China’s largest academic research database, the China National Knowledge Infrastructure (CNKI), has once again made headlines. This time, it’s for its illegal data handling practices, which has incurred a penalty of 50 million yuan (approximately US$6.9 million). This comes only a year after CNKI found itself under the microscope in a cybersecurity review, further tainting the firm’s reputation.
Backdrop: The Role of the Cyberspace Administration of China (CAC)
The CNKI’s transgressions were brought to light by the Cyberspace Administration of China (CAC), which has been active in overseeing the country’s digital realm. Their vigilant efforts have uncovered various malpractices, with CNKI being the latest target.
Upon initiating a comprehensive investigation into CNKI’s data operations based on the earlier cybersecurity review, the CAC discovered a troubling trend. Fourteen mobile applications affiliated with CNKI were found guilty of illegally collecting user data. The agency’s findings were made public in an official statement, shedding light on the extent of CNKI’s privacy violations.
These mobile applications were not only collecting data without the users’ explicit consent but also harvesting non-essential personal information. What’s more, they exhibited a lack of transparency, failing to clarify how this collected data would be utilized. Additionally, users found themselves trapped, as these applications didn’t provide an option to delete their accounts, further deepening the trust deficit.
CNKI’s Response and Commitment to Rectification
In response to these grave allegations, CNKI displayed an attitude of acceptance and compliance. The company stated, “We sincerely accept and will resolutely obey the CAC’s decision.” Highlighting its cooperation since the cybersecurity review by CAC on June 23, 2022, CNKI emphasized its dedication to enhanced security measures.
The company, owned privately, further elaborated on its initiatives post the review. CNKI commented on its strengthened commitment to bolstering network security, data protection, and personal information safeguards. It’s evident that the company is now on a path to remedy its past missteps and win back its user base’s trust.
The Extent of Data Collection: A Deep Dive
The CAC’s scrutiny of CNKI last June was not without reason. The organization was found to be collecting an extensive range of personal data, spanning sectors like national defense, telecommunications, and finance. More alarmingly, CNKI also had its hands on “sensitive information,” details connected with major national projects, noteworthy technological advancements, and core tech development.
The decision to impose the fine on CNKI was based on a detailed consideration of the nature, repercussions, and duration of its illegal data-handling practices. The CAC’s statement also alluded to the “situation in the cybersecurity review,” though it did not provide an exhaustive breakdown of the specifics.
CNKI’s Legacy and Stature
Founded in 1999, CNKI is not just any academic research platform. A brainchild of the prestigious Tsinghua University and its affiliated entities, CNKI’s vast archives comprise more than 90% of academic journals published within mainland China. The platform’s exclusivity is evident, as approximately 40% of its content, available through paid subscriptions, cannot be found elsewhere.
China’s Tightened Cybersecurity Framework
The CAC’s vigilance is part of a broader effort to regulate China’s digital ecosystem. CNKI’s cybersecurity review marked the CAC’s inaugural examination post the implementation of the national Measures for Cybersecurity Review regulation in February 2022. This regulation is pivotal, compelling Chinese internet firms with aspirations to list outside the mainland to undergo such a review.
The CAC’s endeavors since 2021 have been far-reaching. Notable firms like Didi Global faced reviews mere days post their initial public offering in New York, which stirred some controversy. Chinese truck-hailing apps like Yunmanman and Huochebang, as well as online job platform Boss Zhipin, have also been under the CAC’s scanner. Notably, Tsinghua Tongfang, CNKI’s parent company, hasn’t revealed any intentions to list overseas.
Accumulated Penalties and Past Controversies
The recent fine isn’t CNKI’s first financial setback. The 50 million yuan penalty comes on the heels of an 87.6 million yuan charge that CNKI faced from China’s antitrust watchdog just the previous year, citing monopolistic tendencies.
Last December, after a painstaking seven-month probe, it was revealed that CNKI had misused its dominant position in the market. The State Administration for Market Regulation levied the fine when it was discovered that CNKI was unjustifiably increasing subscription prices. Given that the majority of Chinese scholars and students rely on CNKI for academic resources, such price escalations were deemed unreasonable.
Conclusion
CNKI’s recent penalty underscores the imperative need for robust data protection practices and transparent operations. As the digital landscape evolves and more users entrust platforms with their data, it’s paramount that organizations handle such information responsibly. The episode serves as a reminder of the changing dynamics in China’s cyber realm, with regulatory bodies like the CAC playing a pivotal role in ensuring a trustworthy and secure digital ecosystem.
Read More: