In the late summer of 2016, Xu Yuyu, a resident of Linyi, Shandong, was elated to learn she had been accepted into the English department at Nanjing University of Posts and Telecommunications after her commendable college entrance exam results. Coming from a modest background, where her family struggled on her father’s limited income, this opportunity was monumental, not only for her but for her family who had sacrificed to save for her education.

Shortly after receiving her initial admission notification, Xu was contacted again with the news that she had been awarded a scholarship. However, to receive the 2,600 yuan (about $370) scholarship, she was instructed to deposit a 9,900 yuan “activation fee” into a specified university account. Trusting the caller, and recently applying for financial aid, Xu transferred the money. That evening, realizing they had been scammed, her family reported the incident to the police. Tragically, overwhelmed by the events, Xu suffered a heart attack on her way home from the station and died two days later in the hospital.

The investigation revealed that scammers, having bought her personal details from a hacker, impersonated the university. Xu’s case became a poignant symbol of the urgent need for stringent data privacy laws in China, a sentiment growing in intensity around the globe with incidents like the Cambridge Analytica scandal involving Facebook, which coincided with political events such as Donald Trump’s election and the EU’s adoption of the General Data Protection Regulation (GDPR).

The narrative that Chinese citizens and government are indifferent to privacy is outdated. In recent years, the Chinese government has enacted privacy protections that mirror Western standards to some extent, aiming to boost consumer confidence and foster digital economic growth. Despite these advances in consumer privacy, the state has concurrently intensified surveillance measures, including extensive biometric data gathering and a pervasive social credit system, illustrating a complex privacy paradox.

Internationally, developments in China’s privacy regulations are closely monitored, given the global expansion of its technology sector. The formation of China’s surveillance system began with projects like the Golden Shield, initiated by the Ministry of Public Security in 2000, which aimed to integrate various surveillance technologies across the nation.

Moreover, the narrative extends to individuals like Hong Yanqing, who, after extensive legal training in China and the West, played a pivotal role in shaping China’s approach to data protection. His work underscores the ongoing debates within China about aligning with either the European model, which emphasizes individual rights to data protection, or a more industry-friendly American approach.

Hong’s efforts culminated in the Personal Information Protection Specification, which, while initially nonbinding, was a precursor to more stringent laws spurred by both international influences and domestic crises, such as Xu’s death. This evolving legislative landscape is a testament to the dynamic nature of data governance, straddling the needs for economic innovation and individual privacy protections.

Despite these strides toward consumer data protection, the challenge remains in balancing these protections with state surveillance practices, which continue largely unabated and form a significant part of China’s governance model. The disparity between public and private data governance highlights the complex interplay of economic, political, and social factors influencing China’s policy trajectory in the digital age.