Privacy at risk? Understanding the perceived privacy protection of health  code apps in China

Huang, Gejun; Hu, An; Chen, Wenhong

doi:10.1177/20539517221135132

Cited by 9 publications

(2 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Shepard also explores the potential for different types of data manipulation (p.179). This is especially interesting as a visible relationship exists between users' trust in the government and their perception of privacy protection (Huang et al, 2022). Throughout the chapter, Shepard highlights the diverse approaches taken by governments and institutions worldwide in dealing with the pandemic.…”

Section: Contextsmentioning

confidence: 99%

Mark Shepard, There are No Facts. Attentive Algorithms, Extractive Data Practices, and the Quantification of Everyday Life

Szpotakowski

2023

PROM

View full text Add to dashboard Cite

Section: Contextsmentioning

confidence: 99%

Mark Shepard, There are No Facts. Attentive Algorithms, Extractive Data Practices, and the Quantification of Everyday Life

Szpotakowski

2023

PROM

View full text Add to dashboard Cite

“…Meanwhile, health code apps will serve as strategic health and medical service platforms. This strategy will turn individual health data, such as medical records and biometrics, into critical assets to reinforce government administration and social management [ 30 ]. Such an extension has raised concerns regarding the normalization of health code apps in the postpandemic society and the routinization of expanded government power [ 31 , 32 ].…”

Section: Introductionmentioning

confidence: 99%

Personal Information Protection and Privacy Policy Compliance of Health Code Apps in China: Scale Development and Content Analysis

Jiang,

Zheng

2023

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

Background Digital technologies, especially contact tracing apps, have been crucial in monitoring and tracing the transmission of COVID-19 worldwide. China developed health code apps as an emergency response to the pandemic with plans to use them for broader public health services. However, potential problems within privacy policies may compromise personal information (PI) protection. Objective We aimed to evaluate the compliance of the privacy policies of 30 health code apps in the mainland of China with the Personal Information Protection Law (PIPL) and related specifications. Methods We reviewed and assessed the privacy policies of 30 health code apps between August 26 and September 6, 2023. We used a 3-level indicator scale based on the information life cycle as provided in the PIPL and related specifications. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 71 level-3 indicators. Results The mean compliance score of the 30 health code apps was 59.9% (SD 22.6%). A total of 13 (43.3%) apps scored below this average, and 6 apps scored below 40%. Level-1 indicator scores included the following: general attributes (mean 85.6%, SD 23.3%); PI collection and use (mean 66.2%, SD 22.7%); PI storage and protection (mean 63.3%, SD 30.8%); PI sharing, transfer, disclosure, and transmission (mean 57.2%, SD 27.3%); PI deletion (mean 52.2%, SD 29.4%); individual rights (mean 59.3%, SD 25.7%); and PI processor duties (mean 43.7%, SD 23.8%). Sensitive PI protection compliance (mean 51.4%, SD 26.0%) lagged behind general PI protection (mean 83.3%, SD 24.3%), with only 1 app requiring separate consent for sensitive PI processing. Additionally, 46.7% (n=14) of the apps needed separate consent for subcontracting activities, while fewer disclosed PI recipient information (n=13, 43.3%), safety precautions (n=11, 36.7%), and rules of PI transfer during specific events (n=10, 33.3%). Most privacy policies specified the PI retention period (n=23, 76.7%) and postperiod deletion or anonymization (n=22, 73.3%), but only 6.7% (n=2) were committed to prompt third-party PI deletion. Most apps delineated various individual rights: the right to inquire (n=25, 83.3%), correct (n=24, 80%), and delete PI (n=24, 80%); cancel their account (n=21, 70%); withdraw consent (n=20, 60%); and request privacy policy explanations (n=24, 80%). Only a fraction addressed the rights to obtain copies (n=4, 13.3%) or refuse advertisement of automated decision-making (n=1, 3.3%). The mean compliance rate of PI processor duties was only 43.7% (SD 23.8%), with significant deficiencies in impact assessments (mean 5.0%, SD 19.8%), PI protection officer appointment (mean 6.7%, SD 24.9%), regular compliance audits (mean 6.7%, SD 24.9%), and complaint management (mean 37.8%, SD 39.2%). Conclusions Our analysis revealed both strengths and significant shortcomings in the compliance of privacy policies of health code apps with the PIPL and related specifications considering the information life cycle. As China contemplates the future extended use of health code apps, it should articulate the legitimacy of the apps’ normalization and ensure that users provide informed consent. Meanwhile, China should raise the compliance level of relevant privacy policies and fortify its enforcement mechanisms.

show abstract

In or outside the box? Citizen action between institutional and extra-institutional channels in Chinese environmental governance

Guo,

Bondes,

Kostka

et al. 2024

Journal of Environmental Policy & Planning

View full text Add to dashboard Cite

Privacy at risk? Understanding the perceived privacy protection of health code apps in China

Cited by 9 publications

References 50 publications

Mark Shepard, There are No Facts. Attentive Algorithms, Extractive Data Practices, and the Quantification of Everyday Life

Mark Shepard, There are No Facts. Attentive Algorithms, Extractive Data Practices, and the Quantification of Everyday Life

Personal Information Protection and Privacy Policy Compliance of Health Code Apps in China: Scale Development and Content Analysis

In or outside the box? Citizen action between institutional and extra-institutional channels in Chinese environmental governance

Contact Info

Product

Resources

About