Judge gavel over US and China flags showing data privacy regulations

What the U.S. Can Learn From China’s Data Privacy Regulations

Recently, China’s new Personal Information Protection Law (PIPL) went into effect, which drastically changed the private data protection landscape in China and beyond the country’s borders. The law restricts companies but, notably, not the government, from collecting and using consumer data, which impacts companies both in and outside of China.

The question now is what does this mean for the future of data protection policy, and perhaps more importantly, the lack of a comprehensive U.S. policy?

I’ve been in the industry of marketing and business development strategies for luxury goods and services organizations, many of which were in the tech sector, for over twenty years. One of the most concerning discoveries that I made was just how readily available almost everyone’s digital footprint is online. That’s what led me to cofound a comprehensive digital privacy protection solution called Hush.

I’ve learned a lot over the years throughout my ventures, and it’s leant insight into why China is so far ahead of the U.S. in protecting the privacy of its citizens, which may be surprising to some. The biggest reason? Chinese consumers are acutely aware of the importance of digital privacy.

Currently, the Chinese government is utilizing consumer demand to create laws on data limitations for companies, similar to the European Union’s General Data Protection Regulation (GDPR). Yet in America, most consumers are far less familiar with the threats of personal data living online, and younger generations who have documented their entire lives on social media aren’t familiar with the risks.

American consumers have the exact opposite belief around consumer data than Chinese consumers: In America, we accept that corporations will hold and sell our data, yet hold the government accountable for what it knows about us. The PIPL law puts the Chinese government ahead of the U.S. in protecting the privacy of its citizens. The irony of that should not be lost on anyone…

While Europe has GDPR and China now has its own data privacy laws, the U.S. has yet to establish laws on a federal level. Individual states are passing their own, but this leaves a number of consumers unprotected, and can even be a headache for businesses that operate in multiple states.

Consumers around the world are becoming increasingly aware of their data and how it is used. However, much of the discussion remains focused on issues like cookie tracking and how big tech firms like Amazon, Facebook and Apple use or sell consumer data for advertising purposes. Targeted popup ads can be frustrating and feel like a privacy violation, but they’re often not what we should consider a primary concern.

What most people don’t realize is the extent to which their digital footprint creates a literal roadmap to their lives, often leading criminals right in through the front door, digitally or literally. A few frightening statistics to keep in mind:

  • Identity theft is up over 100% year over year
  • Unemployment fraud is up 3000%
  • One in four women will be stalked (before the age of 25 for half of them)

Past privacy solutions have been ineffective because they fail to focus on the data that causes problems to begin with. Instead of worrying about the information that can be commercialized, consumers need to become aware of, and concerned about, the information that can be weaponized.

The good news? There are a number of steps that consumers can take, some of which are incredibly simple yet crucial for protecting their digital privacy.

The first and foremost is locking down all of your social media accounts and making sure that all of your family members’ accounts are protected too. Facebook is constantly changing their privacy settings, which often leads people to believe they’ve made their accounts private. This isn’t necessarily the case. At Hush we have found time and time again accounts whose owners thought they were private provide access to strangers of their photos, posts, and friends.

Here’s why that’s so dangerous. A “bad actor” first identifies their target before locating their PII, or personal identifiable information, on any one of the 1,200 data brokers. These data brokers compile a wide range of information on people, including current and past addresses, names of parents and siblings, and even email addresses and phone numbers.

Once someone has access to that, they’ll then begin to troll through social media accounts, which give away even more information than most would expect. For example, these accounts often provide insights into your pets and their names, where you grew up, your high school, or children’s names, ages, and teachers’ names. If bad actors have access to your home address, this makes it easy for them to look up your personal details on real estate websites such as Redfin or Zillow. While many people peruse these sites for entertainment, they also provide people with pictures and floor plans of homes.

Combined, all of this information paints not only a clear picture of you, but can also give the wrong person a pretty good guess at all of the answers to bank security questions, i.e., your mother’s maiden name, the street you grew up on, your pet’s name, or your school mascot. From social media to home listing details, bad actors have full visibility into consumers’ passions and interests, as well their homes and financial assets.

American consumers need to not only concern themselves with how companies are using their data, but the data they can control, and keep from being available online. While there are some easy steps that everyone can take, such as limiting the amount of personal information on social media accounts, other steps such as wiping data on real estate websites may require professional help.

The first and most important step is becoming aware of the issue and learning how our digital footprints provide a clear guide for criminals right through our front doors. While most of the debates over consumer data privacy place an emphasis on corporations and tech giants, we shouldn’t forget the type of data that is often most dangerous online.