Chinese law enforcement have arrested more than a thousand people over the past year as part of a nationwide crackdown of personal data trafficking and identity fraud, according to the country’s Ministry of Public Security.
Officials have arrested 1,213 people from 468 separate gangs, the Ministry said in a statement yesterday, seizing over 700 million pieces of data as well as computers, hard discs and tracking devises used by the criminals to traffic data over the internet.
In April this year, police in the cities of Beijing and Hebei uncovered evidence of an information trafficking gang that operates in as many as 20 provinces across China.
Earlier this month, public prosecutors in Shanghai said they had seen a sharp rise in personal data theft in the region. They claimed that as many as half the cases related to workers selling data of their employer’s customers for personal profit.
“Most of the suspects are under 30 years of age and have a good educational background, at least a college degree, with some holding PhDs,”China Daily reported at the time.
China is in the process of tightening up its law governing the use of personal data.
In February this year, the country introduced in its first national policy on data protection, outlining non-binding guidelines for the collection, management, security protection and storing of personal information by organisations.
In June, the “Telecommunications and Internet Personal User Data Regulations” were passed, set to take effect in September, that will apply to the collection and use of personal data by business operating in the country.
The rules are broadly similar to those in the EU, prohibiting the collection of personal data unless it fulfills a “specific and clear purpose,” and enforcing the deleting of information once it has been used for the purposes for which it was collected.
But criticism has been leveled at the Chinese government for inconsistencies between the guidelines and the new laws.
Shanghai-based law expert Kening Li of international law firm Pinsent Masons told the firm’s out-law.com website that not only does the definition of “personal data” differ in both sets of guidelines, but overlapping, contradictory laws may create “a great deal of confusion” for businesses in complying to the new rules.
“It is to be welcomed that China is making strides to give Chinese citizens protection to their personal data, backed with the force of law,” he said. “It is somewhat frustrating that these laws are being issued in a fragmentary fashion.”
“As always with China regulation, it remains to be seen how these laws will be enforced – such as which companies will face enforcement action and the alacrity with which regulators will act, and whether or not with meaningful penalties against transgressors.”