China fines academic research database owner CNKI US$6.9 million for illegal data handling a year after initiating probe

CNKI was found to have collected user data without consent, including non-essential personal data, adding to a US$12.6 million antitrust fine last year
The research platform operator is one of multiple companies to be subject to a cybersecurity review from the Cyberspace Administration of China since 2021

Cybersecurity

Iris Dengin Shenzhen

Published: 9:16pm, 6 Sep 2023

Why you can trust SCMP

China’s internet watchdog slapped a 50 million yuan (US$6.9 million) fine on the country’s largest academic research database China National Knowledge Infrastructure (CNKI) for illegal data handling practices, which comes a year after it was put under a cybersecurity review.

The Cyberspace Administration of China (CAC) said it initiated an investigation of CNKI’s handling of data based on the cybersecurity review. It found that 14 mobile applications run by CNKI illegally collected user data, among other violations, according to a statement by the agency on Wednesday.

These apps were found to have collected data without user consent and gathered personal data that was not essential, the CAC said. They also failed to clearly disclose how the data would be used and did not allow users to delete their accounts, it added.

CNKI said it “sincerely accepts and will resolutely obey” the CAC’s decision.

“Since the cybersecurity review by CAC on June 23, 2022, CNKI has fully cooperated and emphasised security in our development,” the privately owned company said in a statement. “We have carried out comprehensive rectifications and enhanced our network security, data security and personal information protection.”

Last June, the CAC initiated an investigation based on CNKI’s collection of a large amount of personal information and important data covering areas that include national defence, telecommunications and finance, as well as “sensitive information” related to major national projects, significant technological achievements and the development of core technologies.

The CAC said its decision was based on “the nature, consequences and time period” of CNKI’s illegal data handling behaviours, “especially the situation in the cybersecurity review”, without elaborating. The latest statement did not mention information about national projects.

Founded in 1999 by China’s elite Tsinghua University and its subsidiaries, CNKI’s archives now cover more than 90 per cent of the academic journals published in mainland China, and about 40 per cent of the material available through subscriptions are exclusive to the platform, according to its website.

07:30

Why China is tightening control over cybersecurity

It was the CAC’s first such review since the national Measures for Cybersecurity Review regulation took effect in February 2022, requiring Chinese internet companies seeking to go public outside the mainland to go through such a review.

Since 2021, the CAC has initiated cybersecurity reviews of Didi Global – days after the ride-hailing giant angered Beijing with its initial public offering in New York – as well as Chinese truck hailing app operators Yunmanman and Huochebang, and online recruiting platform Boss Zhipin. However, CNKI parent Tsinghua Tongfang has no publicly known plans to list overseas.

The CAC’s 50 million yuan fine also added to the 87.6 million yuan penalty from China’s antitrust watchdog last year over CNKI’s monopolistic behaviour.

The State Administration for Market Regulation announced the fine in December after a seven-month investigation that found the company abused its dominant market position. The regulator said the CNKI platform, where the majority of Chinese scholars and students access academic papers, imposed unreasonable price hikes for subscriptions.

Post