"The Transparent Self under Big Data Profiling: Privacy and Chinese Legislation on the Social Credit System"
Yongxi Chen & Anne CheungThe Journal of Comparative Law
published in Feb 2018
Volume 12, Issue 2, pp. 356-378
Introduction: Big data is one of the buzz phrases of the 21st century, concerning not only the digitalisation of data on billions of individuals, but also what those in power are able to do with that data. The defining characteristic of big data is the capacity to search, aggregate and cross-reference large datasets for analysis to identify previously undetectable patterns, as well as the power to profile individuals, calculate risks, and monitor and even predict behaviour. When big data is harvested by governments, the worry is that the totality of individuals' lives will be captured, that citizens will be monitored and that the Orwellian state will become a reality.
In China, such a worry seems far from unfounded given the Chinese Communist Party's (CCP) roll-out of its powerful Social Credit System (SCS). Launched at the national level in 2014, the system's aim is to assess the trustworthiness of Chinese citizens in keeping their promises and complying with legal rules, moral norms, and professional and ethical standards. It is essentially an all-encompassing, penetrative system of personal data processing, manifested by the comprehensive collection and expansive use of personal data with the explicit intention on the Chinese government's part of harnessing the ambition and power of big data technology. The SCS rates both business entities and individuals. According to its blueprint, the records that are collected can be extensively used by the authorities and business entities alike for a variety of purposes broadly related to 'encouraging trustworthiness and punishing untrustworthiness'.
Whilst the use of big data analytics in the context of credit scoring and the rating of individuals is not unique to China, in other jurisdictions it is usually confined to the financial arena and regulated by law. What differentiates China is the scale of the data collected, the scope of its use and, particularly important for the purposes of this article, the apparent lack of a comprehensive legal system to protect personal data. Despite the introduction of the Cyber Security Law in 2016 in relation to online data, the extension of civil law protection to consumer data in 2013, and the criminalisation of the unlawful gathering, receipt and sale of personal data in 2009, personal data as a general subject has yet to be clearly defined and effectively protected under Chinese law. The rights that data subjects are entitled to under a personal data protection regime are rarely mentioned in China and are, at best, provided for under scattered sector-specific laws.
Given the inadequate protection afforded to personal data in China, the country is an ideal social laboratory for big data experimentation, data intelligence and mass surveillance. Individuals risk being reduced to transparent selves before the state in this uneven battle. They are uncertain about what contributes to their social credit scores, how those scores are combined with the state system and how their data is interpreted and used. In short, the big data-driven SCS is confronting Chinese citizens with major challenges to their privacy and personal data.
Although the State Council's Planning Outline for the Construction of the Social Credit System ('SCS Outline' hereafter) sketches out an ambitious blueprint, it is the pilot legislation implemented at the local level since 2014 that has institutionalised the collection and use of social credit-related data. To analyse China's emerging SCS under existing international legal principles concerning personal data protection, this article identifies and compares typical examples of relevant legislation at the local level and discusses their implications for personal data protection. It argues that existing legislation and proposed regulations require substantial revisions to mitigate the impact of the SCS on data privacy and other interests critical to individual citizens.
The article begins by mapping out the background to the construction of China's big data social laboratory and the SCS. The next section examines the system's social management aim and comprehensive sanction system, as well as its nature as a collaborate project between the authorities and the business sector. The section which follows then summarises the legislative history and evolving concept of social credit and analyses the nature of individuals' rights to personal data protection under China's uncoordinated legal framework. The article then reviews local social credit legislation with reference to the three cardinal principles of personal data protection most closely related to data subjects' control over the processing of their data: firstly, the data collection principle,;secondly, the data usage principle, and thirdly, data subjects' right to access and correct their own data. The final section concludes that although local legislation provides nominal rights of access to, and a few restrictions on, the collection and use of data, it has largely failed to secure meaningful control over personal data for individuals. These legislative defects relate to the very purpose of the SCS and to extra-legal restrictions inherited from the pre-reform party-state regime.
In China, such a worry seems far from unfounded given the Chinese Communist Party's (CCP) roll-out of its powerful Social Credit System (SCS). Launched at the national level in 2014, the system's aim is to assess the trustworthiness of Chinese citizens in keeping their promises and complying with legal rules, moral norms, and professional and ethical standards. It is essentially an all-encompassing, penetrative system of personal data processing, manifested by the comprehensive collection and expansive use of personal data with the explicit intention on the Chinese government's part of harnessing the ambition and power of big data technology. The SCS rates both business entities and individuals. According to its blueprint, the records that are collected can be extensively used by the authorities and business entities alike for a variety of purposes broadly related to 'encouraging trustworthiness and punishing untrustworthiness'.
Whilst the use of big data analytics in the context of credit scoring and the rating of individuals is not unique to China, in other jurisdictions it is usually confined to the financial arena and regulated by law. What differentiates China is the scale of the data collected, the scope of its use and, particularly important for the purposes of this article, the apparent lack of a comprehensive legal system to protect personal data. Despite the introduction of the Cyber Security Law in 2016 in relation to online data, the extension of civil law protection to consumer data in 2013, and the criminalisation of the unlawful gathering, receipt and sale of personal data in 2009, personal data as a general subject has yet to be clearly defined and effectively protected under Chinese law. The rights that data subjects are entitled to under a personal data protection regime are rarely mentioned in China and are, at best, provided for under scattered sector-specific laws.
Given the inadequate protection afforded to personal data in China, the country is an ideal social laboratory for big data experimentation, data intelligence and mass surveillance. Individuals risk being reduced to transparent selves before the state in this uneven battle. They are uncertain about what contributes to their social credit scores, how those scores are combined with the state system and how their data is interpreted and used. In short, the big data-driven SCS is confronting Chinese citizens with major challenges to their privacy and personal data.
Although the State Council's Planning Outline for the Construction of the Social Credit System ('SCS Outline' hereafter) sketches out an ambitious blueprint, it is the pilot legislation implemented at the local level since 2014 that has institutionalised the collection and use of social credit-related data. To analyse China's emerging SCS under existing international legal principles concerning personal data protection, this article identifies and compares typical examples of relevant legislation at the local level and discusses their implications for personal data protection. It argues that existing legislation and proposed regulations require substantial revisions to mitigate the impact of the SCS on data privacy and other interests critical to individual citizens.
The article begins by mapping out the background to the construction of China's big data social laboratory and the SCS. The next section examines the system's social management aim and comprehensive sanction system, as well as its nature as a collaborate project between the authorities and the business sector. The section which follows then summarises the legislative history and evolving concept of social credit and analyses the nature of individuals' rights to personal data protection under China's uncoordinated legal framework. The article then reviews local social credit legislation with reference to the three cardinal principles of personal data protection most closely related to data subjects' control over the processing of their data: firstly, the data collection principle,;secondly, the data usage principle, and thirdly, data subjects' right to access and correct their own data. The final section concludes that although local legislation provides nominal rights of access to, and a few restrictions on, the collection and use of data, it has largely failed to secure meaningful control over personal data for individuals. These legislative defects relate to the very purpose of the SCS and to extra-legal restrictions inherited from the pre-reform party-state regime.
No comments:
Post a Comment