Date
21 August 2017
For the equivalent of US$100, one can buy a trove of private data on a Chinese consumer, including his hotel registration records (inset) and asset ownership, an investigation has found. Photos: Bloomberg, ifeng.com
For the equivalent of US$100, one can buy a trove of private data on a Chinese consumer, including his hotel registration records (inset) and asset ownership, an investigation has found. Photos: Bloomberg, ifeng.com

Private data on sale for just 700 yuan in China grey market

Personal data on Chinese consumers, including their names, addresses and financial transactions, is being sold on the market for as little as 700 yuan in the mainland, a newspaper investigation has revealed.

Guangzhou-based Southern Metropolis Daily reports that its journalists carried out an experiment that laid bare the shocking reality of trade in private data. 

Approaching touts and seeking personal information on a target, reporters from the newspaper were able to confirm that they could get all sorts of data for the equivalent of just about US$100.

There is a vast amount of private data that can be bought on citizens, including hotel registrations, asset ownership, public transport usage, and even their internet surfing record.

For an additional fee, the secret data vendors said they can even provide a person’s bank account details and real-time location as well as mobile phone call logs.

A “service provider” was quoted as saying that such reports can be offered 24×7.

Southern Metropolis reporters said they were baffled as the illegal services were being supported by third-party electronic platforms, meaning that the services can be rolled out on a mass-scale.

Meanwhile, factwire.org reported on Saturday that the five popular Chinese mobile payment apps — WeChat, Taobao, Taobao World, Alipay and Tmall — are able to collect and file sensitive information on users, such as their mobile handset identity numbers, activities and location data.

Thie information, which is routed through servers in mainland China, exposes people to the risk of data theft or misuse.

According to cyber-security and hacking experts, it is possible to track and monitor users’ activities when the relevant data is collected.

Hong Kong’s data privacy watchdog, The Office of the Privacy Commissioner for Personal Data, has said that there are no regulations that ban the transferal of personal information to places outside Hong Kong, the report noted.

The revelation has sparked fresh concerns that certain cyber-security laws in mainland China which require app providers to record user logs and keep them for at least 60 days to assist inspection and surveillance by relevant government departments would be applicable for users of these mainland-developed apps in Hong Kong.

- Contact us at [email protected]

EL/AC/RC

EJI Weekly Newsletter

Please click here to unsubscribe