Metaphor has it that data is now considered to be the “new oil” – so to say, one could say that it has slowly and steadily metamorphosized as the elan vitale of the platform industry segment of the economy. This segment is tremendously volatile and carries such an exceptionally indispensable importance that any endeavor to modulate the modus operandi of data-collection, -usage, or -processing carries the potential of permeating prejudice against all stakeholders in the digital latitude.
The People’s Republic of China aspired at massive, giant strides by legislating in 2021 an assortment of two laws which gave it the overnight infamy of being likened to an Orwellian State – The Data Security Law (“DSL”), and the Personal Information Protection Law (“PIPL”), and the auxiliary guidelines for an efficacious implementation thereof. And at the risk of harping as the harbinger of an unwelcome opinion – I genuinely do consider that the Chinese National People’s Congress’s resolution to pass the DSL and the PIPL was dogged and decisive.
In its regulation of data-algorithms, the DSL-PIPL regime went one up the poster-boy for data and personal privacy, the European GDPR, by introducing broad and expansive measures in terms of operative data-localisation norms, practical data-minimization principles, and flexible auditing mandates.
However, in its zestful and aggressive regulation of the domestic tech-space, perhaps all that the Dragon has managed to do is to chase its own tail! In its bid to emulate the EU-GDPR mechanism of protecting user-privacy by way of the notice- and consent-approach, the DSL-PIPL regime has placed itself in a conundrum – a paradoxical position, of being too large and too little at the same time.
On one hand, users/data subjects are in general either uninformed of their rights with regards to the collection and processing of their data, or plain and simple, they aren’t concerned of what comes out of their data which is collected by platforms – and hence, when they are asked if they would like to “opt-out”, they don’t care and unknowingly “opt-in”.
In such a situation, platforms are at a high-and-mighty pedestal wherein they have access to the user’s/data-subject’s preferences without actually having gained their respective consent to such access, courtesy of the extensive usage of big-data analytics. On the other hand, when users/data subjects are asked if they would like to allow the collection and processing of their data by such platforms, they squarely opt-out – thereby, directly undermining the fundamental business-model tenets of the platform industry.
This inconsistency, which has been observed in a more aware, erudite, consumer behaviour is bound to have adverse effects on such platforms, the business model of which is modeled on data collection and usage (the likes of Meta or Amazon instantly come to mind), or such smaller operators which are reliant extensively on the ‘big fishes’ to target the concerned consumer-base.
Consequently, to equalize the losses incurred by such platforms, either a price-tag is attached with hitherto free apps or otherwise cheaper products or services turn costly. The casualty in this entire circus is, well, the consumer.
If one were to view the Chinese legal system carefully, it is crystal clear that the anti-trust and competition regime scrutinizes the economic effect on consumers with due care and diligence – however, even with the advent of a novel data protection regime, there isn’t a similar footing of the level of prudence being accorded to data regulation.
The direct ramifications of this mismatch are that the advantages of data regulations, and their unforeseen repercussions on the target-audience (the consumers), are understood myopically.
On the administrative end, there seems to be an ambiguous regulatory framework in the Chinese market with a handful of regulators with unclear discretional powers, and no clear-cut mandate or scope of authority. To add on to the series of unfortunate events, in an exaggerated figure of speech, so to say, regulators are slowly becoming managers themselves – there stands a bubble of confusion and opacity in the Chinese setup as platforms are unaware of whether their services or products are in violation of the consumer protection laws, and hence, they have to keep seeking compliance from regulators.
It is entirely the prerogative of such regulators to allow or disallow the said service or product to be open for public consumption, and such decisions can be based on unspecified parameters as the law stays silent on this aspect. A notable instance on this angle is that of Didi Chuxing, which faced an out-of-the-blue inspection of its NYSE listing by the Cyberspace Administration of China (“CAC”).
Since then, cross-border transfers in and out of China have been rigidified by way of several supplementary and implementing regulations and consultation papers (with the latest being the Consultation Paper for the Measures for Security Assessment of Cross-border Data Transfer by the CAC on October 29, 2021) with sweeping penalties against parties which transgress the law (personal liabilities against individuals, plus penalties up to 5% of turnover of the previous year of the non-compliant platform).
The Chinese soft-tech platform industry is not the only victim of these policy measures – it’s also the core-AI tech that stands held back. As data collection and usage is slowly getting hindered with the advent of the DSL-PIPL regime, in the impulse of impeding the influence of tech-behemoths and prominent platforms, the only thing that China has ensured is the promotion of a high-and-mighty Orwellian State with unprecedented regulatory might that is blessed with absolute monopolizing authority over law enforcement.
Clearly, China has enjoyed at its disposal a reservoir of personal data, not just of its citizens but also of the natives of other nationalities – but it appears to be that with the rise of cumbersome and stringent compliance to regulations, China might just be losing its innovation-edge in the tech-age. The collective comedy of errors that the Chinese market is witnessing is paving the way for damage that surely would not be cosmetic.
— Sarthak Dash Bhattamishra, DSCI Certified privacy professional, Kirit P. Mehta School of Law, NMIMS Mumbai.