China accelerates personal data protection

Xinhua
Industry watchers said government agencies and enterprises are pushing forward personal data protection and welcoming regulation on data privacy.
Xinhua

On Aug. 30, ZAO, a mobile app that allows users to transpose their faces onto celebrities' faces in hit movies or TV series, instantly went viral in China.

On Sept. 1, a privacy backlash was triggered after users found the app's terms and conditions required users to grant it and other users the right to "irrevocably" use their photos.

On Sept. 3, ZAO creators were summoned to a meeting with officials from the Ministry of Industry and Information Technology, who demanded the company make corrections and abide by laws regarding the collection of personal information.

The app's rise and fall within days sparked heated discussion nationwide about personal information protection.

In the run-up to China Cybersecurity Week, to be held from Sept. 16 to 22 nationwide, industry watchers said government agencies and enterprises are pushing forward personal data protection and welcoming regulation on data privacy.

According to the Office of the Central Cyberspace Affairs Commission, personal information protection will be one of the focuses and highlights of this year's China Cybersecurity Week.

The collection of user data by mobile apps is a growing problem in recent years, along with data breaches in online attacks, insider data theft and misoperation, said Pei Zhiyong, director of the Industry Safety Research Center under Qi Anxin, a leading Chinese cybersecurity company.

The Office of the Central Cyberspace Affairs Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security and State Administration for Market Regulation launched a joint special rectification campaign on the collection of personal data in mobile apps.

More than 400 popular apps were evaluated, and around 100 apps were asked to make improvements in data protection.

Meanwhile, government agencies and enterprises are paying more attention to their network security.

A report issued by Qi Anxin and Chinese online recruitment service Zhaopin said the demand for network security talent in China in June 2019 outstripped that in January 2016 by more than 24 times.

The skills demand in network security is more evenly distributed across the country. In 2019, the proportion of the five cities with the largest demand for skills in network security dropped from 60.7 percent to 48.8 percent, indicating skills are no longer concentrated in big cities.

A report issued during the Beijing Cyber Security Conference in August said that around 48.5 percent of China's government agencies and 56.3 percent centrally-administered state-owned enterprises have deployed security operation centers, and the response time to security events has been reduced to less than one hour from about three days in 2016.

In the first half of 2019, more than 100 million enterprises' computers have security software installed, while the number in 2016 was around 60 million.

The repair cycle for computer system vulnerabilities has dropped to 16 days from 35 days in 2016.

Wu Hequan, an academician with the Chinese Academy of Engineering and president of the Internet Society of China, said that it is human weaknesses that give hackers the simplest route to compromising systems, noting that cybersecurity awareness should be further raised among government agencies and enterprises.

In order to step up the management of data permission, experts proposed to build a centralized system, integrating system permission, data inquiry and early warning, especially in those areas with higher risks of data breaches and hacks, such as schools, government agencies and online retailers.

Jing Yunchuan, a founding partner of the Beijing Gaotong Law Firm, said personal information protection law and data security law have been included in China's legislative plan.

He suggested future laws should further specify the attributes of data, the rights and obligations of data holders and balance the relationship between development and personal information protection. 

Special Reports
Top