Chicago-Kent Journal of Intellectual Property Volume 20 Issue 2 Article 1 8-26-2021 Protecting Data Privacy for Mobile Payments Under the Chinese Law: Comparative Perspectives and Reform Suggestions Robin Hui Huang Qiang Han Xiuwen Zhu Follow this and additional works at: https://scholarship.kentlaw.iit.edu/ckjip Part of the Intellectual Property Law Commons Recommended Citation Robin H. Huang, Qiang Han & Xiuwen Zhu, Protecting Data Privacy for Mobile Payments Under the Chinese Law: Comparative Perspectives and Reform Suggestions, 20 Chi.-Kent J. Intell. Prop. 226 (). Available at: https://scholarship.kentlaw.iit.edu/ckjip/vol20/iss2/1 This Article is brought to you for free and open access by Scholarly Commons @ IIT Chicago-Kent College of Law. It has been accepted for inclusion in Chicago-Kent Journal of Intellectual Property by an authorized editor of Scholarly Commons @ IIT Chicago-Kent College of Law. For more information, please contact [email protected], [email protected]. Protecting Data Privacy for Mobile Payments under the Chinese Law: Comparative Perspectives and Reform Suggestions BY ROBIN HUI HUANG∗, QIANG HAN†, & XIUWEN ZHU‡ ABSTRACT China has become one of the largest mobile payment markets in the world. While mobile payments bring great benefits such as convenience, flexibility, and efficiency, they are not without risks. This article focuses on one of the major risks, namely the data privacy risk, which is in large part caused and exacerbated by the involvement of multiple players and the extensive collection of personal information. There were some difficulties in protecting data privacy under the traditional legal framework, which was developed in a piecemeal manner with relevant provisions scattered around many different laws. In response, China has been trying to consolidate and modernise its regulatory regime for data privacy to suit the needs of the new digital era. Over the past few years, China has made great efforts to enact new laws and regulations to delineate the scope of personal information, ∗ Professor, Faculty of Law, Chinese University of Hong Kong; Adjunct Professor, University of New South Wales, Sydney, Australia; Li Kashing Visiting Professor, McGill law School, Montreal, Canada; Honorary Professor, East China University of Political Science and Law, Shanghai, China. This research project (Project Number: 14613219) is funded by the Hong Kong Research Grants Council’s General Research Fund project, “The Regulation of Fintech in China.” Thanks to Zhirong Gu and Warwick Wang Lik Chan for their excsellent research assistance. † Professor, East China University of Political Science and Law. ‡ Faculty of Law, Chinese University of Hong Kong. 226 2021 PROTECTING DATA PRIVACY FOR MOBILE PAYMENTS UNDER THE CHINESE LAW 227 introduce the obligations for data controllers and processors, and incorporate the principles of the Fair Information Practices. However, there are some remaining concerns, including the ineffective requirements of consent and disclosure, the ambiguous principle of purpose limitation, and the limited applicability of the principle of data minimisation. In a quest for a more effective solution to meet the regulatory challenge and strike a proper balance between privacy protection and technological innovation, a comparative analysis is conducted with several other major jurisdictions in this area, including the United States, the European Union, Singapore and Hong Kong. This article proposes that China should 1) improve the requirements of consent and disclosure; 2) strengthen the application of the principles of purpose limitation and data minimization; 3) enact a specific law for data protection; 4) establish a unified law enforcement agency, and 5) enhance private and public enforcement. Keywords: data privacy, data protection, mobile payment, China, comparative study 228 CHI.-KENT J. INTELL. PROP. Vol 20:2 TABLE OF CONTENTS 1. INTRODUCTION ..................................................................................... 229 2. MOBILE PAYMENT DEVELOPMENTS AND DATA PROTECTION ISSUES IN CHINA ............................................................................................ 230 2.1 Overview .................................................................................. 230 2.2 Factors behind the Heightened Privacy Risk ........................... 233 2.2.1 More Players in Mobile Payments ................................. 233 2.2.2 More Extensive Collection of Data ............................... 234 3. CHINA’S REGULATORY FRAMEWORK OF DATA PROTECTION .............. 237 3.1 The Historical Progression ....................................................... 237 3.1.1 Before 2016: A Traditional and Piecemeal Approach ... 