Who’s buying, selling and stealing your personal data in China?
Detention of 22 people over sale of Apple private data raises privacy fears in mainland China
A crackdown on a massive data-selling syndicate run by Apple-linked employees in China this week has renewed concern over privacy issues on the mainland.
Chinese authorities detained 22 people – 20 of them employees of an Apple “domestic direct sales company and outsourcing company” – over the weekend for selling computer and phone users’ personal data, the Cangnan country police department in Zhejiang province said on its website earlier this week.
The suspects allegedly used the US technology giant’s internal computer system to gather users’ names, phone numbers, Apple IDs and other data, which they sold as part of a scam worth more than 50 million yuan (US$7.4 million).
In a statement issued on Wednesday, Cangan police said they detained the suspects after months of investigation alongside officers from Guangdong, Jiangsu, and Fujian provinces.
The statement did not specify whether the data belonged to Chinese or foreign Apple customers.
An Apple spokesman declined to comment on the matter. The local police did not respond to requests for comment.
The 20 Apple-linked employees worked in the direct sales company and with its outsourced service suppliers, allegedly charging between 10 and 180 yuan for items of illegally extracted data.
Why are Chinese people concerned about the data leaks?
The crackdown raised public concern over privacy issues as Apple products are highly popular in China, with iPhones being Chinese users’ top choice for mobile web surfing.
Apple shared 9.6 per cent of the mainland smartphone market, according to a report this year from the International Data Corporation, a market research company.
Nearly 45 million iPhones were shipped to the mainland last year, compared with total smartphone shipments of 467 million, the report said.
The illegal sale of personal information has become a growing problem in the mainland.
A report by the Internet Society of China last year said 54 per cent of web users said they had experienced serious leaks of their personal data. Some 84 per cent said they had been negatively affected by such data leaks.
Who are the victims and who are the sellers and buyers of personal data?
“Just several days after I found myself pregnant and had a checkup at hospital, I received calls advertising baby products,” said Wang Yue, a mother of a six-month baby in Shanghai.
Whether a celebrity or an ordinary individual, nearly anyone can become a victim.
Information about sports and pop stars, including their ID numbers, mobile numbers, WeChat accounts and flight information is available for sale online for different prices depending on their popularity.
According to a report by lawyer Cheng Xiaowen, from the Win Law Firm in Beijing that analysed 67 court cases related to personal data theft between 2010 and 2016, delivery services, online shops, real estate management companies and education organisations were the sources of leaks.
The main buyers of the data included sellers of health care products, insurance and financial along with property agents and professional traders.
What are some previous major cases?
The business has even spread to police officers. A policeman was arrested and several of his superiors received warnings or were given a demerit late last year after he sold over 2,000 items of citizen identity information from the public security system’s intranet for a total of 15,000 yuan, according to another report by the China Central Television.
In one of the country’s biggest such cases, Zhejiang police busted a nationwide gang of 20 people who illegally obtained over 700 million items of personal data of web users in April, the state television reported.
The mainland introduced a controversial cybersecurity law on June 1 which is claimed to protect the country’s networks and private user information.
Under the law, internet operators should obtain approval from their customers or other users before collecting their personal data, disclose why it is needed and how it will be used, and states rules governing its collection.
