Before and after China’s new data laws: privacy in apps

Conference item

Abstract:: Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, China introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps’ privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021. Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. We see our findings as characteristic of a first iteration at Chinese data regulation with room for improvement.

Files:: Kollnig_et_al_2023_before_and_after.pdf

(Preview, Accepted manuscript, pdf, 1010.9KB, Terms of use)

Publication website:: https://conpro23.ieee-security.org/papers/kollnig-conpro23.pdf

Publication date:: 2023-05-25
Acceptance date:: 2023-02-18
Event title:: 7th Workshop on Technology and Consumer Protection (ConPro ’23)
Event location:: San Francisco, CA, USA
Event website:: https://conpro23.ieee-security.org/
Event start date:: 2023-05-25
Event end date:: 2023-05-25

Copyright holder:: Kollnig et al
Notes:: This paper was presented at the 7th Workshop on Technology and Consumer Protection (ConPro ’23), Co-located with the 44th IEEE Symposium on Security and Privacy, 25th May 2023, San Francisco, CA, USA.

Licence:: Terms and Conditions of Use for Oxford University Research Archive

If you are the owner of this record, you can report an update to it here: Report update to this record