FB pixel

China creates privacy codes with biometric data protections, but is it just for show?

China creates privacy codes with biometric data protections, but is it just for show?

China’s first civil code — ever — is scheduled to go live January 1. It will pay particular attention to the digital privacy rights of citizens and the responsibilities of organizations using the data, including biometrics.

China’s new civil code governs civilian life and business, including property rights, contracts and family matters. In an analysis of the development, Samuel Yang, a partner with the Anjie Law Firm in Beijing, writes that Chinese national governments going back to the mid-1600s have tried and failed to fashion a civil code.

It is too early to tell what the overall impact of the civil code will be, writes Yang. In terms of digital rights, it appears that the government consolidated three miniature codes covering network information protection, cybersecurity and the protection of consumer rights and interests.

Those freestanding areas in China’s online law were deliberately drafted in many cases to be vague, inviting much interpretation. And so does the new civil code, according to Yang.

One area that is now better defined centers on consumer privacy breaches. Consumers will now be able to sue in court over data thefts.

The code addresses three areas of privacy and personal information, he writes. First is “personality rights” that include a citizen’s right to privacy. Then there are laws designed to stop “spying, eavesdropping, photographing or filming private body parts or spaces, and sending uninvited messages. The third section is all about processing personal information, and notes biometric data as included, as well as location and biographic information.

Among the new directives states that processing personal data “must be lawful, justified, necessary and not excessive.” This one will be aimed almost entirely at businesses, as the government operates on the assumption that it is always lawful and its actions justified.

Personal data cannot be collected unless an individual gives express consent “or as required by law.” Two exceptions are noted: if someone volunteers disclosure and does not object; and if the collection is in the public’s interest.

People can access their data held by a “processor,” and can correct mistakes.

If data was collected illegally or in a way that breached a contract, a person can have the information deleted.

Directives gradually become advice and urgings from the state to processors.

Why it is happening now is hard to tell. It was the authoritarian government of Xi Jinping that finally forced the issue, but China almost always has been run by authoritarians. And it is certainly true that Xi wants to create at least the appearance of legitimacy through laws.

It could also be that Xi and his fellow Communist party leaders feel that the nation’s economic ascendency has so much momentum that they can cut back on the use of chiseling contracts and off-the-books tools to stimulate technology development and innovation.

Or the national government might be bending to growing discontent about privacy among citizens who have listened to one too many corporate leader tell them to get over it, as has Geely Automobile’s chairman, Li Shufu.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


Police Scotland engages public on biometric data rights amid cloud storage concerns

Police Scotland has commenced the distribution of an information leaflet to all individuals in police custody who have their biometric…


‘Facial recognition is the easy part’: digital travel ID pilot results are in

Air travel has been getting more complicated. From security and passport checks to special documents such as COVID-19 certificates, passengers…


Worldcoin expands to Ecuador, set to resume in Kenya and Portugal

Chalk up a win for Worldcoin in Kenya, where authorities have dropped their investigation into the iris biometrics and digital…


Corsight, Segdboa supply facial recognition to São Paulo military police

Corsight AI has partnered with Segdboa to provide the São Paulo Military Police with advanced facial recognition technology, with the…


Vote begins on biometric injection attack standard

Europe’s standard for biometric data injection attacks is on track to be published in October of this year, and could…


Idex, Zwipe each strike biometric access card deals

Norway-based Idex Biometrics‘ access control system has received an integration order for biometric access cards, while fellow Nordic developer Zwipe…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events