It will be interesting to seen how the European Union’s General Data Protection Regulation (GDPR) will impact Chinese companies in the EU.
In March 2018, when William Zhang’s car insurance was about to expire he did not have to bother looking for renewal options. Two months before the expiry of the policy, Zhang used to receive daily calls from insurers trying to sell him a new vehicle insurance policy.
Since, he had taken his initial policy from the Ping An Insurance Group it was only natural that the company would be in touch.
“What confuses me is how other insurance companies knew about it,” said 26-year-old Zhang, a government employee from Shandong. This is becoming a common experience in China.
Personal data is up for sale for pennies. Starting from insurance companies, loan sharks, banks to scammers, all sell personal information without a second throught.
“Personal information leaks are risky,” said Susan Ning, a partner at the law firm King & Wood Mallesons in Beijing. “Such information can facilitate other crimes,” she added.
Data Privacy Laws
To counter this rising menace, in May 2018, China introduced comprehensive data protection laws and tightened restrictions on the sharing of private data held by financial institutions and others. Despite this, the proliferation of online financial platforms has led to the sharing of private data, despite legislative efforts to protect consumers, say experts.
Currently, sellers of personal information can face up to 7 years in prison as well as a fine. Those that buy personal data can be punished with fines and can face up to 3 years in prison.
As per a Union Pay report that appeared in May, despite China’s current laws with regard to personal information, nearly 90% of phone scams stem from personal information breaches.
“Central to this problem is the high economic benefits associated with personal information trade and the low costs of violating relevant laws,” said Ning. “For some individuals with authorization, others’ personal information is just a few clicks away.”
Another reason behind the breach of personal information could be the lack of security measures on websites and the usage of ambiguous terms in certain contracts in relation to use of personal data, said Ning.
“China has a large population and data privacy cases cover a broad range, so it can be quite difficult to investigate,” said Ning.