Journal of Comparative Law
V O L U M E X I I , I S S U E 2
Special Issue
Comparative Legal Reasoning:
Essays in Honour of Geoffrey Samuel
Williams, Toni Preface …………………………………………………………………………….. 1
Glanert, Simone Celebrating Many Geoffreys …………………………………………… 2
Legrand, Pierre Foreign Law As Self-Fashioning ……………………………………… 6
Ost, François (Re-)Learning to Think About Law From Cases ……………. 45
Monateri, P G Dominus Mundi: Land, Sea and Global Sovereignty ………. 61
Del Mar, Maks Imagination in Legal Thought: Abilities, Devices and
Their Comparative Histories …………………………………………. 76
Bell, John Consequential Reasoning in France ………………………………. 94
Werro, Franz The Swiss Federal Tribunal and Its Pragmatic Plural-
istic Method ………………………………………………………………… 109
Pichonnaz, Pascal Interpretation in Multilingual States: An Opportunity … 124
Bottomley, Anne One Pattern of Juridical Migration at the Limits of
Land (and Common) Law……………………………………………. 142
Muir Watt, Horatia Foreign Life-Forms and Law’s Ethics of Difference
(A View From Private International Law) ……………………. 161
Samuel, Geoffrey On the Beach: What Can Beaches Reveal About Legal
Reasoning and Legal Categorisation? ………………………….. 187
Special Issue:
Transparency Challenges Facing China
FU Hualing, Palmer, Introduction: Selectively Seeking Transparency in
Michael and ZHANG China …………………………………………………………………………… 203
Xianchu
ZHANG Xianchu Transparency Challenge to China’s Socialist Market
Economy ……………………………………………………………………… 216
CHEN Yongxi Taming the Right to Information: Motive Screening
and the Public Interest Test under China’s FOI-like
Law ……………………………………………………………………………… 236
PENG Chun The Shadow of Transparency: Defining, Debating and
Deterring Vexatious OGI Requests in China ………………… 268
SUN Ying and Selective Openness: An Evaluation on Open-Door
ZHANG Xiang Legislation in China ……………………………………………………. 293
HUANG Yue Hearing and Public Participation: A Failed Revolution
or a Successful Distraction? …………………………………………. 307
GAO, Henry The WTO’s Transparency Obligations and China ………… 329
CHEN Yongxi and The Transparent Self under Big Data Profiling:
CHEUNG, Anne SY Privacy and Chinese Legislation on the Social Credit
System …………………………………………………………………………. 356
LI Ling Transparency, Propaganda and Disinformation:
“Managing” anticorruption information in China ………. 379
HAN Rongbin Supervising Authoritarian Rule Online: Citizen
Participation and State Responses in China …………………. 397
ZHU Han and FU Hualing Transparency as an Offence …………………………………………. 417
Articles
Conner, Alison Courtroom Drama, Chinese Style ……………………………. 437
Husa, Jaakko Global Law and Comparative Law—Allies or
Adversaries? ……………………………………………………………. 461
WANG Faye Fangfei Online Dispute Resolution: Best Practices in
Comparative Perspective ………………………………………… 472
XU Ting Towards an Evolutionary Theory of Property?
A Longitudinal Analysis of Property Regime
Transformation in China …………………………………………. 496
Research Note
Dejean de la Bâtie, Alice Judge-Made Justification and Democratic Legitimacy
and Theuns, Tom in French Criminal Law …………………………………………. 518
Reviews
Sir Ross Cranston FBA Samuel, Geoffrey A Short Introduction to Judging
and to Legal Reasoning. Edward Elgar, Cheltenham,
2016, 208 pp. ISBN 9781785365911. E-ISBN
9781785365928 …………………………………………………………. 537
Simone Glanert Samuel, Geoffrey. An Introduction to Comparative
Law Theory and Method. Oxford, Hart, 2014. xvii,
226 p. ISBN 9781849466431. …………………………………….. 539
Contributors …………………………………………………………………………………………………… 548
The Transparent Self under Big Data Profiling
356 JCL 12:2
The Transparent Self under Big
Data Profiling: Privacy and Chinese
Legislation on the Social Credit System
Y O N G X I C H E N A N D A N N E S Y C H E U N G
The University of Hong Kong
I N T R O D U C T I O N
Big data is one of the buzz phrases of the 21st century, concerning not only the digitalisation
of data on billions of individuals, but also what those in power are able to do with that
data. The defining characteristic of big data is the capacity to search, aggregate and cross-
reference large datasets for analysis to identify previously undetectable patterns,1 as
well as the power to profile individuals, calculate risks, and monitor and even predict
behaviour.2 When big data is harvested by governments, the worry is that the totality of
individuals’ lives will be captured, that citizens will be monitored and that the Orwellian
state will become a reality.
In China, such a worry seems far from unfounded given the Chinese Communist Party’s
(CCP) roll-out of its powerful Social Credit System (SCS). Launched at the national level
in 2014, the system’s aim is to assess the trustworthiness of Chinese citizens in keeping
their promises and complying with legal rules, moral norms, and professional and ethical
standards.3 It is essentially an all-encompassing, penetrative system of personal data
processing, manifested by the comprehensive collection and expansive use of personal
data with the explicit intention on the Chinese government’s part of harnessing the
ambition and power of big data technology.4 The SCS rates both business entities and
individuals. According to its blueprint, the records that are collected can be extensively
1 Boyd D and Crawford K (2012) ‘Critical Questions for Big Data’ (15) Information, Communication & Society
662.
2 Alexander von Humboldt Institut Für Internet und Gesellschaft (2015) ‘Big Data: Big Power Shifts?’, available
at:
3 See ‘Shehui xinyong tixi jianshe guihua gangyao’ (Planning Outline for the Construction of the Social Credit
System, 2014-2020) (adopted by the State Council and effective on June 14, 2014) (‘SCS Outline’ hereafter). For
the public concerns related to the social credit system, see
Clover C, ‘China: When Big Data Meets Big Brother’ Financial Times, January 20, 2016, available at:
4 One year following the issuance of SCS Outline, the State Council adopted an outline for big data
development in which the Social Credit System is a stressed field for the application of big data technology. See
‘Cujin dashuju fazhan xingdong wangyao’ (Action Outline for Big Data Development) (adopted by St. Council
and effective on Aug. 31, 2015) (‘Big Data Outline’ hereafter).
JCL 12:2 357
yongxi chen and anne sy cheung
used by the authorities and business entities alike for a variety of purposes broadly related
to ‘encouraging trustworthiness and punishing untrustworthiness’.5
Whilst the use of big data analytics in the context of credit scoring and the rating
of individuals is not unique to China, in other jurisdictions it is usually confined to the
financial arena and regulated by law.6 What differentiates China is the scale of the data
collected, the scope of its use and, particularly important for the purposes of this article,
the apparent lack of a comprehensive legal system to protect personal data. Despite the
introduction of the Cyber Security Law in 2016 in relation to online data,7 the extension
of civil law protection to consumer data in 2013, and the criminalisation of the unlawful
gathering, receipt and sale of personal data in 2009, personal data as a general subject has
yet to be clearly defined and effectively protected under Chinese law.8 The rights that data
subjects are entitled to under a personal data protection regime are rarely mentioned in
China and are, at best, provided for under scattered sector-specific laws.9
Given the inadequate protection afforded to personal data in China, the country is
an ideal social laboratory for big data experimentation, data intelligence and mass
surveillance. Individuals risk being reduced to transparent selves before the state in this
uneven battle.10 They are uncertain about what contributes to their social credit scores,
how those scores are combined with the state system, and how their data is interpreted
and used. In short, the big data-driven SCS is confronting Chinese citizens with major
challenges to their privacy and personal data.
Although the State Council’s Planning Outline for the Construction of the Social
Credit System (‘SCS Outline’ hereafter) sketches out an ambitious blueprint, it is the pilot
legislation implemented at the local level since 2014 that has institutionalised the collection
and use of social credit-related data. To analyse China’s emerging SCS under existing
5 ‘Guowuyuan guanyu jianli wanshan shouxin lianhe jili he shixin lianhe chengjie zhidu jiakuai tuijin
shehui chengxin jianshe de zhidao yijian’ (Guidelines of the State Council on Establishing and Improving the
System of Joint Rewarding for Trustworthiness and Joint Punishment for Untrustworthiness and Accelerating
the Construction of Trustworthiness in the Society) (issued by the State Council on May 30, 2016). See also
‘Guanyu yinfa dui shixin beizhixingren shishi lianhe chengjie de hezuo beiwanglu de tongzhi’ (Notice of the
National Development and Reform Commission, the Supreme People’s Court, the People’s Bank of China,
and Other Departments on Issuing the Memorandum of Understanding on Imposing Joint Punishments on
Untrustworthy Persons Subject to Judicial Enforcement) (issued on Jan. 20, 2016).
