China has just passed a major data privacy law. Inspired by the EU’s General Data Protection Regulation, China’s Personal Information Protection Law (PIPL) comprises a far-reaching set of rules governing how tech companies handle user data.
On the surface, it seems pretty tough. In fact, the Wall Street Journal hailed the PIPL as “one of the world’s strictest data-privacy laws.”
However, it will probably do less to protect Chinese users than many believe, and it might even entrench further the dominance of China’s incumbent tech giants.
To be sure, the PIPL represents an important first step toward protecting the privacy of Chinese citizens. It gives regulators a new set of weapons to use in their fight against China’s mighty tech firms; it limits companies’ ability to engage in algorithmic price discrimination; tightens rules on cross-border data transfers; and imposes additional compliance burdens for large tech firms that are deemed “gatekeepers.”
However, a close look at the PIPL reveals its major weaknesses. For starters, although it requires businesses and government agencies to obtain individual consent before processing personal information, it exempts them from doing so when there is a “statutory basis” — while failing to specify which statutes qualify.
Because many Chinese government authorities, including central ministries and local governments, possess some degree of legislative power, a vast array of lower-level rules and regulations could potentially be used to circumvent the PIPL.
Notably, exemptions could be granted on the basis of statutes that facilitate China’s controversial social credit system. The People’s Bank of China (PBOC) has been drafting credit information guidelines that will bring an abundance of online consumer data — covering, for example, transportation, communication, property and payments — under the purview of its credit system.
This goes far beyond the existing social credit system, which mostly collects negative credit information, such as personal debt defaults and breaches of the law. Not surprisingly, it has fueled heated debate in China, with many arguing that the new guidelines amount to a serious violation of personal privacy.
For the PBOC, however, they are central to an ambitious plan to create a nationwide credit database, a step that will significantly bolster the state’s ability to pressure fintech giants such as Ant Group to transfer their vast troves of personal data to state-controlled storage infrastructure.
Such companies previously resisted official pressure on grounds of consumer privacy.
However, China’s regulatory war on the country’s tech giants — especially its suspension of Ant Group’s initial public offering — has strengthened the PBOC’s hand considerably. Now, the central bank is aggressively pushing its credit database plan, purportedly in the name of financial stability.
The PIPL also fails on another front: It does not create a new independent data protection agency. The Chinese Cyberspace Administration will manage coordination, leaving enforcement to a patchwork of national and local-level regulators, which tend to be thinly staffed.
This probably explains why legal sanctions are not the only form of enforcement envisaged by the PIPL. Instead, the law allows for soft legal measures, such as administrative interviews with firms to request that they rectify their behavior. While these soft measures could offer a flexible and efficient alternative to legal sanctions, they might leave too much to the discretion of bureaucrats and weaken deterrence.
Moreover, the new law is unlikely to rein in Chinese tech giants’ market power. After all, these companies have deep coffers and strong legal support — resources that put them in a strong position to shoulder PIPL compliance costs. The same cannot be said of their smaller rivals.
The law’s data portability requirement — which allows consumers to move their personal data more easily between platforms — is a case in point. The rule is intended to encourage multihoming, wherein consumers patronize multiple platforms, and to reduce platform-switching costs for consumers.
However, studies suggest that it could discourage new entrants, as smaller businesses often cannot afford the costs of forced data transfers.
Similarly, strict privacy protections might place smaller firms and new entrants at a competitive disadvantage. Consider ByteDance, which owes its exponential growth to its application of algorithms that gauge consumer preferences and recommend content and advertisements. Stricter privacy protections would have made it impossible for ByteDance to acquire sufficient data to become a true challenger to incumbent firms.
If new entrants cannot gather the data they need to compete, it could end up harming users — the very group privacy laws are supposed to protect.
China’s new data-privacy law will undoubtedly increase the compliance burden for China’s Big Tech firms, which have faced regulatory onslaughts over the past 10 months. Although, in the end, the PIPL could turn out to be a blessing in disguise for them.
Angela Huyue Zhang is a law professor and director of the Center for Chinese Law at the University of Hong Kong.
Copyright: Project Syndicate.
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
Can US dialogue and cooperation with the communist dictatorship in Beijing help avert a Taiwan Strait crisis? Or is US President Joe Biden playing into Chinese President Xi Jinping’s (習近平) hands? With America preoccupied with the wars in Europe and the Middle East, Biden is seeking better relations with Xi’s regime. The goal is to responsibly manage US-China competition and prevent unintended conflict, thereby hoping to create greater space for the two countries to work together in areas where their interests align. The existing wars have already stretched US military resources thin, and the last thing Biden wants is yet another war.
Since the Russian invasion of Ukraine in February 2022, people have been asking if Taiwan is the next Ukraine. At a G7 meeting of national leaders in January, Japanese Prime Minister Fumio Kishida warned that Taiwan “could be the next Ukraine” if Chinese aggression is not checked. NATO Secretary-General Jens Stoltenberg has said that if Russia is not defeated, then “today, it’s Ukraine, tomorrow it can be Taiwan.” China does not like this rhetoric. Its diplomats ask people to stop saying “Ukraine today, Taiwan tomorrow.” However, the rhetoric and stated ambition of Chinese President Xi Jinping (習近平) on Taiwan shows strong parallels with