In an unprecedented move, China has taken decisive action against personal data breaches, closing a staggering number of cases while also unveiling draft laws to regulate facial recognition technology. Over the past three years, Chinese law enforcement has effectively shut down 36,000 instances of personal data violations, leading to the detention of 64,000 suspects, as per the Ministry of Public Security. These efforts are part of a broader initiative launched in 2020 to govern online activities, resulting in the seizure of more than 30 million SIM cards and 300 million “illegal” internet accounts.
Notably, a surge in criminal cases involving personal data misuse, especially in sectors like healthcare, education, logistics, and e-commerce, prompted this crackdown. The Ministry has also highlighted the rise of cases linked to Artificial Intelligence (AI), recounting a 2023 incident in Fujian province where hackers used AI to manipulate faces and siphon off 4.3 million yuan from a company.
The proliferation of facial recognition technology and its intersection with AI has introduced new complexities, with cybercriminals using stolen identity card photos, names, and ID numbers for fraudulent purposes. To address these challenges, China’s public security departments are collaborating with state entities to assess and mitigate risks associated with facial recognition technology.
The government’s response to these threats includes proposing new nationwide laws to regulate facial recognition. The Cyberspace Administration of China (CAC) has released draft regulations mandating explicit user consent for data collection, transparent data usage practices, and data protection measures. Exceptions exist for situations involving national security, public safety, health emergencies, and protecting individuals’ well-being.
Businesses engaging in facial recognition technology will need to adhere to strict guidelines, including notifying authorities when retaining more than 10,000 facial recognition datasets. The draft laws also encourage the prioritization of non-biometric recognition tools when feasible.
The Chinese public has been invited to provide feedback on these proposed laws, which come in the wake of earlier regulations aimed at curbing “deep synthesis” technology misuse. In the near future, interim laws will be implemented to govern generative AI services, ensuring ethical and legal use while safeguarding both national interests and individual rights.