Here at the International Data Protection and Privacy Commissioner’s conference in Hong Kong, the theme is “WE” — “West Meets East.” It has been 19 years since the conference was last in Hong Kong, and it has not been in the APAC region since.
Indeed, in the opening plenary session, the conference’s hosts were keen to introduce the East — Asia-Pacific countries — to those in the audience who may be more familiar with Western concepts of privacy and the data protection regimes in Western countries. Delegates were introduced not only to a demonstration of Chinese drumming but also a series of presentations from Asian data protection authorities outlining their regimes and cultural attitudes toward privacy.
Perhaps most interesting were comments made by Chinese officials. China is not among the 114 accredited members of the ICDPPC (actually 119, with the addition this week of Belgium’s Supervisory Body for Police Information Management, plus the DPAs from Japan, Montenegro, South Africa and Turkey), and did not have a data protection authority on hand to speak.
However, delegates did hear from Li-Ming Wang, executive vice president and vice chairman of the University Council, Renmin University of China, who is a close adviser to the Chinese government on data protection matters. He spoke in a prominent spot, just after Hong Kong Commissioner Stephen Wong provided his introductory remarks. Further, Xiaodong Zuo, VP at the China Information Security Research Institute, also joined a panel on regulation with Wong, CNIL head Isabelle Falque-Pierrotin and Acting FTC Head Maureen Ohlhausen.
In Confucius theory, people emphasized their interpersonal relationships … and we often covered up the secrets of relatives and friends not to protect privacy but to protect the family reputation.
Wang, for his part, gave a lengthy address outlining the many stages of China’s privacy evolution.
China, he noted, has only recently evolved out of its roots as an agricultural society. “Based on relationships,” he said through an interpreter, “we lacked the concept of privacy. In Confucius theory, people emphasized their interpersonal relationships … and we often covered up the secrets of relatives and friends not to protect privacy but to protect the family reputation.”
Even into the 1980s, he noted, “Privacy was deemed as a negative word. It was a secret. A skeleton in the closet.” In fact, Wang recalled, in one of the earliest privacy cases, a woman lost a battle with a newspaper because the newspaper successfully argued “the defendant got a better reputation and better social influence. … Because of that, we started to rethink that maybe it’s not proper to think of protecting privacy solely as protecting people’s reputation.”
Indeed, with China’s embrace of the digital economy has come an understanding of privacy’s importance.
In 2009, China instituted a law that protected privacy and the infringement of individual rights and privacy, the first time the right to privacy was clearly described in China’s civil code. More than 20,000 cases have moved through the courts already, with various types of compensation for victims.
However, Wang said, China still doesn’t have a “clear description of the scope of the right to privacy, and, therefore … we have a civil code that is being revamped at the moment, adding for the first time a direct and categorical statement saying the right to privacy is an important right for our citizens … It’s a huge improvement in our civil code … I believe that after the adoption of this addition we will move into a new stage in the right to privacy.”
He emphasized, though, that “privacy is not part of our traditional culture. It’s imported from the West into our system.” Which means there are many differences between the Chinese concept of privacy and, say, Europe’s.
“We recognize privacy as a civil right, as a right relating to the civil code,” Wang said, “instead of a constitutional right. Courts cannot use the constitutional regulations as a recourse to settle disputes relating to privacy.”
But the differences between China and the West are more than just legal. China’s concepts of privacy remain for “the purpose of promoting social harmony, and, therefore, this is very different from the western system, which is based on human rights and freedoms."
Thus, the Chinese definition of privacy is much narrower than that in the United States or Europe. “It is on par,” he said, “with the rights to one’s image.”
That may be changing, however. Big data in China “penetrates everything,” Wang said. “Everyone is becoming naked.”
Tech companies “have accumulated too much of our personal data,” Wang argued. “It is very worrying that there may be cases where this data is going to be misused.” It is his opinion that the civil code needs yet again to be updated. Yes, data is an asset, and must be used to drive innovation, but “privacy data, personal data, must be collected and used under strict legal provisions. … We must differentiate between core privacy and general personal information. I personally believe it must be subject to consent by the data subjects and for sensitive information I personally believe it must be subject to consent by data subjects.”
We must differentiate between core privacy and general personal information. I personally believe it must be subject to consent by the data subjects and for sensitive information I personally believe it must be subject to consent by data subjects.
“Indeed,” he continued, “many giant companies in China have the control of huge amounts of personal information and pursuant to civil law they must be obligated to protect such information. Once this information is leaked, the consequences will be disastrous.”
This is not a universal belief, however. Many tech developers see personal data as information with which they can do whatever they please, “but once data contains personal information, then the right doesn’t belong to you, it belongs to the one who owns the personal information.” Civil law must make that clear, Wang said.
However, said Zuo, at the China Information Security Research Institute, while “the individual rights historically have been suppressed and the protection of individual privacy has not been done well, now as a result of economic development” China is addressing this. “Last year,” Zuo said, “we passed the Cyber Security Law, providing specific protection of individual information.”
It’s a balancing act, though. “I think one important stakeholder is the internet companies in China,” Zuo said. “They have profound and endless power to innovate in many countries and regions. There are ways of protecting personal data that might not be fully applicable in China. We have new cases, new scenarios, but we don’t have all the answers yet. That’s why in this hall we have many representatives from Chinese companies. They’re watching closely how the international organizations have developed data protection, and we have to listen to these companies as well.”
If you want to comment on this post, you need to login.