Chinese police bust ring selling children’s private data to online educational centres
- Police in eastern Jiangsu province have arrested employees of a company that sold schoolchildren’s personal data online
- China has toughened its data privacy measures, including the implementation of a law protecting children’s personal information in 2019
The personal data – including the children’s age, gender, city of residence, their parents’ information and phone numbers – were sold by an unnamed local company for as low as 0.06 yuan, equivalent to less than US$0.01, according to a statement last week from Jiangsu’s Xuzhou City police.
The unnamed online education centres use the data they acquire to send spam calls to the children’s parents. The syndicate receives a commission for every successful sign-up. Typically, Chinese K-12 pupils – referring to those in kindergarten to 12th grade – take extracurricular tutoring on top of their studies on campus to perform well in examinations.
Online leaks of personal information remain a common problem in mainland China, where lax controls over the collection, storage and use of individual digital data persist. Authorities have regularly launched crackdowns in response to consumer demand for better protection.
In October 2019, the Cyberspace Administration of China rolled out the Provisions on Cyber Protection of Personal Information of Children. This regulation raised the level of protection required for the collection, storage, use, transfer and disclosure of children’s personal information in the country.
Concerns have risen, however, over leaks of facial recognition data amid the broad use of the technology across China in recent years, including in government and private surveillance systems as well as commercial apps. In January last year, GDI Foundation security researcher Victor Gevers found a middle school database in China full of photos of students’ faces, identification and student numbers, and Global Positioning System locations.
Beijing has stepped up to curb unauthorised personal information collection, imposing penalties on widely used apps that violated data privacy. On Tuesday, the Ministry of Industry and Information Technology said it has examined more than 730,000 apps over the past two years to clamp down on infringement of user rights.
China orders more apps removed in crackdown on personal data violations
The ministry along with three other major government agencies also launched a campaign to investigate how apps collect and use personal data, with a focus on improving industry standards for protecting private information.
Those moves are part of the government’s “Digital China” initiative presented during the country’s biggest annual political gathering known as the “two sessions”, which ended last week. The initiative includes a new piece of legislation aimed at preventing private data leaks and abuses, the Personal Information Protection Law (PIPL), proposing fines of up to 50 million yuan (US$7.7 million), or 5 per cent of a company’s annual revenue, for such offences.
“China’s draft PIPL will definitely help stem personal information leak and breaches,” Wang Xinrui, a lawyer at Beijing-based law firm Anli Partners, said in a previous interview.
