The business case for understanding Chinese privacy law is clear. With China’s growing economic power and large consumer base, any international company seeking to profit from consumers in the region should expend resources on understanding how best to succeed in the Chinese market. This means that privacy officers must pay close attention to how privacy law is developing in China, both to keep up with current developments and to stay ahead of the curve by proactively implementing strategic policies. This three-part series will provide a basic privacy practitioner’s guide to privacy law in China.

In our first post, we summarized the basic status of privacy laws and regulations in China. Then, we delved into the cultural and historical factors that influence the development and application of Chinese privacy law. Now, we’ll offer practical lessons and hypothetical case studies for how to proactively help your company or organization succeed in China.

Practical lessons

It is difficult to predict with any certainty how privacy law in China will develop. As we saw in our first post, Chinese privacy laws are still in their early stages. There is no comprehensive national privacy law, and what laws do exist are generally similar to international norms (notice, choice, security, and so on). In the second post, we looked at some unique historical and cultural factors that provide some clues to how privacy law will develop and be applied in China.

Here are a few practical lessons to help you proactively protect your company and your clients from legal privacy risks in China.

Designing the best China-centric privacy policies

  • Focus on community values: Given the Chinese emphasis on community values, it is advisable to design your privacy policies and practices in context of an understanding of Chinese community values. For example, in framing a discussion of your policies, include a discussion of the values of your particular online community and explain how your privacy practices protect those values. 
  • Look to ethics, not just law: Look to ethics first, not just the law. China does not yet have strong privacy laws, so the best basis for any privacy-related policy is probably ethics. Chinese consumers may also be particularly swayed by ethical arguments for privacy practices, given historical focus on ethical bases for laws. To put this in practice, include an ethical basis when justifying your privacy policies, in addition to providing the legal basis for your policies. 
  • Use culture for context: Different cultural values of privacy affect what your users want from corporations. In the U.S., users may view privacy almost as a property right (protecting private information a user owns). In China, users may instead view privacy as a shield, protecting private lives from community exposure or shame from losing face. Recognize this distinction in your policies by emphasizing how your company will protect the confidences of your users and prevent information exposure.

Understanding Chinese consumer expectations

  • Chinese consumers may have fewer privacy expectations: Chinese consumers may place less value on privacy when compared to other competing values or obligations. This may be reflected in what your user community and consumers value. For example, your users may care more or be affected more by corporate transparency efforts than privacy protection efforts. Thus, you may receive a better return on investment for putting resources into creating and publishing transparency reports.
  • Chinese consumer do care about privacy: At the same time, privacy practitioners should not assume that Chinese consumers do not care at all about privacy. Cultural expectations of privacy may be different, but privacy is still valued in China, especially privacy concerning confidentiality of personal information. Keep in mind the notions of “shame” and “saving face.” It is important to remember that, while Chinese consumers may have a different conception of privacy rights, this is no excuse for not protecting the privacy of your consumers or failing to follow the law.
  • Chinese consumers may be more open to data collection/use: Chinese consumers may be more pragmatic about companies using or buying their private information. If you can make a strong case for why your users should give their data (e.g., in exchange for tailored features), it is likely that Chinese consumers will be more swayed by these arguments than European consumers, for many of whom privacy is an almost inalienable right. Privacy is not a fundamental Chinese value, so Chinese consumers may be less tied to strict privacy rights, when compared to Western consumers.

Understanding the cultural and historical factors behind China's privacy laws today provides a path forward in creating policies and programs that will best engage Chinese consumers and likely minimize future legal compliance risks. These practical privacy lessons can be used when conducting due diligence on new Chinese business interests, creating new policies for overseas corporate expansion, or interacting with Chinese user communities.

For further discussion on Chinese privacy law, and Asian privacy law in general, check out this treatise, Asian Data Privacy Laws: Trade and Human Rights Perspectives, by University of New South Wales Law Professor Graham Greenleaf.

photo credit:
via