6 See for example the case of the US and the EU: US Federal Trade Commission (2016), Big Data: A Tool for
Inclusion or Exclusion? Understanding the Issues; US White House (2016) , Big Data: A Report on Algorithmic Systems,
Opportunity and Civil Rights (2016). Article 4 of the EU General Data Protection Regulation (2018) regulates the
use of automated processing of personal data for profiling.
7 ‘Wangluo Anquanfa’ (Cyber Security Law) (adopted by the National People’s Congress, November 7, 2016,
effective June 1, 2017).
8 Article 253, Criminal Law (Xingfa) (adopted by the National People’s Congress on July 1, 1979, amended
March 14, 1997, effective July 1, 1997), as amended by the Amendment to the Criminal Law (VII) (Xingfa
xiuzhengan (qi)) (adopted by the Standing Committee of the National People’s Congress and effective on
February 28, 2009). Art. 29, Consumer Rights and Interests Protection Law (Xiao feizhe quanyi baohufa)
(promulgated on October 31, 1993, amended October 15, 2013, effective March 15, 2014). Neither of the laws
defines personal data.
9 The personal data principles in the OECD guideline. OECD (2013) ‘OECD Guidelines on the Protection
of Privacy and Transborder Flows of Personal Data’, available at:
10 Brin D (1999) The Transparent Society: Will Technology Force Us to Choose Between Privacy And Freedom? Basic
Books. Brin mentions in his book that technology will bring towards a transparent society. Here we argue that
only the powerless individuals have become transparent but the state and commercial conglomerates have
remained opaque.
The Transparent Self under Big Data Profiling
358 JCL 12:2
international legal principles concerning personal data protection,11 this article identifies
and compares typical examples of relevant legislation at the local level and discusses their
implications for personal data protection. It argues that existing legislation and proposed
regulations require substantial revisions to mitigate the impact of the SCS on data privacy
and other interests critical to individual citizens.
The article begins by mapping out the background to the construction of China’s
big data social laboratory and the SCS. The next section examines the system’s social
management aim and comprehensive sanction system, as well as its nature as a
collaborative project between the authorities and the business sector. The section which
follows then summarises the legislative history and evolving concept of social credit
and analyses the nature of individuals’ rights to personal data protection under China’s
uncoordinated legal framework. The article then reviews local social credit legislation with
reference to the three cardinal principles of personal data protection most closely related
to data subjects’ control over the processing of their data: (1) the data collection principle,12
(2) the data usage principle,13 and (3) data subjects’ right to access and correct their own
data.14 The final section concludes that although local legislation provides nominal rights
of access to, and a few restrictions on, the collection and use of data, it has largely failed
to secure meaningful control over personal data for individuals. These legislative defects
relate to the very purpose of the SCS and to extra-legal restrictions inherited from the pre-
reform party-state regime. As the term ‘personal information’ is used in Chinese legislative
enactments and policy documents, ‘data’ and ‘information’ are used interchangeably
throughout the article.
T H E U N F O L D I N G S O C I A L C R E D I T S Y S T E M
The stated vision of the SCS rolled out in 2014 is to foster trustworthiness in society,
enhance market efficiency, strengthen social governance and build a harmonious society
within the socialist state.15 Whilst that may sound like CCP rhetoric, the distinctive, and
most controversial, feature of the SCS is its rating of the trustworthiness of each and every
business entity and citizen. According to the SCS Outline, the authorities may use financial,
law enforcement, and other data to evaluate all enterprises and citizens and hold them
accountable for any misbehaviour.16 The goal is to build a comprehensive, nationwide
platform aggregating all related data by 2020. Accordingly, every citizen’s and business
entity’s scores in the political-administrative, commercial, social and judicial arenas will
be compiled.17
11 ‘OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data’ supra note 9.
12 OECD Guidelines, the Collection Limitation Principle stipulates that ‘the collection of personal data should
be by lawful and fair means and, where appropriate, with the knowledge or consent of the data subjects.’
13 OECD Guideline, the Use Limitation Principle stipulates that ‘personal data should not be disclosed, made
available or otherwise used for purposes other than those specified [at the time of collection] except with the
consent of the data subject; or by the authority of law.’
14 This is governed under the OECD Guidelines, the Individual Participation Principle.
15 SCS Outline, supra note 3, Introduction.
16 Ibid, at Parts I & II; see also Florcruz M, ‘China To Use Big Data To Rate Citizens In New ‘Social Credit
System’ International Business Times, April 28, 2015, available at:
17 SCS Outline, Introduction, para. 3.
JCL 12:2 359
yongxi chen and anne sy cheung
The idea of ‘social credit’ was originally introduced in the early 2000s to steer
economic reforms that increase the financial creditworthiness (xinyong) of businesses
and individuals.18 It gradually expanded to encompass their integrity or trustworthiness
(chengxin) with respect to fulfilling contractual and legal commitments.19 Since 2011, CCP
directives and central government policies have used ‘social credit’ as a comprehensive
concept that is closely related to both market regulation and social governance.20 In addition,
governments at the local level have harboured the idea of building a multidimensional
social credit system to restore trust in society.21 In 2010, Suining County in Jiangsu Province
(north of Shanghai) launched a pilot programme that awarded points for good behaviour
and deducted points for bad behaviour such as traffic violations and illegally petitioning
the higher authorities for help.22 Rewards included the fast-tracking of promotions at
work or of public housing applications. Although the programme was heavily criticised,23
it provided an early glimpse of a social scoring system. Another attempt at a social credit
system was made by the Shanghai municipal government, which published a catalogue of
more than 1200 items that would be awarded points for entry into a credit system.24 About
1000 of the items related to business entities, with the remainder concerning individual
citizens. In 2016, the Shanghai government suggested that filial piety be entered into the
scoring system, assessed, for example, by the frequency with which an individual visited
his or her parents and by whether an individual’s parents had enough food.25 Regardless of
the controversy surrounding such suggestions, more than 35 local governments across the
country had joined the SCS by 2016, gathering digital records on the social and financial
behaviour of their citizens.26 Two outstanding questions remain: Where does all of this
data come from, and what happens to those with a low social credit score?
18 For the evolution of the understanding of social credit in national policies, see Liu Xiaoyuan et al (2016)
Woguo shehui xinyong tixi jianshe yanjiu (On Constructing the Social Credit System in China) Zhishi chanquan
chubanshe at 85-91. For an account of the historical development of social credit system in national policies
from 2003 to 2011, see Liu Y et al (2014) ‘An Overview of Big Data Industry in China’ (December) China
Communications 2, at 2.
19 See Lei Yanfeng (2014) ‘Chaoyue fazhi: shehui chengxin tixi de guize zhili’ (Beyond the Rule of Law:
Rule-based Regulation under the Social Trustworthiness System) (4) Zhongnan Daxue Xuebao (Shehui Kexue
Ban) (Journal of Central South University [Social Science Edition]) 65, at 65-72. Lei and other scholars object
confounding the ‘social credit system’ (understood by them as essentially a financial credit system) with the
‘social trustworthiness system’ (shehui chengxin tixi). Nevertheless, ‘social credit system’ is now predominantly
used in both official and academic discourses to denote the comprehensive networked system of behaviour
rating and responsibility placing.
20 Liu et al, supra note 18, at 88.
21 Ibid, at 4.
22 ‘Creating a Digital Totalitarian State’ The Economist, December 17, 2016, at 20.
23 Ibid. According to the Economist, it was criticized by China Youth Daily and Beijing Times.
24 ‘Shanghai yanfa xinyong fenzhu jingzhun shizheng’ (R&D on Credit Scoring Facilitates Accurate
Governance in Shanghai) Wenhui News, August 4, 2016, 3. See also Creemers R et al., ‘What Could China’s
‘Social Credit System’ Mean for Its Citizens?’ Foreign Policy, August 15, 2016, available at:
25 Chin J, ‘China’s New Tool for Social Control: A Credit Rating for Everything’ Wall Street Journal, November
28, 2016, available at:
26 Ibid
The Transparent Self under Big Data Profiling
360 JCL 12:2
Big Data: Where Does all the Data Come from?
