Written by Marc-Roger Gagné

The World’s Worst Privacy Nightmare Has Sprung to Life in China

The era of GDPR is upon us. Privacy awareness at growing. More people are concerned about what’s happening to their personal data than ever before. It seems like we’re onto something beautiful: a world where people control their own data and it’s protected by stringent regulations that bring heavy fines for non-compliance.

Meanwhile, in China, people are being banned from internal travel because their social media etiquette isn’t what it should be.

China’s Social Scoring System

The Chinese government now has a social scoring system in place. It tracks the way its citizens interact:

whether they behave well on flights

police infractions they might incur

whether they pay their fines

how they behave on social media (spreading fake news, for example, or talking about terrorism)

Think of it as an old-fashioned neighbourhood gossip network gone global.

In the hands of a totalitarian regime, that kind of information can be used to implement an array of restrictive measures against individuals….which is exactly what is happening right now in China. Reuters has reported that the Chinese government is already moving forward on restricting travel (and may have been doing so for years)(1).

For Online Privacy Regulation, An Alternate World Exists

Somewhere, the evolution of privacy forked and two distinct species were born. One prioritizes the user and the other prioritizes the needs of government to rule the land. So while we celebrate the passage of GDPR and come to grips with complying, there’s a privacy nightmare coming to life just halfway around the globe.

How could this happen? Two such different ways of dealing with private information? Each represents a different reaction to the same thing: an abundance of data that now exists for a large number of the world’s people.

Governments ask themselves: do we protect it or use it?

Clearly, the Chinese government is choosing to use it even while they pass strict privacy measures(2). That’s the ironic twist to all this: China does have GDPR-like regulation and the Chinese are becoming more aware of privacy concerns. It appears that the Chinese government considers itself exempt.

We Could be Headed the Way of China

It’s human nature to rate things. We love that Yelp helps us choose our merchants and our restaurants. We abide by TripAdvisor’s recommendations for the best travel options. In school, test scores help us rate our students. Work performance reviews help us rate them later on when they become employees. Credit score obsession is a real thing. According to one survey, 40% of adults would reconsider dating someone if they found out their credit score wasn’t up to par(3).

Scales and scores like these are useful and, in many cases, necessary for a properly functioning modern society. They help us make sense of a chaotic world. Increasingly, businesses need people metrics… for hiring, for customizing their products, marketing, and almost every decision they make in this data-driven world.

What happens when the technology advances to a point where we’re able to put a score on private, social behaviour? The kind gleaned from Facebook? And what happens when you combine that with police databases and financial records? A ‘virtuosity rating system’, you might say… or as they call it in China a ‘sincerity score’.

The Uncomfortable Mix of Social Scoring and Totalitarian Governments

Right now, many of your lifestyle choices can be tracked. Without stringent privacy regulation, on the level we’ve seen with GDPR, data that can be tracked can also be stored, matched to your personal information, and sold.

Facebook made this very clear when they allowed such data on its users to be accessed by the political consultancy Cambridge Analytica. Voters were swayed via “fake news” stories and other clever and divisive manipulations carried out during the 2016 U.S. presidential election.

It was perhaps the biggest privacy story of 2017 but it could be much worse.

What if your totalitarian government was using that data to make decisions about your rights? Take all the data accessed during the Cambridge Analytica scandal and instead of using it to gauge political temper, use it to rate people’s social behaviour…

Someone got too drunk on a Wednesday night and failed to show up for a Thursday morning meeting. Minus 10 points

Someone used profanity on Facebook. Minus 12 points.

Someone is behind in their credit card payments. Minus 20 points.

Someone criticized the government in a Facebook group. Minus 30 points.

Someone donated clothing to charity. Plus 10 points.

5 points for recycling.

…then proceed to grant privileges or remove rights based on those social scores. Imagine a world where a totalitarian government and Cambridge Analytica were working together.

A Surveillance Society Takes Root

There’s a Black Mirror episode portraying just what this crazy world might look like and it pretty much resembled a privacy hell.

See if you can imagine this hell for just a moment by comparing it to something you already know. In the film Minority Report, Tom Cruise’s character walks through a mall and is greeted by personalized advertising(4). If you’ve ever been creeped out by retargeting (online ads from retailers whose sites you’ve just visited), this would probably feel ten times worse.

The Black Mirror episode goes even deeper into privacy hell by portraying a society where even your small social interactions are rated, logged, and used to calculate a social score. People are fitted with retinal implants that allow them to view people’s scores as they pass them on the street. Social interactions take place with scores looming large, colouring everything people do.

Sounds terrible but with dating app Happn and Tinder’s ‘Places’, some people are already on their way to realizing this type of world. Happn started in Europe four years ago and has spread to urban areas of the United States and Canada in 2015. Using proximity beacons in your smartphone, these apps can alert you to passersby who also have the app. See someone you think is attractive? Enable the app alert and you may get lucky, finding out who they are with the ability to make contact.

And people sign up for this type of thing every day. Without GDPR-like legislation on a federal level, it’s the type of data that could end up anywhere, wrecking lives and turning our world into a place that resembles that Black Mirror episode (or worse). Bottom line? We need GDPR everywhere and, as the situation in China has shown, we need our governments to abide by privacy legislation too.

Marc-Roger Gagné CCIE, CCII, CIPP/G/C, MAPP

Services Juridiques Gagné Legal Services