Until recently, the conventional wisdom had been that Chinese Internet users were not particularly concerned about privacy issues. Even as the evidence continued to mount that some China Internet giants might be monitoring, filtering or analyzing their content, there was little or no public outcry. However, starting in June 2017, when the Chinese government passed a sweeping new cybersecurity law, Chinese Internet users have become much more vocal about what they perceive to be a potential breach of privacy.
The growing case against China Internet giants
In December 2017, for example, Chinese Internet search engine giant Baidu was sued by a Chinese consumer group (the Jiangsu Consumer Council) over claims that it had illegally obtained users’ data. According to the claim, mobile apps provided by Baidu could access a user’s calls, location data, messages, and contacts. While Baidu has denied these claims, saying that their apps don’t have the ability to monitor phone calls, you can see the obvious reason for concern: being able to monitor a user’s calls could make it very easy for a company – or the Chinese government – to snoop on them.
And Baidu is hardly the only one of the major China Internet giants facing similar types of allegations. For example, Tencent Holdings, owner and operator of the popular WeChat messaging service, has been called out for potentially snooping on users. Private messages, once thought to be safe from prying eyes, now have the potential to be stored and analyze. Just like Baidu, WeChat has rejected these claims, saying that they don’t store chat logs or use them for any kind of analysis.
Overall, 27 mobile app operators within China have been contacted about potential breach of privacy issues. As the old adage goes, “where there is smoke, there is fire,’ so the growing presumption of China’s Internet users is that their mobile devices are no longer as private as they once assumed, especially when they are using one of the services provided by China Internet giants.
What’s even more worrisome is that the breach of privacy concerns have started to be raised with a growing number of Chinese Internet companies and tech giants in the financial sector. For example, Ant Financial Group, part of Jack Ma’s Alibaba Group, recently came under scrutiny for business practices at its Alipay payment service. It turns out that Alipay was inviting users to view their bills online, and as soon as consumers agreed to do this, was auto-enrolling them in a credit-rating system (Sesame Credit) that would potentially expose their personal financial data to third parties. Presumably, this would open up a door for the Chinese government – or some other unauthorized user – to have access to their financial information, in what would be a clear breach of privacy.
The new Chinese cybersecurity law could intensify breach of privacy concerns
So why, then, are we seeing breach of privacy concerns start to bubble up now, after a period in which Chinese consumers largely ignored (or overlooked) those concerns in the past? One commonly advanced explanation by Western experts is based on the unique culture and psyche of the average Chinese citizen – he or she is much more willing to forgive the government a transgression than a private company. In other words, Chinese Internet users who grow up with the notion of a vast, sprawling bureaucratic state are more inclined to give the government a “free pass” than a private corporation.
However, there may be a deeper, more structural reason why breach of privacy concerns have been growing ever since mid-2017, and it has to do with the final implementation of the omnibus Chinese Cybersecurity Law, which went into effect in 2017. The law contained a number of different provisions – such as the ability of the Chinese government to perform a spot-check of any Internet network operator and the requirement that all sensitive information about Chinese Internet users be stored on Chinese servers located on Chinese soil – that have raised concerns amongst privacy experts.
In fact, according to the law, Chinese Internet companies (including all China Internet giants) must store Internet logs and data for at least six months in order to remain in compliance. So you can start to see why users are complaining that services like WeChat are storing their chat logs, or that China Internet giant Baidu is snooping on their phone calls and contact lists – it could be a direct result of the Chinese Cybersecurity Law of June 2017.
The struggle for the future of the Chinese Internet
In many ways, then, you can see the conundrum faced by China Internet giants and social media companies – either risk the wrath and fury of users or risk the wrath of the Chinese government. In other words, either they continue to collect all the data required by the government, or they decide to change their business model entirely and find some way to circumvent the new regulations entirely so as to avoid breach of privacy concerns.
And there is one other factor that is really raising the stakes for China Internet giants, and that is China’s plan for a Social Credit System. Two of the companies involved in the creation of this system – Tencent and Alibaba – are precisely two of the companies mentioned in the breach of privacy allegations. This Social Credit System is so controversial because it promises to take all the data being created by Internet users – their phone calls, their social media activity, their private messages, their financial data – and turn it into a way to rate, score and monitor Chinese citizens.
Presumably, citizens with a “low” social credit score would be more at risk of possible intervention by the Chinese state. Already, there have been concerns that WeChat messages could become the basis for penalties and punishments, especially if they contain political content. That’s just one more reason why breach of privacy concerns are starting to resonate so much with China Internet users. While Western users might view breach of privacy concerns primarily on philosophical and ethical grounds (“We don’t want the government to be snooping around on us”), for Chinese Internet users, the implications could be much more profound. In a worst-case scenario, a single message or a single phone call could become the basis for censorship, imprisonment – or both.
Going forward, it’s clear that China Internet giants must decide how they are going to deal with these growing breach of privacy concerns. Judging by what we’ve seen in just the past six months, these concerns won’t be going away in 2018. Moreover, given the sweeping nature of the recent Chinese Cybersecurity Law, these concerns have the potential to involve even more companies going forward. How this issue gets resolved could determine the future for China Internet giants and the Chinese Internet.