Although government officials can easily retrieve information concerning business entities
and individuals from the courts and state departments, that information is insufficient
to generate a comprehensive profile of individuals. To do so, the government has to
capture their nonfinancial activities. Eyeing the capture of more extensive Internet data
that can reveal a person’s social media use, online shopping activity and everyday habits,
the central authorities are keen to utilise big data technology. Big data sources include
administrative, transactional, sensor, tracking, behavioural and opinion data.27 In 2016,
as part of the 13th five-year plan (2016-2020), the CCP announced that the SCS would go
hand in hand with a series of social and economic initiatives utilising big data technology,
including a national big data strategy focusing on the opening up and sharing of data
resources.28 In other words, the SCS is intertwined with both government and society-
generated big data applications, both online and offline. As noted, China provides an
ideal big data and social laboratory. It has 1.3 billion citizens, and had 731 million Internet
users by the end of June 2016. The country’s internet penetration rate was 53.2%.29 Equally
impressive is China’s more than 695 million mobile phone users, nearly a quarter of whom
use their mobile phones only to go online.30 Furthermore, the authorities are armed with
a real name registration system that records the users of telecommunications services in
China,31 and such data can be easily and accurately matched with users’ identities.
Partnerships
The authorities are partnering with various Internet titans and private entities to unlock the
power of big data. As early as 2014, China boasted more than 50% of the world’s big data
enterprises32 specialising in the collection, aggregation, analysis and mining of data, the
building of cross-platform infrastructure, and the design of various big data applications.33
In 2013, China’s National Bureau of Statistics signed a series of agreements with 11 major
Chinese companies for long-term collaboration on the use of big data,34 including Baidu,
27 Administrative data include electronic medical, insurance, bank and school records; transactional
data include credit card and online transactions; sensor data include satellite imaging, climate sensors and
air pollution measurement devices; tracking devices include GPS and tracking data from mobile phones;
behavioural data include online searches; and opinion data include comments on social media. Cheng JHW,
‘Big Data for Development in China’ (UNDP, November 2014) at 3, available at:
28 ‘Zhonghua renmin gongheguo guomin jingji he shehui fazhan di shisan ge wu nian guihua gangyao’
(Outline of the 13th Five-Year Plan for the National Economic and Social Development of the PRC) (approved
by National People’s Congress, March 16, 2016).
29 China Internet Network Information Center, ‘Di 39 ci zhongguo hulianwang fazhan zhuangkuang tongji’
(No. 39 Statistical Report on China Internet Network Development), January 2017, 33.
30 China Internet Network Information Center, ‘Di 38 ci zhongguo hulianwang fazhuan zhuangkuang tongji
(No. 38 Statistical Report on China Internet Network Development), August 2016, 12.
31 ‘Quanguo renmin daibiao dahui changwu weiyuanhui guanyu jiaqiang wangluo xinxi baohu de jueding’
(National People’s Congress Standing Committee Decision Concerning Strengthening Network Information
Protection) (adopted by Standing Committee National People’s Congress on 28 December 2012, effective 28
December 2012).
32 Liu et al., supra note 18. at 4.
33 Ibid
34 National Bureau of Statistics of China, ‘Big Data and Official Statistics in China: Working Paper’ (United
JCL 12:2 361
yongxi chen and anne sy cheung
Alibaba and China Unicom.35 The country’s three Internet giants have all tapped into the
big data market. Baidu, the Chinese equivalent of Google’s search engine, for example,
operates its own Big Data Lab in Beijing,36 which has developed predictive programmes
for disease monitoring.37 Alibaba, China’s largest e-commerce company, makes use of
a wealth of financial information gleaned from its Taobao and Alipay programmes to
determine which businesses are worthy of loans.38 Tencent, the tech mobile giant that runs
WeChat, is using social data to identify the trendsetters within social groups to target them
in marketing so as to influence the spending habits of the other members of those groups.39
What is potentially worrying is that these companies share data with the government for
the SCS.40
China’s central bank once considered issuing licences to such companies as Tencent,
Alibaba and Ping An Insurance to develop experimental credit ratings for use in assessing
applicants for small business loans or consumer credit.41 In determining whether applicants
are creditworthy, these companies rely on such non-traditional indicators as Internet
search histories, mobile phone purchases and social media activity. By 2015, Tencent alone
had rated the creditworthiness of 50 million Chinese consumers using social networking
and computer gaming data.42
Beyond the lending and borrowing arena, Alibaba introduced Sesame Credit in 2015
as an internal rating system based on the spending habits of Alipay users.43 Credit scores
range from 350 to 950 points, with users scoring above 600 considered to be creditworthy.44
What is worrying is that individuals’ credit scores are based not only on their own lending
and spending habits but also on what the money in question is going towards and also
on the lending and spending habits of their friends.45 Although it is unclear whether the
Sesame Credit scoring system accurately predicts credit defaults, the system’s impact is
clearly being felt in the daily lives of Chinese citizens. For example, individuals’ Sesame
score affects the level of screening they are subjected to at airport security,46 the insurance
Nations Economic and Social Commission for Asia and the Pacific, February 2014), available at:
35 Cheng ‘Big Data for Development in China’ supra note 27 at 9.
36 Swanson A, ‘The Power of Big Data in China’ (CKGSB Knowledge, July 26, 2015) available at:
37 Ibid
38 Ibid
39 Ibid
40 See SCS Outline. For the public concerns raised by this system, see Clover ‘China: When Big Data Meets Big
Brother’ supra note 3.
41 ‘Yanghang yaoqiu ba jia jigou zuohao geren zhengxin yewu zhunbei gongzuo’ (The Central Bank Instructs
Eight Entities to Prepare for the Service of Credit Investigation Pertaining to Individuals) (Sina Finance, January
5, 2015), available at:
years later, the central bank nevertheless decided not to issue the licenses in view of the abuse in some applicants’
collection and use of personal credit information among other regulatory concerns. See ‘Geren zhengxin buke
xianluanhouzhi’ (Credit Investigations Pertaining to Individuals Should be Subject to Regulation Before Sliding
into Chaos) Caixin Weekly, May 1, 2017.
42 Clover C, ‘China P2P Lender Banks on Social Media Usage’ Financial Times, August 30, 2015, available at:
43 Florcruz, supra note 16.
44 Ibid
45 Clover ‘China: When Big Data Meets Big Brother’ supra note 3.
46 Since September 2015, Beijing International Airport has offered fast security screening to Sesame Credit
customers with credit scores of 750 or above. Luxembourg and Singapore airport are believed to soon follow
suit. Ibid
The Transparent Self under Big Data Profiling
362 JCL 12:2
premium they have to pay,47 their chances of adopting a pet from an animal shelter48
and even their placement on online dating services.49 Although some citizens enjoy the
convenience offered by the Sesame Credit scoring system,50 the other side of the coin is
that many can ill afford to remain outside the system regardless of what they think of it.
Furthermore, benefits and convenience to some mean sanctions and exclusion for others.
Sanctions
Despite the extensive reach of the Sesame scoring system, it is voluntary in nature.
The national SCS, in contrast, is mandatory, and the possible sanctions against the
untrustworthy are wide-ranging.51 For example, a low social credit rating can affect one’s
ability to travel, with reports suggesting that judgment defaulters (i.e. those defying a
court order) had been blocked from buying an airline ticket on approximately 5 million
occasions as of August 2016.52 This type of sanction is commonly used by the courts against
judgment defaulters, with such individuals also stopped from travelling on high-speed
trains.53 There are also reputational sanctions, with information on untrustworthy persons
or businesses disclosed on the national Credit China website54 or similar provincial
websites and on major news websites.55 Furthermore, a poor SCS score can also diminish
one’s employment prospects, with those deemed untrustworthy being barred from
the civil service and employment in public institutions.56 Even worse, not only are the
untrustworthy themselves punished, but the education of their children is affected, as the
latter are disqualified from studying in private schools.57
At the time of writing, both the official SCS and private credit scoring systems such
as the aforementioned Sesame system are only just beginning to flex their muscles. Many
pieces of information on the SCS, which seems to have been hatched by a dystopian
imagination, remain missing from the literature. Despite publication of the SCS Outline
and its implementing documents, a great deal of obscurity surrounds the issues of the
types of data likely to enter the system and the possible sanctions it entails. In addition,
the extent of the data sharing between the state and private sector remains unknown,58
and it is also unclear how data is being used, whether any algorithm is involved in ratings
47 Ibid
48 Ibid
49 Hatton C, ‘China ‘Social Credit’: Beijing Sets up Huge System’ BBC News, October 26, 2015, available at:
50 Ibid
51 See ‘Memorandum of Understanding on Imposing Joint Punishments’ supra note 5.
52 ‘Creating a Digital Totalitarian State’ supra note 22 at 22.
