps like WeChat (Photo: Shutterstock)

“China’s data protection framework was made up only of a patchwork of fragmented rules found in various laws, measures and sector-specific regulations,” says Deng — although he says there is now an “increasingly stringent environment for the protection of personal information”.

The Cyber Security Law, which came into force in May 2017, contained detailed requirements on data handling and data protection for the first time. The main requirements of the law are that personal information, including a person's online activities and growing history, be stored in such a way that they can not be identified. Sensitive information including ID card numbers, bank numbers and information on children aged under 14 must be carefully stored.

There are also potential implications for publishers and advertisers.

“Many of the laws under China’s legal framework concerning data protection apply to two types of companies: 'network operators' and 'critical information infrastructure [CII] operators'" Deng says. "Because these categories are defined quite broadly under the Chinese system and may have a wide-ranging scope in practice, even companies that would not ordinarily consider themselves network operators or CII operators may be swept up by the definitions."

For Chinese businesses operating abroad, the regulations mean data connected to Chinese citizens or the broad field of ‘national security’ must be held on Chinese servers, and companies have to submit to a review before transferring any data abroad.

Data dramas in the news

While the growing focus on data privacy in China has partly been influenced by the new GDPR regulations coming out of Europe, a number of high-profile lapses have also helped to shine a spotlight on the issue.

In July, Alibaba’s Alipay apologised for making the opt-in to its social credit scoring service the default in its app, after users complained the company was misleading them into handing over their data.

Airline Cathay Pacific then took a knock in October after it revealed it had been the target of a huge breach of information. The data of over nine million passengers with the Hong Kong carrier had been illegally accessed in March 2018, including some 860,000 passport numbers and 240,000 ID card numbers.

Cathay Pacific chairman John Slosar (left) and chief executive officer Rupert Hogg answer questions on the data breach a panel hearing at Hong Kong’s Legislative Council in November (Photo: AFP)

In November, hotel brand Marriott admitted hackers had accessed the personal details of guests over the last four years. The breach was one of the largest in history, and the data that was stolen included passport numbers, travel locations and arrival and departure dates.

“Similar to other countries, China is facing serious personal information disclosure problems,” says Deng. “In recent years, personal information protection legislation and law enforcement activities have raised the awareness of Chinese consumers about data security and privacy. When personal information is infringed, more and more consumers are beginning to protect their rights through complaints and civil actions.”

Brand actions

For brands, tackling this challenge means placing ever more importance on building a relationship of trust with consumers.

“They need to think about how they interact with the consumer and how to get the best out of their brand campaigns in China — eMarketer has estimated the Chinese mobile ad market to be at around $60 billion in 2019, so brands and advertisers need to think about consumer behaviour and how they want the consumer to interact with the brand,” adds Khan.

Home-grown Chinese brands may also need to rethink their attitude to data privacy as they head overseas, where they face international scrutiny over privacy and security: the US government last year rejected the proposed $1.2 billion acquisition by Jack Ma's Ant Financial of money transfer provider MoneyGram International on the grounds of national security, for instance.

When personal information is infringed, more and more consumers are beginning to protect their rights through complaints and civil actions

Home-grown Chinese brands are perceived by international consumers as having quite a lax attitude towards data because laws remain scattered. But Chinese consumers are still likely to turn to domestic brands.

“Data breaches have definitely brought an impact on consumers' thoughts around privacy,” says Ma, adding that their research shows Chinese consumers are more likely to trust Chinese brands compared to international brands because international breaches often have more publicity.

And for many Chinese consumers the benefits and convenience still outweigh the risks.

"Thanks to the robust and healthy ecosystem that has risen in China, many businesses require the use of smartphones or apps to even get started,” says Khan. “This robust ecosystem has also given rise to the increased usage of mobile payments via smartphone, with the number of mobile payment users in China being more than the rest of the world combined. Thanks to the easily accessible and numerous offers within the ecosystem, this number is only set to rise in the foreseeable future.

“Essentially, China’s smartphone users set themselves apart due to them embracing the use of data and targeted advertising and their high level of comfort with using ecommerce payments via smartphones.”