237 3.1.2 After 2016: A Comprehensive and Proactive Regime... 240 3.2 Main Elements of Current Regulatory Regime........................ 242 3.2.1 Concept of Personal Information ................................... 242 3.2.2 Data Controllers and Data Processors ........................... 243 3.2.3 Principles of Fair Information Practices ........................ 245 3.2.4 Enforcement Mechanisms ............................................. 249 4. INTERNATIONAL EXPERIENCES ............................................................. 250 4.1 The United States ..................................................................... 250 4.2 The European Union ................................................................ 252 4.3 Singapore ................................................................................. 255 4.4 Hong Kong ............................................................................... 257 5. EVALUATION AND RECOMMENDATIONS .............................................. 258 5.1 Comparative Insights and Merits of the Chinese Law ............. 258 5.2 Remaining Problems and Recommendations .......................... 261 5.2.1 Improving Certain Regulatory Requirements and Principles .......................................................................... 261 5.2.2 Establishing A Unified Data Protection Law and A Unified Enforcement Agency ........................................... 263 5.2.3 Enhancing both Public and Private Enforcement .......... 265 6. CONCLUSION ......................................................................................... 268 2021 PROTECTING DATA PRIVACY FOR MOBILE PAYMENTS UNDER THE CHINESE LAW 229 1. INTRODUCTION While there is no universal definition of mobile payments, they can be generally understood as payments “for which the payment data and the payment instruction are initiated, transmitted or confirmed via a mobile phone or device.”1 As a key component of Fintech, mobile payments offer a much more convenient means of payment than the traditional means, and can be classified into different types depending on the technologies used.2 China’s mobile payment industry has experienced explosive growth since 2013 and has played a significant role in the Chinese economy while increasing its influence in many overseas markets. Mobile payments bring various benefits to consumers, such as flexibility, convenience, and a well-integrated purchase experience. It is also beneficial to merchants in terms of its lower cost of record-keeping and accounting, higher operational efficiency, and stronger digitising marketing capacity.3 Nevertheless, mobile payments are not without risks.4 First, mobile payments are plagued by data privacy and security risks. Data privacy issues concern primarily unauthorized processing of data for commercial purposes, such as targeted advertisements. The data may also leak out mainly through an illegal data transaction or as a cybersecurity issue. Mobile devices are susceptible to viruses, worms and other malicious applications that could illegally track, steal and misuse users’ sensitive financial information and pose a grave threat to the safety of their funds. Secondly, mobile payment users could be exposed to the risk of deceptive commercial practices linked with inadequate or misleading disclosure. For example, consumers can be overcharged when the essential information about the actual cost of a 1. EUROPEAN COMMISSION, GREEN PAPER: TOWARDS AN INTEGRATED EUROPEAN MARKET FOR CARD, INTERNET AND MOBILE PAYMENTS 5 ((2012), https://eur-lex.europa.eu/legal- content/EN/TXT/PDF/?uri=CELEX:52011DC0941&from=EN (last visited June 13, 2021). 2. For a more detailed discussion of the typology of mobile payments in China, see Robin Hui Huang, et al., The Development and Regulation of Mobile Payment: Chinese Experiences and Comparative Perspectives, 20(1) WASH. U. GLOB. STUD. L. REV. 1 (forthcoming n.d.). 3. ASIA PACIFIC FOUNDATION OF CANADA (hereinafter “APFOC”), THE MOBILE PAYMENT REVOLUTION IN CHINA 4 (2019), https://www.asiapacific.ca/sites/default/files/publication- pdf/mobile_payment_report.pdf 4. For a comprehensive discussion of the risks of mobile payment in China, see HUANG ET AL., supra n. 2; OECD, REPORT ON CONSUMER PROTECTION IN ONLINE AND MOBILE PAYMENTS 22 (2012), https://www.oecd-ilibrary.org/docserver/5k9490gwp7f3- en.pdf?expires=1623728336&id=id&accname= guest&checksum=9BE6F1AC10DFEDAAA40E2CDD1E194E9D (last accessed June 14, 2021). ; ANDREW JAMES LAKE, RISK MANAGEMENT IN MOBILE MONEY: OBSERVED RISKS AND PROPOSED MITIGANTS FOR MOBILE MONEY OPERATORS (2013), https://www.ifc.org/wps/wcm/connect/e6ae6dd9- ad8c-4663-9c38- 832c1d46a9f0/Tool+7.1.+Risk+Management.pdf?MOD=AJPERES&CVID=khAOg2B; 230 CHI.-KENT J. INTELL. PROP. Vol 20:2 transaction is hidden in