53 Ibid, at para. 19.
54 Supra note 51, para. 15. Also see the official portal of ‘Credit China’, available at:
55 Ibid, at para. 16.
56 Ibid, at para. 17.
57 Ibid, at para. 22.
58 In 2016, Jack Ma, the co-founder and CEO of Alibaba Group Holding LTD encouraged 1.5 million political
and legal officials to embrace internet data in their fight against crime and terrorism in a public speech. This
raises concerns about whether data held by Internet companies would be shared easily with the authorities.
Yang J and Abkowitz A (2016) ‘Alibaba’s Jack Ma Supports Internet Data Use in Fighting Crime’ Wall Street
Journal, October 25, 2016, available at:
JCL 12:2 363
yongxi chen and anne sy cheung
and what can be done about inaccurate data. Now is thus an opportune time to survey the
pilot legislation emerging in various regions of the country to make sense of the national
framework. The adequacy of such legislation for protecting personal data privacy is an
important starting point for an inquiry into ways of addressing the various challenges the
SCS poses to the fundamental interests of individuals.
E V O LV I N G L E G I S L AT I O N O N C R E D I T D ATA
Corresponding to the changing concept of social credit, legislation regulating social credit
data has evolved along with, and sometimes despite, the uncoordinated legal framework
governing the processing of various kinds of personal data held by various authorities.
The distinction between public law and private law bears heavily on China’s personal data
protection regime. That distinction is of even greater importance under the SCS, which
encourages the flow of big data on individuals amongst public authorities and private
entities.
Before the introduction of the comprehensive SCS, the central authorities promoted
a credit investigation system (zheng xin siting) as a pioneering project to improve the
credit environment of the market and encourage sincerity amongst business entities and
individuals.59 Individuals’ rights with respect to the collection and processing of their
own financial credit information were gradually recognised. Those rights were provided
primarily under the administrative rules issued by the People’s Bank of China in 200560 and
subsequently under the 2013 Regulations on the Administration of The Credit Investigation
Industry (RACII).61 The regulatory approach within RACII is inspired to some degree by
the US Fair Credit Reporting Act.62 Insofar as the credit investigation institutions and
entities providing credit data (e.g. commercial banks) are both private bodies, individuals
enjoy civil rights with regard to the protection of personal credit information. Such rights
include, among others, consent must be sought of the use of one’s credit records and
individuals have a right to access and rectify those records.63
However, with the central authorities’ moves to construct the SCS that we see today,
more complicated issues have arisen over the nature and scope of the rights pertaining to
personal credit records. As specified in the SCS Outline, government agencies collect—
and put to various uses—‘social credit information’, and such information extends
beyond the credit records used in economic transactions to encompass a great variety
of records pertaining to compliance with laws, administrative norms, moral standards
59 Although the State Council put forward the idea of social credit system in 2007, the policy thrust at that time
was to build a system of financial credit investigation. See ‘Guowuyuan bangongting guanyu shehui xinyong
tixi jianshe de ruogan yijian’ (Several Opinions on the Construction of the Social Credit System) (issued by the
General Office of State Council on March 23, 2007, Part I). Cf. SCS Outline of 2014, Part I, Sections (1) and (2).
60 The most comprehensive rule is the Interim Measures on the ‘geren xinyong xinxi jichu shujuku guanli
zanxing banfa’ (Basic Databases of Personal Credit Information) (issued by the People’s Central Bank of China
on August 18, 2005, effective October 1, 2005).
61 ‘Chenxinye guanli tiaoli’ (Regulations on the Administration of Credit Investigation Industry). This
regulation uses the term ‘personal credit information’ to refer to personal information on loans and transactions
and other information that may reflect an individual’s credit situation.
62 See Su Zhiwei et al. (2014) Shijie zhuyao guojia he diqu zhengxin tixi fazhan moshi yu shijian: dui zhong zhengxin
tixi jianshe de fansi (Development Model and Practice of the Credit Investigation Systems in Major Jurisdictions:
Reflections on Building the Credit Investigation System in China) Jingji kexue chubanshe.
63 Arts 17 & 25, RACII.
The Transparent Self under Big Data Profiling
364 JCL 12:2
and contractual terms. The rights of individuals concerning this broader range of credit
data held by government agencies belong to the realm of public law, and their legal basis
must be sought from laws other than the aforementioned RACII. The legislative and
administrative enactments concerning social credit data resulting from local pilot schemes
and the 2007 Regulations on Open Government Information (ROGI) have become the most
important sources of law on information rights.
Furthermore, a number of regions began experimenting with the construction of social
credit systems in the late 2000s, and introduced pioneering local legislation on the collection
and use of social credit data, including both local regulations and administrative rules.64
Such regulations and rules generally use the term ‘public credit information’ (gonggong
xinyong xinxi, PCI) to refer to information indicating an individual’s trustworthiness that
is generated or collected by the authorities in the course of exercising their public powers
(i.e. government agencies, judicial authorities, organs that exercise administrative power
under the authorisation of laws and regulations) or by public service providers. PCI is
thus distinct from financial credit information, which is processed by credit investigation
bodies, and is in essence equivalent to ‘social credit information’ referred to in the SCS
Outline. This article uses PCI to refer to credit information regulated by local enactments.
After promulgation of the national SCS Outline, local legislation accelerated in the
developed coastal cities of China. Most focuses on elaborating the categories of PCI subject
to sharing amongst government agencies and the purposes for which such information
can be used, as well as the rights of ‘information subjects’ to processed information.65 The
following sections of the article review typical examples of local legislation enacted since
2014.
C O L L E C T I O N O F C R E D I T D ATA
Local legislation invariably allows the extensive collection and use of PCI, a situation that
derives from the holistic approach adopted by the SCS to curtail rampant fraud in economic
transactions and evasions of basic social obligations. This holistic approach focuses on
64 Local regulations made by People’s Congresses at the provincial or prefectural level and capable of creating
actionable rights. Administrative rules are enactments made by provincial and prefectural governments that
have general binding effect. See for example ‘Shanxisheng gonggong xinyong xinxi tiaoli’ (Shaanxi Provincial
Regulations on Public Credit Information) (promulgated by Shaanxi Provincial People’s Congress on November
1, 2011). Administrative rule is a source of law but is not capable of creating actionable rights. See for example
‘Hangzhoushi gonggong xinyong xinxi guiji he shiyong zanxing banfa’ (Interim Measures of Hangzhou City
on the Collection and Use of Public Credit Information) (issued by the Hangzhou City Government on Oct. 1,
2009).
65 Typical local regulations include ‘Wuxishi gonggong xinyong xinxi tiaoli’ (Regulations of Wuxi City
on Public Credit Information) (promulgated by Wuxi City People’s Congress on December 4, 2015) (Wuxi
Regulations hereafter); ‘Hubeisheng shehui xinyong xinxi guanli tiaoli’ (Hubei Provincial Social Credit
Information Regulations) (promulgated by Hubei Provincial People’s Congress on May 30, 2017, effective July
1, 2017) (Hubei Regulations hereafter).
Typical local administrative rules include: ‘Shanghaishi gonggong xinyong xinxi guiji he shiyong’ (Shanghai
Municipal Provisions on the Collection and Use of Public Credit Information) (issued by Shanghai Municipal
Government on December 30, 2015) (Shanghai Rules hereafter); ‘Wuhanshi gonggong xinyong xinxi guanli
banfa’ (Provisions of Wuhan City on Public Credit Information) (issued by Wuhan City Government on July 20,
2016) (Wuhan Rules hereafter); Hangzhoushi gonggong xinyong xinxi guanli banfa’ (Provisions of Hangzhou
City on Public Credit Information) (issued by Hangzhou City Government on August 28, 2016) (Hangzhou Rules
hereafter).
