•  
  •  
 

Abstract

China has become one of the largest mobile payment markets in the world. While mobile payments bring great benefits such as convenience, flexibility, and efficiency, they are not without risks. This article focuses on one of the major risks, namely the data privacy risk, which is in large part caused and exacerbated by the involvement of multiple players and the extensive collection of personal information. There were some difficulties in protecting data privacy under the traditional legal framework, which was developed in a piecemeal manner with relevant provisions scattered around many different laws. In response, China has been trying to consolidate and modernise its regulatory regime for data privacy to suit the needs of the new digital era. Over the past few years, China has made great efforts to enact new laws and regulations to delineate the scope of personal information, introduce the obligations for data controllers and processors, and incorporate the principles of the Fair Information Practices. However, there are some remaining concerns, including the ineffective requirements of consent and disclosure, the ambiguous principle of purpose limitation, and the limited applicability of the principle of data minimisation. In a quest for a more effective solution to meet the regulatory challenge and strike a proper balance between privacy protection and technological innovation, a comparative analysis is conducted with several other major jurisdictions in this area, including the United States, the European Union, Singapore and Hong Kong. This article proposes that China should 1) improve the requirements of consent and disclosure; 2) strengthen the application of the principles of purpose limitation and data minimization; 3) enact a specific law for data protection; 4) establish a unified law enforcement agency, a 5) enhance private and public enforcement.

Download

Share

COinS