Privacy in Chinese iOS apps and impact of the personal information protection law

IF 3.3 3区社会学 Q1 LAW Computer Law & Security Review Pub Date : 2024-08-30 DOI:10.1016/j.clsr.2024.106041

Konrad Kollnig , Lu Zhang , Jun Zhao , Nigel Shadbolt

{"title":"Privacy in Chinese iOS apps and impact of the personal information protection law","authors":"Konrad Kollnig , Lu Zhang , Jun Zhao , Nigel Shadbolt","doi":"10.1016/j.clsr.2024.106041","DOIUrl":null,"url":null,"abstract":"<div><p>Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, the Chinese legislator introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps’ privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021.</p><p>Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. Market concentration in app data collection has seen limited change. At the same time, there exists a larger number of influential and equal market participants than in the West. Among them, Apple was the only relevant foreign company.</p><p>We see our findings characteristic of a <em>first iteration</em> at Chinese data regulation with room for improvement. With the help of enhanced technological capabilities, we expect increased enforcement of the new data rules. There is also room to refine the new laws and make them more targeted at mobile apps and the online sphere, particularly through clear and up-to-date technical specifications for software developers. As such, our findings could also be motivation for non-Chinese policy- and lawmakers to enhance their own data protection regimes.</p></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"55 ","pages":"Article 106041"},"PeriodicalIF":3.3000,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0267364924001079/pdfft?md5=f35185751c76a76e671e0f0e5d8cac53&pid=1-s2.0-S0267364924001079-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364924001079","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 0

Abstract

Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, the Chinese legislator introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps’ privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021.

Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. Market concentration in app data collection has seen limited change. At the same time, there exists a larger number of influential and equal market participants than in the West. Among them, Apple was the only relevant foreign company.

We see our findings characteristic of a first iteration at Chinese data regulation with room for improvement. With the help of enhanced technological capabilities, we expect increased enforcement of the new data rules. There is also room to refine the new laws and make them more targeted at mobile apps and the online sphere, particularly through clear and up-to-date technical specifications for software developers. As such, our findings could also be motivation for non-Chinese policy- and lawmakers to enhance their own data protection regimes.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

中国 iOS 应用程序中的隐私问题及个人信息保护法的影响

由于许多应用程序会收集和共享大量高度敏感的信息，因此应用程序中的隐私问题是一个广受关注的话题。为此，中国立法机构近年来出台了一系列新的数据保护法律，特别是 2021 年颁布的《个人信息保护法》（PIPL）。迄今为止，有关这些新法律对应用程序隐私保护实践的影响的研究十分有限。为了填补这一空白，本文分析了 634 款中国 iOS 应用程序的数据收集情况，其中一款是 2020 年初的版本，另一款是 2021 年末的版本。然而，那些拒绝同意的最终用户往往会被迫退出应用程序。现在未经同意收集数据的应用程序越来越少，但仍有许多应用程序集成了跟踪库。应用程序数据收集的市场集中度变化有限。与此同时，与西方国家相比，有影响力的平等市场参与者数量更多。我们认为，我们的研究结果是中国数据监管的第一次迭代，还有改进的余地。随着技术能力的增强，我们预计新数据规则的执行力度会加大。此外，新法律还有改进的余地，尤其是通过为软件开发商提供清晰、最新的技术规范，使其更有针对性地适用于移动应用程序和网络领域。因此，我们的研究结果也可激励非中国的政策和立法者加强本国的数据保护制度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computer Law & Security Review LAW-

CiteScore

5.60

自引率

10.30%

发文量

审稿时长

67 days

期刊介绍： CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.