JCL 12:2 365
yongxi chen and anne sy cheung
introducing incentive schemes for ‘faith keeping’ across government departments,
industries and societal sectors. The most prominent such scheme is a joint punishment/
reward mechanism that amplifies the consequences of particular behaviour beyond the
original context into other spheres of the wrongdoer’s life, thereby markedly raising
the cost of misbehaviour. The system relies not only on a combination of mechanisms
implemented by state agencies, market participants, and individuals, but also on the
smooth flow of credit records, i.e. on the sharing of knowledge about the behaviour
concerned amongst those agencies/participants/individuals. Although the collection and
use of credit records serve the general purpose of credit-based decision-making, that
purpose is highly malleable and may differ from the purposes for which those records
were originally generated by a particular government department or collected from a
particular entity of an industry or a sector. As revealed by the analysis below, purpose
limitation as an essential component of data protection is largely ineffective under the
policy documents and local legislation on social credit.
SCS operation begins with the collection of social credit records by the agencies in charge
of social credit (‘SC authorities’ hereafter). The major form of collection is transferring
the records that are generated by various responsible agencies to dedicated information
systems at given levels (‘PCI platforms’ hereafter). The scope and categories of the collected
records, a considerable portion of which is personal information,66 are determined by local
governments rather than local legislatures, primarily by SC authorities.67 Following the
RACII approach, local PCI legislation forbids the collection of certain sensitive personal
information, including genetic data, blood types, fingerprints, and information on diseases
and religious beliefs.68 Unlike the collection of financial credit information under RACII,
however, government agencies do not need to obtain the consent of data subjects to collect
PCI, nor do they need to satisfy any purpose limitation rule.69 In addition, most local
legislation does not vest individuals with the right to be notified about the transfer of
discrediting records from agencies to PCI platforms.70
Under current local legislation, PCI generally consists of two major categories: (1)
identity information on individuals, e.g. ID numbers or social security registration, and
(2) credit records generated or acquired by government agencies in the exercise of their
administrative powers or in the course of providing public services.71 Credit records
encompass both positive assessments received by an individual (e.g. recognition and
66 Another part of information is records concerning enterprises which are regulated by a special system of
enterprise.
67 The reform and development department, one of the most powerful government branches, is usually
designated as the SC authority at local levels. See Wuxi Regulations, Wuhan Rules, and Hangzhou Rules. Hubei
Regulations require the provincial government to approve the collection scope.
68 Cf. Art. 14, RACII.
69 Article 13 of the RACII stipulate that collection of personal information should obtain the consent of the
subject of the information, unless for information which should be disclosed pursuant to or administrative
regulations.
70 The only exception is the most recent Hubei Regulations. See Art. 23. The same article provides nevertheless
that laws and other regulations can mandate the transfer without notifying the information subjects. In contrast,
Article 15 of the RACII stipulates that provision of bad [financial] credit information about an individual to a
credit investigation institution should be conducted only after the individual concerned is informed, except for
information that is disclosed pursuant to laws and regulations.
71 These two categories are common to all local legislation and normative documents on SCI reviewed in this
article.
The Transparent Self under Big Data Profiling
366 JCL 12:2
rewards) and ‘discrediting information’, e.g. information on the violation of or failure
to comply with legal, contractual or even ethical requirements. The common types of
misbehaviour logged in discrediting information correspond to those prescribed under
the SCS Outline, including tax evasion, the non-payment of administrative fees, failure
to perform the obligations prescribed in court judgments, being subject to administrative
penalties or coercive measures, being held liable for accidents that affect public, food or
work safety or environmental protection, being prohibited by the regulatory authorities
from entering certain industries, and fraud in business transactions, state-held exams
or social security applications. Disruptive behaviour while using public services is also
included. Such behaviour common in China includes ticket evasion on public transport
and disturbances in hospitals by patients dissatisfied with medical treatment.
In addition to agency-submitted records, the SC authorities in some regions are
allowed to gather records from non-state credit service providers, industry associations
or the media.72 They may also receive discrediting information on individuals from
members of the public after confirmation with both the individuals concerned and the
agency with jurisdiction over the activity in question. The SC authorities may then record
that information in the PCI platforms.73 Compared with the credit records generated by
government agencies following statutory procedures, those generated by other parties
may be of questionable reliability. Possibly because of this concern, the most recent PCI
legislation, Hubei Provincial Social Credit Information, imposes an obligation to seek
consent for the collection of credit records from non-state organisations,74 although other
legislation lacks any such obligation. The earlier experience of Shanghai demonstrated
that the mere mention of a consent obligation in legislation fails to ensure that consent is
indeed sought before the government extends PCI collection to any records it sees fit.75
U S E O F C R E D I T D ATA
Breaking the geographical and jurisdictional barriers to PCI use is the major rationale
for the SCS. The integration of PCI into unified platforms enables its exploitation by
various parties, as called for by the SCS Outline. In addition, as a government information
resource, massive PCI datasets in China are concurrently governed by the Action Outline
for Big Data Development (‘Big Data Outline’ hereafter), which actively promotes the
cross-departmental sharing of government data to enhance governance capacity and
opens data for social applications to facilitate a data-driven economy.76 Based on the two
72 Art. 16, Wuxi Regulations; Art. 15, Hubei Regulations.
73 Art. 30, Hangzhou Rules.
74 Art. 17, Hubei Regulations.
75 Under an earlier local pilot scheme which combined financial credit information and PCI, Shanghai
government had once stressed that collection of PCI generated by entities other than public authorities should
be based on consent. See Art. 7, ‘Shanghaishi geren xinyong zhengxin guanli shixing banfa’ (Shanghai Interim
Provisions on the Investigation of Personal Credit) (issued by the Shanghai Municipal Government on December
28, 2003, effective February 1, 2004). However, until the interim provisions were substituted for by the Shanghai
Rules 2015, the Shanghai government had included into the PCI platform a great variety of non-government
information without consent of the data subjects, such as vehicle renting records, overdue notices on books
borrowed from municipal libraries, and payment logs for electricity. See ‘Shanghai mairu “shehui xinyong
guanli” shidai’ (Shanghai Enters the Era of ‘Social Credit Management’) Liberation Daily, August 17, 2008; ‘Bei
wudu de xinyong jilu’ (Credit Records Being Misunderstood) Jingshen wenming bao, October 10, 2014, 1.
76 See Big Data Outline, supra note 4.
JCL 12:2 367
yongxi chen and anne sy cheung
national policy frameworks, PCI users can be divided into three groups: government
agencies, whose access to PCI is via inter-agency sharing; non-state entities providing
credit services, whose access is via authorisation; and businesses and individuals, whose
access is primarily via the SC authorities’ proactive publication of PCI.
Inter-Agency Sharing
Under local legislation, government agencies can access the credit records stored in local
PCI platforms in the course of discharging their responsibilities.77 The Interim Measures
on the Sharing of Government Information Resources, a policy document implementing
the Big Data Outline, explicitly mandates the sharing of credit information within the
overall government apparatus.78 The recent guidelines issued by the General Office of
the State Council further emphasise the necessity of unified standards for PCI collection,
categorisation, and sharing and of enhancing the interconnection and interoperability
of PCI platforms across the country.79 In addition, a comprehensive credit information
sharing system is under construction on the basis of the national data exchange platform,
which by December 2016 had aggregated PCI submitted by 37 departments of the State
Council and government agencies from 31 provincial-level regions.80 It is expected that in
the near future most government agencies will be allowed to access all PCI generated or
acquired by their counterparts across the country.
Furthermore, government agencies are required to request and use PCI under
prescribed circumstances, most of which relate to the joint punishment or reward
scheme. The scheme mainly covers the exercise of regulatory powers (such as licensing
and punishment), government procurement, the granting of financial subsidies and the
management of civil servants.81 The scope of ‘mandatory PCI use’ is determined by local
governments or their agencies.82 Those agencies are thus allowed, and even encouraged,
to perform the automatic matching of the personal information contained in various PCI
databases for any purpose related to the exercise of their administrative powers.
77 See for example Art.18, Hangzhou Rules; Art. 21, para. 1, Hubei Regulations.
78 Art. 10(3), ‘Zhengwu xinxi ziyuan gongxiang guanli zanxing banfa’ (Interim Measures on the Sharing
of Government Information Resources) (issued by State Council on September 5, 2016). According to the
Measures, information resources generated or collected by government agencies in the course of discharging
their responsibilities should generally be subject to sharing with other agencies. Exempting information from
sharing is only warranted by ‘laws, administrative regulations or policies made by the Central Committee of the
Chinese Communist Party or the State Council.’(Art. 10 (1)). In particular, ‘information resources concerning the
same theme of economic and social development and generated by various agencies together’ should be shared
inter-departmentally through the sharing platforms at different levels. Credit information is a highlighted
example of such resources. (Art.10 (3)).
