China fines academic research database owner CNKI US$6.9 million for illegal data handling a year after initiating probe

CNKI was found to have collected user data without consent, including non-essential personal data, adding to a US$12.6 million antitrust fine last year

The research platform operator is one of multiple companies to be subject to a cybersecurity review from the Cyberspace Administration of China since 2021

Reading Time:2 minutes

The website of China National Knowledge Infrastructure seen on a computer on May 27, 2018. The research database operator has been fined a second time by Chinese regulators in less than a year. Photo: Shutterstock

Published: 9:16pm, 6 Sep 2023

China’s internet watchdog slapped a 50 million yuan (US$6.9 million) fine on the country’s largest academic research database China National Knowledge Infrastructure (CNKI) for illegal data handling practices, which comes a year after it was put under a cybersecurity review.

The Cyberspace Administration of China (CAC) said it initiated an investigation of CNKI’s handling of data based on the cybersecurity review. It found that 14 mobile applications run by CNKI illegally collected user data, among other violations, according to a statement by the agency on Wednesday.

These apps were found to have collected data without user consent and gathered personal data that was not essential, the CAC said. They also failed to clearly disclose how the data would be used and did not allow users to delete their accounts, it added.

CNKI said it “sincerely accepts and will resolutely obey” the CAC’s decision.

“Since the cybersecurity review by CAC on June 23, 2022, CNKI has fully cooperated and emphasised security in our development,” the privately owned company said in a statement. “We have carried out comprehensive rectifications and enhanced our network security, data security and personal information protection.”

Last June, the CAC initiated an investigation based on CNKI’s collection of a large amount of personal information and important data covering areas that include national defence, telecommunications and finance, as well as “sensitive information” related to major national projects, significant technological achievements and the development of core technologies.

The CAC said its decision was based on “the nature, consequences and time period” of CNKI’s illegal data handling behaviours, “especially the situation in the cybersecurity review”, without elaborating. The latest statement did not mention information about national projects.