China’s vast ecosystem of online activity generates a huge amount of data about its citizens. Plans for the creation of a so-called social credit system (see WiC352) are accelerating the pooling of the information. But a recent art exhibition in Wuhan illustrated starkly how much of this data isn’t being stored safely or securely.
Deng Yufeng, a 32 year-old artist who says his works are inspired by social issues, spent six months buying the personal information of almost 350,000 Wuhan residents through illicit vendors of online data.
He paid about Rmb5,000 ($795.45) for online shopping records, travel information, bank details, car registrations, home addresses and dates of birth.
Once he had acquired his haul he redacted the most sensitive information and hung it on the walls of the Wuhan Art Gallery.
Titling his exhibition “Secret”, he then invited the 350,000 people whose data he had collected to come and see his work.
Referencing the recent scandal over Facebook’s treatment of customer information in the United States, Deng warned that “it is not as simple as just a leak of personal information. Behind the data is analysis… People whose data is leaked will be manipulated without even being conscious of it.”
As Deng had foreseen, he was quickly detained and his exhibition was shut down. Police say they are now looking into whether he should be charged with the illegal purchase of personal information.
The Legal Daily said that artists should be careful not to cross “the red line of the law” but concluded that the exhibition proves that “the existing data protection laws alone are not enough”.
China National Radio then quoted an expert from the China University of Political Science and Law as proposing that Deng should be let off without charge because his project was in the public interest.
“What is more important is to consider how this information was leaked,” he said.
Last year a report in the Nanfang Daily showed how reporters were able to procure huge amounts of information about a colleague (including a full list of the hotels he had checked into, his border crossings, apartment rentals and real estate holdings) for just Rmb700.
All they needed to do was supply the man’s ID card number.
A recent survey by Renmin University of apps that offer loans also found that more than half of the loan providers were requesting details that they didn’t need, such as access to an applicant’s contacts list or text messages.
In the past loan agencies have used information like this as a means of pressing debtors by threatening to call the borrower’s contacts to shame or even harass them into repayment of the debt.
On May 1 new regulations will come into force limiting the data that organisations can request from users. But these are still guidelines at this stage and not yet enforceable on a mandatory basis.
© ChinTell Ltd. All rights reserved.
Sponsored by HSBC.
The Week in China website and the weekly magazine publications are owned and maintained by ChinTell Limited, Hong Kong. Neither HSBC nor any member of the HSBC group of companies ("HSBC") endorses the contents and/or is involved in selecting, creating or editing the contents of the Week in China website or the Week in China magazine. The views expressed in these publications are solely the views of ChinTell Limited and do not necessarily reflect the views or investment ideas of HSBC. No responsibility will therefore be assumed by HSBC for the contents of these publications or for the errors or omissions therein.