79 Part V, Section 1, ‘Guowuyuan Bangongting Guanyu jiaqiang geren chengxin tixi jianshe de zhidao yijian’
(Guiding Opinions of the General Office of State Council on Strengthening the Construction of the System for
Individual Integrity) (issued on December 23, 2016) (hereinafter Guidelines on Individual Integrity).
80 Yuandian Credit, ‘2016 zhongguo shehui xinyong tixi quanjing baogao’ (Annual Report on China’s Social
Credit System Construction) (Yuandian Xinyong Wang, January 2017) at 7, available at:
(Officials in the National Development and Reform Commission Receives Interview on The Action Outline for
Big Data Development) (The SDPC’s Website, September 2015), available at:
platform by 2018 to cover all government departments at the central level. See Part III, Section I(1) of the Outline.
81 See for example Art. 18, Shanghai Rules; Art. 27, Wuxi Regulations; Art. 24, Hubei Regulations.
82 Ibid
The Transparent Self under Big Data Profiling
368 JCL 12:2
As in the case of PCI collection, local legislation does not confer individuals with
the right to object to the inter-agency sharing of PCI, and neither does it provide any
mechanism for an agency sharing PCI to set limits on the purposes for which other agencies
can use that information, despite such limits being permitted in the Interim Measures on
the Sharing of Government Information Resources.83 However, in an attempt to inhibit PCI
abuses, some local legislation requires agencies and PCI platform operators to keep logs
of the collection, alteration, and deletion of PCI and access to such information,84 whilst
other such legislation instructs agencies to specify the procedures for authorising internal
personnel access to PCI.85
Use by Non-State Parties upon ‘Authorisation’
Compared with government agencies, non-state parties are subject to greater restrictions
on their access to PCI. All current local legislation provides a general rule specifying that
private parties should obtain authorisation from the individuals concerned before seeking
access to PCI on them that has not been published by the government.86 Although that
rule seemingly increases individuals’ degree of control over their PCI, its enforcement is
challenged by the government’s strong inclination to facilitate the access of credit service
providers.87
Local legislation notably stresses that SC authorities should encourage and support
credit service providers to access and use PCI in developing credit products,88 echoing
the provisions of both the SCS Outline89 and Big Data Outline.90 In some regions, SC
authorities are instructed to afford credit service providers bulk access to the records
held by PCI platforms if certain information security requirements are met.91 However,
concerns may be raised about whether those authorities sometimes discretionarily grant
access to providers that have not obtained the consent of all individuals concerned. A case
83 Article 14 of the Interim Measures provide that ‘the user shall only use the information obtained from the
sharing platform for the performance of its functions according to the specified use purpose, [and] shall not
directly or indirectly use the information for any other purpose.’
84 See for example Art. 29, Wuxi Regulations.
85 See for example Art. 19, Shanghai Rules; Arts. 19 & 33, Hangzhou Rules.
86 Art.16, Shanghai Rules; Art. 23, Wuxi Regulations; Art. 21, Hangzhou Rules (which further requires written
consent of information subjects); Art. 19, Hubei Regulations. The imposition of authorization by the subject of
credit information may be inspired by the similar requirements under the financial credit investigation. See
Art. 13, RACII.
87 Credit service providers mainly refer to for-profit intermediary organizations that are engaged in credit
investigation, credit rating, credit consulting and other credit-related service. See Zhejiang Provincial Interim
Measures on Credit Service Organizations (issued by Zhejiang Provincial Commission for Development and
Reform on August 21, 2007).
88 See Art. 25, Shanghai Rules; Art. 28, Wuxi Regulations; Art. 24, Wuhan Rules; Art. 20, Hangzhou Rules; Art.
25, Hubei Regulations.
89 See SCS Outline, Part IV entitled ‘Accelerating the Construction and Application of Credit Information
System’.
90 See Big Data Outline, Part III, Section 1.2 entitled ‘Steadily Advancing the Openness of Public Data
Resources’.
91 Art. 20, para. 3, Shanghai Rules; Art.22, Hangzhou Rules; Art. 23, para. 3, Wuhan Rules.
It is noteworthy that no equivalent stipulation is available under the RACII whose approaches to the collection
and processing of financial credit information are followed by most local SCI legislation. Article 18 of the RACII
provides unequivocally that credit information holders should not allow access by the third parties which have
not obtained consent from information subjects, unless otherwise prescribed by the laws.
JCL 12:2 369
yongxi chen and anne sy cheung
in point is the problematic operation of the aforementioned Sesame Credit scoring system
offered by a branch of Internet giant Alibaba, which operates China’s largest e-commerce
platform Taobao.92 Sesame Credit offers credit scoring for tens of millions of Taobao users
based on diverse sources, including the records held by such government PCI platforms as
those of Shanghai and Hangzhou.93 The company claims that credit scores will be available
to Taobao users who subscribe to Sesame Credit services and authorise the company to
access their personal credit information.94 However, personal credit information on every
Taobao user is likely to have been collected and processed before any such authorisation
has been granted, as Sesame Score is readily available to subscribers as soon as they
accept the service agreement.95 The so-called ‘retrospective authorisation’ obtained by the
company is by no means proper authorisation under the Shanghai Municipal Provisions
on the Collection and Use of Public Credit Information and Provisions of Hangzhou City
on Public Credit Information . The apparent failure to obtain consent from data subjects
in this case adversely affects the reliability of the whole system for PCI sharing between
the government and private market entities, particularly given the massive coverage of
Alibaba users and growing market influence of Sesame Credit.96
In addition, the outsourcing of PCI processing may also open the door for further
circumvention of the requirement to obtain consent from data subjects. In several regions,
including Shanghai and Shenzhen, it was non-state organisations that assumed the role of
collecting both financial credit information and PCI in the 2000s.97 Later, the non-financial
credit system has been separated from the financial credit investigation system and
integrated into government-owned PCI platforms. Platform operators that find themselves
short of technological capacity tend to entrust market-based organisations with PCI
processing and the provision of credit services to PCI users. For instance, the Shanghai SC
authority has commissioned a leading credit rating company to develop comprehensive
credit scores for 24 million residents based on their PCI. The scoring results are allegedly
the largest big data application in the field of social credit, and will likely constitute an
important component of the Shanghai government’s joint punishment scheme.98 Given
that the company is concurrently offering credit ratings and consulting services to local
consumers,99 there is a risk that the entrusted PCI may be exploited for the company’s
self-enrichment without the knowledge of the data subjects. Unfortunately, no current
legislation mentions the regulation of PCI outsourcing.
92 See discussion in Part IB of this article.
93 See Sesame Service Agreements as of December 25, 2015, available at:
94 Ibid
95 See ‘Zhima xinyong mo shitou guohe’ (Sesame Credit Crosses the River by Touching Stones) Caixin Weekly,
No.7, February 16, 2015.
96 Sesame Credit is among the first eight credit service providers which are being considered by the Chinese
People’s Bank for granting license for financial credit investigation, which means that it can be an important
role player in combining nationwide the services on PCI and financial credit information. See ‘The Central Bank
Instructs Eight Entities to Prepare for the Service of Credit Investigation Pertaining to Individuals’, supra note
41.
97 See Cao X, ‘Gonggong guanli shijiao xia de shanghai xinyong zhidu jianshe’ (Credit System Construction in
Shanghai: From the Perspective of Public Administration) (unpublished Master’s Dissertation of Shanghai Jiao
Tong University, 2010) at 26.
98 ‘R&D on Credit Scoring Facilitates Accurate Governance in Shanghai’, supra note 24.
99 See the company’s ‘Self-introduction’, available at:
The Transparent Self under Big Data Profiling
370 JCL 12:2
Proactive Disclosure
Individuals’ control over PCI is further weakened by the government’s proactive
disclosure of selected records. Whilst the inter-agency sharing of PCI is aimed primarily
at enabling government-imposed joint punishments,100 the public disclosure of PCI serves
as a collaborative disciplinary tool exercised by business entities and individuals. The SCS
Outline and its implementing measures highlight the publication of records on ‘serious
discrediting behaviours’ (often labelled as blacklist items) to effectuate ‘social discipline’,
which places the record subjects under public criticism and moral pressure, as well as
‘market discipline’, which includes restrictive measures imposed by industry associations
and discriminative treatment by business operators.101 The Guidelines on Joint Rewarding
and Joint Punishment explicitly endorse the reuse of disclosed PCI by third parties,
encouraging the inclusion of such records in financial credit reports and their analysis in
commercial reputation rankings.102
Local PCI legislation regulates ‘open PCI’ differently. Some such legislation stipulates
that PCI concerning individuals is generally not publicly available,103 whereas some
permits the SC authorities to define the scope of PCI subject to proactive disclosure.104
The 2017 Hubei Regulations even provides that all PCI should be published unless laws
and regulations prescribe otherwise.105 These divergent approaches reflect the uncertain
attitudes amongst agencies towards government transparency.
