BEIJING — The exhibition was called "Secret," and opened in the Wuhan Art Museum in April. And what was in the show? The personal information of the 346,000 citizens of the central Chinese city of Wuhan that the artist Deng Yufeng had bought on the black market.
Previously treated with a special chemical, certain parts of the printed information are blotted out. Though invisible under a fluorescent lamp, the data appears under ultraviolet light. Extremely detailed in nature, the information displayed is chilling.
"Tan*, female, 28 years old, phone number:*; home address: Wuchang, Heping Avenue, Rongqiao Mansion*, drives a red BMW, license plate number*, engine number* …
01/03/2018, 11:06 AM, bought 3 sets of baby commodities, 1 box of diapers and 3 boxes of milk powder on Taobao;
02/03/2018, 13:23 PM, bought 1 blouse and a pair of high-heels shoes on Taobao;
04/03/2018, 20:00 PM, bought the books - Infants Education and Parent-Children Relations on Taobao.
"Where is the ethical boundary between the data and each citizen?" asked Deng Yufeng at the press conference before the exhibit's opening. A week later, Facebook's Mark Zuckerberg was being questioned by the US Congress for the social network's infamous data leaks.
As of the first half of 2017, the data of 1.9 billion people in the world had been either leaked or stolen.
China has become a major player in data-based global enterprises. Some reason that Chinese companies are emerging rapidly in this digital economy war because of lax privacy protections in China.
"This is sickening!" This was the response of someone contacted by the event's volunteers to come and see the show, as their personal information was partly disclosed at the exhibition.
User data, as we have learned recently, plays a critical role in how many internet companies operate. They actively and freely collect client information whenever the clients use their web applications, and are asked to fill in some data.
"Users have been largely unaware of this process. Yet their data were becoming the web companies' most important assets," said Nadia, Director of the Nandou Personal Data Protection Research Center (NPDPR). Not only can this data be shared, sold and transferred, it may also be leaked during this process. As of the first half of 2017, the data of 1.9 billion people in the world had been either leaked or stolen.
The security threat comes not only from sellers, but also from data collecting platforms. "Nobody wants to become transparent on the web," said one of the exhibition volunteers. "All one's needs, as well as defects, are exposed by these apps. It's horrendous. But users are forced to hand over their information when they register."
Though there exists an Internet Security Law in China specifying that users own the rights of access, choice, removal and correction of their personal data, far few companies abide by the law.
"We may share your personal information and other data with a third party from time to time".
"We may sell or rent out your information to others …"
"Whatever happens, we are not to be held accountable."
These are the common words used in the privacy protection terms of the 1550 web apps that Jiang Lin and her colleagues from NPDPR have found by evaluating them starting last year.
And among the above-quoted terms and conditions, typed in light grey at the bottom of the user agreement for a consumer guide app called ‘Fruit Library", are the rights to pass on its users' contact information and the recorded content of their calls.
"According to our survey, very few firms conform to the Internet Security Law. Less than 10% of those sampled in our survey reached the required level of transparency, while more than 80% of the surveyed companies failed our evaluation," said Jiang Lin.
Privacy policy, nowhere to be found
Take China's several online video hosting and streaming platforms as examples. In order to obtain a verification code when users register, their phone numbers are obtained by these video services.
Upon first logging in to the mobile app of Youku, one of the country's major online video services, it says "We are permitted to read your phone number and telephone content in order to enforce account information security and recommend content better suited to you." After registering, access to the service's user agreement and privacy policy is nowhere to be found.
Again, "If you don't agree with our privacy policy, this software and services won't operate normally ... when you use our software and related services this means you have fully understood the whole content of our privacy policy," reads the privacy terms of Toutiao, one of China's biggest news and information platforms based on data mining and machine learning technology to recommend personalized content for individual users.
Even though the functions such as ‘reading of contact data", ‘direct calls' and ‘recording" appeared on the Android mobile phone of Huawei, the multinational telecommunication equipment company, its users agreement does not inform users explicitly what it would be permitted to read, nor for what use.
As this newspaper found out, whether it's Alipay, the third-party online and mobile payment platform, Didi, the ride-sharing behemoth that acquired Uber China in 2016, Taobao, the e-commerce website, or amap.com, a mapping application, they all mention in their privacy terms that they may share users' information under certain circumstances without their consent. This includes academic research for the purpose of service quality or for authorized third party partners.
"Collection of personal data and processing should be subject to consent. So far no law stipulates that their personal information can be disclosed just because it has to do with academic research, legitimate news reports or credit evaluation without the users' consent," said Deng Xueping, an attorney for the Capital Equity Legal Group's Shanghai office, and a former senior prosecutor,.
As Jack Ma, founder and CEO of Alibaba group, said recently: "The coming 30 years is where the enormous opportunities lay. Data will be the core resource."
Scientific development takes precedence over vague moral concerns.
Zhou Kunxuan, CEO of 23 Mofang, an online gene-testing company, said at a recent product launch: "Our users soared from 30,000 to 160,000 within a year. We have the largest consumer-level genetic detection database in China so far." All this relies on using people's data.
While the boundary of data and its commercial uses expand, so do ethical issues. If the biological characteristics of a person make up an important part of personal data, will an insurance company still cover you if it can predict that you will soon be subject to serious illness?
Li Kaifu, a Taiwanese-American venture capitalist who launched Google China in Beijing, once said, "Generally speaking, in China, scientific development takes precedence over vague moral concerns."
Jiang Lin told the Economic Observer that almost none of the sampled companies comply with the ‘minimum necessity" principle to access clients' sensitive personal data. "A lot of enterprises collect as much data as possible because they believe that even if it may not be useful now, it could be one day."
The artist Deng Xueping says that at the end of the day, the plight of protecting a citizen's personal data relies solely on the moral consciousness of internet giants such as Alibaba and Tencent. "In the information age, we no longer have secrets. Big data can exploit our lifestyles, levels of consumption, favoring of trends, locations, political leanings and personalities," Deng said. "Our lives become the data of others. Our data becomes the choices of others. Our choices become the rights of others."
