How to guarantee legitimate big data uses in disease prevention and control?

CIKD | Updated: 2020-05-09 09:25

It is important to note that the information provided in this Series is intended for your general knowledge only and is not a substitute for professional medical advice or treatment.

A resident scans a QR code of a mini-program to report health information in Beijing, March 10, 2020. [Photo/Xinhua]

Big data plays an important role in the fight against the COVID-19 in China and is widely used in tracing cases, assisting medical treatment, and advancing resumption of work and production. However, it has also drawn wide attention to the protection of personal information and the legitimacy of the use of big data. Based on the existing laws, regulations and national standards, the Chinese government has issued the regulation for using big data in containing the COVID-19, strengthening the legal basis and operational standards. In the meantime, relevant authorities have strictly implemented the regulations, and companies offering technical support have also reinforced their management.

First, applications of laws and regulations are clarified. On February 9, the Cyberspace Administration of China released the Notice of Effectively Protecting Personal Information and Using Big Data to Support Joint Prevention and Control, providing relevant legal basis and technical specifications.

1. Only entities that are authorized by the health authorities of the State Council in accordance with the Cybersecurity Law of the People's Republic of China, the Law of the People's Republic of China on the Prevention and Treatment of Infectious Diseases, and the Regulation on Responses to Public Health Emergencies are allowed to legally collect personal information to contain the COVID-19. Other entities shall not collect personal information without obtaining consent from individuals.

2. The collection of personal information to contain the COVID-19 shall adhere to the requirements outlined in the Information Security Technology – Personal Information Security Specification, and in particular, to the principle of data minimization. Rather than focusing on all individuals from particular geographic regions (to avoid de facto discrimination against people from certain geographic regions), collection of personal information shall be targeted towards key groups of interests, such as confirmed and suspected cases, as well as close contacts.

3. Personal information collected to contain the COVID-19 shall not be used for any other purposes. Unless sensitive personal information is masked, and the purpose is to contain the COVID-19, personal information, such as name, age, identification card number, phone number, home address, etc., shall not be disclosed without the consent of the data subjects.

4. Entities collecting or possessing personal information shall take responsibility for the safety and protection of the data and implement strict management and technical measures to prevent theft or leakage of such information.

5. Any individual or entity that discovers a violation of the use, collection, and disclosure of personal information may report such violation to the cyberspace or public security authorities, which will handle any such violations or data breaches in accordance with the Cybersecurity Law of the People's Republic of China and related regulations.

Second, the regulations are strictly followed. Governments at all levels have followed the regulations in releasing daily COVID-19 case updates and maps. Telecommunication enterprises have also worked out relevant management methods, trying to improve their technical protection to strictly manage themselves and other collaborating entities while providing data in line with laws and regulations.

Third, law enforcement is enhanced. Law enforcement agencies in different places have timely punished the behaviors invading personal privacy and violating laws. Recently, the police agencies in Guangdong province, Tianjin and Inner Mongolia autonomous region have imposed punitive measures such as administrative detention and penalty upon individuals who have disclosed others' personal information illegally.

It can be noticed that the above regulations are similar to what has been applied recently to the collection and use of personal data in countries and regions such as South Korea, EU and the UK in fighting against the COVID-19, especially on the principles of anonymization, data minimization and legitimate use. In addition, China's National People's Congress has been stepping up efforts to formulate laws concerning the protection of personal information and data security so as to provide a more solid legal basis for the use of big data in normal and emergency times.







Author: Jiang Xiheng, Center for International Knowledge on Development

Please feel free to contact us by sending your questions to or commenting on China Daily app. We will ask experts to answer them.

Editor's picks
Copyright 1995 - . All rights reserved. The content (including but not limited to text, photo, multimedia information, etc) published in this site belongs to China Daily Information Co (CDIC). Without written authorization from CDIC, such content shall not be republished or used in any form. Note: Browsers with 1024*768 or higher resolution are suggested for this site.
License for publishing multimedia online 0108263

Registration Number: 130349