Open PCI is governed primarily by the 2007 ROGI, which requires government
agencies to proactively disclose information that ‘involves the vital interests of citizens
or organizations’ or matters ‘that need to be extensively known or participated in by the
general public’.106 ROGI generally exempts information concerning privacy from disclosure,
but allows agencies to release such information if they consider that non-disclosure would
exert a major negative impact on the public interest.107 Great discretion is thus vested in
government agencies. Research shows that local agencies tend to deny activists’ access
to administrative penalty decisions despite the fact that the disclosure of anonymised
decisions would enable the public to monitor the exercise of administrative power.108 In
the SCS context, however, the central authorities have undergone a remarkable attitudinal
shift, actively mandating the publication of administrative penalty decisions that name the
individuals being penalised.109 That shift is associated with the SCS policy to expose what
is considered to be ‘serious discrediting behaviour’.
100 Joint punishment of this kind is usually called ‘administrative/regulatory discipline’ in policy documents
on SCS.
101 See Part V, Section 1, SCS Outline; Part VI, Sections 2 & 3, Guidelines on Individual Integrity.
102 Points 11 through 13, 26, Guidelines on Joint Rewarding and Joint Punishment.
103 Art. 24, Shaanxi Regulations; Art. 21, Wuxi Regulations; Art. 19, Wuhan Rules.
104 Art. 16, Shanghai Rules; Art. 17, Hangzhou Rules.
105 Art. 19, Hubei Regulations.
106 Art. 9, ‘Zhengfu xinxi gongkai tiaoli’ (Regulations on Open Government Information) (promulgated by the
State Council on April 5, 2007, effective May 1, 2008).
107 Art. 14, para 4, ROGI.
108 Chen Y (2015) “Privacy and Freedom of Information in China: Review through the Lens of Government
Accountability” 1 European Data Protection Law Review 265 at 274-275.
109 These instructions sought to implement the State Council’s calls. See ‘2015 nian zhengfu xinxi gongkai
gongzuo yaodian’ (2015 Key Initiatives of Open Government Information) (issued by the General Office of the
JCL 12:2 371
yongxi chen and anne sy cheung
A similar extensive list of serious discrediting behaviour is provided in all local
legislation. Yet the disclosure of such behaviour does not serve the same purpose. Some
of the enumerated behaviour indeed involve the vital interests of citizens, as referred to in
ROGI, such as ‘activities severely endangering the health and safety of the public’ in the
areas of food and drug safety, environmental protection, construction quality, production
safety and fire prevention.110 Some conduct may not directly affect livelihoods, but their
disclosure is considered essential for some compelling public interest. For instance, the
public naming of judgement defaulters is acknowledged to be necessary for inhibiting the
prevalent circumvention of obligations imposed by effective judicial rulings.111 There is
another sweeping category of behaviour whose disclosure serves obscure interests, that
is, ‘deliberative refusals to perform legal obligations and hence seriously jeopardizing
the credibility of judicial authorities and administrative authorities’.112 All evasions of
administrative penalty decisions fall within this category. Their indiscriminate disclosure
raises concerns about disproportionality and fairness. Substantial differences exist in
the social impact of such behaviour, as well as in individuals’ faults in engaging in it.
Subjecting individuals punished on various grounds to the same level of exposure does
not correspond to the gravity of their contraventions, nor to the normal understanding
of ‘serious’ discrediting behaviour. The correctness or appropriateness of administrative
penalties also varies. Administrative decisions may be reached in accordance with
government-issued rules that are not necessarily consistent with the law. Such decisions
are inferior to judicial rulings in terms of the openness and fairness of the decision-making
process, impartiality of the decision-maker and rigorousness of the evidential rules. They
are also not necessarily final or legally binding because their legality can be reviewed by
the courts. Accordingly, public trust in administrative decisions is weaker than public
trust in judgements.
It is doubtful whether the indiscriminate publication of ‘serious discrediting records’,
those on administrative penalty decisions in particular, creates positive incentives for
‘keeping faith’ or being ‘sincere citizens’. It does, however, raise privacy concerns. For
example, it enables the profiling of an individual based exclusively on sanctions imposed
upon him or her by the government, information on which used to be scattered and not
readily accessible. Legislative attempts to make such publication mandatory have indeed
been criticised by some mainland lawyers.113 According to these critics, citizens’ privacy
rights are inevitably compromised by the publication of certain contraventions occurring
State Council on April 3, 2015).
110 Point 9, Guidelines on Joint Rewarding and Joint Punishment.
111 ‘Zuigao renmin fayuan guanyu gongbu shixin bei zhixing ren mingdan xinxi de ruogan guiding’
(Several Provisions on Publishing the Name List of Untrustworthy Personals Subject to Judicial Enforcement)
(promulgated by the Supreme People’s Court on July 16, 2013, effective October 1, 2013). The Provisions
were amended on 16 January 2017. The name list can be found at the online portal, ‘Zhongguo zhixing xinxi
gongkai wang’ (Open Information of Judgement Enforcement in China), available at:
(2013) ‘Gongbu shixin bei zhixing ren mingdan zhidu de shehui xiaoying’ (The Social Effects of the System
of Publishing the List of Untrustworthy Judgment Defaulters), (9) Chongqing shehui kexue (Chongqing Social
Sciences) 30, at 30-36.
112 Point 9, Guidelines on Joint Rewarding and Joint Punishment; Part VI, Sections 2, Guidelines on Individual
Integrity. The records of this category of behavior are also subject to publication under the Hubei Regulations
(Art. 29) and the draft Shanghai Regulations (Art. 26).
113 See Arts. 20 & 26 of the Draft Shanghai SCS Regulations.
The Transparent Self under Big Data Profiling
372 JCL 12:2
in the private domain, including, for example, the concealment of disease in contraction of
marriage or of infidelity to a spouse.114 Such criticism is broadly consistent with the rationale
for introducing privacy exceptions to public trials and the publication of judgments. All
three Chinese laws governing litigation proceedings allow for the exemption of cases
concerning privacy from open trial.115 The Supreme People’s Court (SPC) also forbids the
online publication of ‘information concerning privacy’ in rulings on familial disputes and
personality rights and also of the full names of parties to marriage and succession cases.116
In this regard, secrecy in at least some part of family life is protected by the law. However,
there is no Chinese legislation defining the content of the right to privacy. According to
dominant civil law doctrine, as an element of the right to privacy, ‘private information
protected from disclosure’ refers to information that is irrelevant to the public interest
or to the interests of other persons.117 The implication is that information on a violation
of the law may not amount to ‘private information’ if that violation implicates the public
interest.118 Furthermore, civil law doctrine does not cover the right to privacy against the
intrusion of public authorities. In this regard, the scope of privacy is far from clear in the
public law context, and is hardly an operable defence for citizens looking to restrict the
proactive release of PCI by the government.
The only restriction on such disclosure imposed by local legislation is the setting of
an expiry date for access to all discrediting records: five years after commission of the
recorded behaviour119 or five years after generation of the record120 unless otherwise
prescribed by the state. Expired records are to be neither disclosed nor used. Although this
‘sunset clause’ to the accessibility of PCI arguably reduces the perpetuation of negative
track records, it affords data subjects no role in, let alone any control over, the selection of
PCI for disclosure. Furthermore, no local legislation has ever sought to regulate the reuse
of disclosed PCI by third parties, a perilous omission given the strong possibility of an
individual’s discreditable past being exploited to his or her detriment.121 Prevention of
the storage and use of expired records by third parties has received little attention to date.
114 See ‘Shi renda “weitingzhenghui” shouci zoujin shequ, dang shehui xinyong yushang geren yinsi’
(Municipal Congress Holds ‘Mini Hearing’ in the Community for the First Time; When Social Credit Meets
Privacy), Wenhui News, 30 August 2016; ‘Shanghaishi shehui xinyong tiaoli zhengqiu yijian, 12 wei daibiao
ming yu yijian’ (Shanghai Social Credit Regulation Draft Seeking Public Comments, 12 Representatives from
the Community Airing Their Views) (Eastern Radio Online, August 30, 2016), available at:
115 See Art. 183, Criminal Procedure Law (amended 2012); Art. 134, Civil Procedure Law (amended 2012); Art.
54, Administrative Litigation Law (amended 2015).
116 Arts. 8 & 10, ‘Zuigao renmin fayuan guanyu renmin fayuan zai hulianwang gongbu caipan wenshu de
guiding’ (Provisions on Publishing Judgments onto the Internet by the People’s Courts) (issued by the Supreme
People’s Court on July 25, 2016, effective October 1, 2016).
117 See Zhang Xinbao (2004) Yinsiquan de falü baohu (di er ban) (Legal Protection of the Right of Privacy [Second
Edition]) Qunzhong chubanshe at 6-7; Wang Liming (2005) Rengequan fa yanjiu (On the Right of Personality)
Zhongguo remin daxue chubanshe at 561-564.
118 The implication can be found in Wang On the Right of Personality, supra note 117 at 563. For doctrinal
development until the enactment of Tort Liability Law, see Gao Shengping (2010) Zhonghua Renmin Gongheguo
Qinquan Zeren Fa: Lifa zhengdian, lifali ji jingdian anli (PRC Tort Liability Law: Issues, Legislative Pattern, and
Cases) Beijing daxue chubanshe at 648-649. For the judicial understanding of privacy in the context of FOI, see
Chen, supra note 108, at 269-270.
119 Art. 27, Shanghai Rules; Art. 20, Wuhan Rules; Art. 24, Hangzhou Rules; Art. 30, Draft Shanghai Regulations.
Their inspiration is likely to be the provision on expiry of financial credit record under Article 15 of the RACII.
120 Art.5, Wuhan Rules.
121 Even the ‘good records’ of individuals may be abused by third parties to seek profits. Alibaba had
JCL 12:2 373
yongxi chen and anne sy cheung
Overall, local PCI legislation does not allow individuals to exert effective control over
the collection and use of their personal credit data. It remains to see whether it enables
individuals to ensure the accuracy of such data.
A C C E S S A N D C O R R E C T I O N R I G H T S
Weak Legal Basis for Rights
A converging trend that has emerged in local legislation is the recognition that individuals
have certain interests as data subjects. Accordingly, individuals are entitled to access their
own PCI after providing proof of identity to the authorities concerned or to the credit portal
operators holding the information.122 Furthermore, individuals are permitted to dispute
PCI that they deem inaccurate. The authorities generating, or credit portal operators
holding, the information must then verify its accuracy and rectify or delete any erroneous
records.123 PCI legislation closely resembles RACII and its implementing measures with
respect to the procedures and standards for access to and the correction of financial credit
information. Policy makers seem to be extending the regulatory approach from financial
credit information to PCI, which is a commendable move.
Nevertheless, stipulating or implying a channel for access to and the rectification
of PCI in administrative rules or policy documents does not confer legally enforceable
rights. Under Chinese public law, judicial remedies are available primarily for violations
of rights of the person and property rights (right to privacy not included). Individuals
cannot sue the administrative agencies for activities affecting any other rights or interests
unless a specific law or regulation so prescribes.124 Thus, in legal terms, individuals can
enforce their rights to access and rectify their PCI only as far as the information concerned
is generated or held by a government agency in a jurisdiction in which local regulations
recognise such rights. To date, only Shaanxi Province and two cities in Jiangsu Province,
namely, Wuxi and Taizhou,125 have adopted local regulations of this kind. The Shanghai
Municipal People’s Congress is deliberating on a draft regulation which explicitly provides
for the right to both access and rectification.126 The disparity in the legal enforcement of
PCI policies in different regions not only causes unfairness in data protection, but also
included its users with high Sesame Credit scores into a new social networking platform as an attempt to
increase Alibaba’s influence in the social networking market. The platform was reported to involve indecency
and was closed by Alibaba with apology. As mentioned above, Sesame Credit scores are based on PCI and other
factors. See ‘Zhifubao “quanzi fengbo” houxu: zhima xinyong fansi zheng xin shiyong bianjie’ (Aftermath of
the Controversy over Alipay’s ‘Circle’: Sesame Credit Rethinks the Confines of the Use of Credit Investigation,
21 Shiji Jingji Baodao (21st Century Business Herald), December 9, 2016, available at:
122 See, for example, Art.16, Shanghai Rules; Art. 23, Wuxi Regulations; Art. 21, Hangzhou Rules.
123 Arts. 28 through 30, Shanghai Rules; Arts. 31 & 32, Wuxi Regulations; Arts. 26 through 28, Hangzhou Rules.
124 See Art. 12, Administrative Litigation Law (promulgated by the Standing Committee National People’s
Congress, April 4, 1989, amended November 1, 2014, effective May 1, 2015).
125 See Wuxi Regulations, supra note 65, and ‘Taizhoushi gonggong xinyong xinxi tiaoli’ (Taizhou’s Municipal
Regulations on Public Credit Information) (adopted by the Taizhou City People’s Congress on July 29, 2016,
effective October 1, 2016).
126 Arts 29 & 31, ‘Shanghaishi shehui xinyong tiaoli (caoan)’ (Shanghai Municipal Social Credit Regulations
(Draft), published for public comments on December 31, 2016). See Shanghai Government Portal, available at:
The Transparent Self under Big Data Profiling
374 JCL 12:2
weakens the accuracy of a data system that purports to overcome jurisdictional limits on
the flow of data.
Limits Imposed by Personal Archive Regime
It is noteworthy that the national regulation on freedom of information (FOI) have bearing
on information rights related to PCI, which also constitutes government information.
ROGI, which entered into effect in 2008, creates a general right to request the disclosure
of information held by government agencies, subject to certain exemptions.127 In the
absence of specific legislation on personal information protection, ROGI further confers
a specific right on the subjects of government-held personal information. Article 25 of
ROGI guarantees individuals access to ‘government information about themselves such as
tax and [administrative] fee payments, social security and medical care information’ and
allows them to request the correction of such information if it is not recorded accurately.128
Ambiguity arises, however, concerning how far the scope of ‘information about themselves’
extends beyond the categories enumerated by the article. Nevertheless, social credit
records pertaining to social security or the payment of taxes and administrative fees—
the typical records specified in most local PCI legislation—arguably fall neatly within the
ambit of this ‘subject access right’.
Although ROGI appears to provide extra guarantees affording citizens control over
their own PCI, its utility is reduced by the party-state legacy of ‘personal archives’ (geren
dangan), a point that is best illustrated by a judicial review case concerning Article 25:
Xie v. Education Bureau of Rugao City.129 The plaintiff in the case was a primary school
teacher who had been dismissed by the education authority in 1983 based on allegations
that he had violated family planning policies. Resorting to ROGI, he requested access
to his personal archives, which were held by the defendant, to determine the decision-
making process leading to his dismissal. The defendant refused, citing a provision in the
Cadre Archives Regulations of 1991 stipulating that ‘no one shall be allowed to consult or
borrow the personal archives about himself or his intermediate relatives’.130 In upholding
the nondisclosure decision, the court held that the requested information constituted
‘personal archives’, and thus fell outside the scope of government information prescribed
by ROGI.131 In fact, however, ROGI defines government information as information made
or obtained by the administrative agencies in the course of exercising their powers and
recorded and stored in a given form,132 which obviously covers all government-held
personal archives. ROGI is at a higher level in the hierarchy of sources of law than the Cadre
Archives Regulations (which, despite its title, is actually an administrative rule issued by a
127 Art. 13, ROGI.
128 Art, 25, ROGI.
129 ‘Xiemou su rugaoshi jiaoyuju’ (Xie v. Education Bureau of Rugao City), People’s Court of Rugao City, October
2011). See ‘Minban jiaoshi zaowu bei chuming yaoqiu chayue dangan bei bohui’ (Private Teacher Dismissed
Decades Ago Sued for Denial of Access to His Personal Archives; His Claim Was Rejected) (Jiangsu Online,
October 11, 2011), available at:
130 Art. 31(5), ‘Ganbu dangan gongzuo tiaoli’ (Cadre Archives Regulations) (adopted by the Organization
Department of CCP Central Committee & State Archives Administration on April 2, 1991, effective April 2,
1991).
131 See note 129 above.
132 Art. 2, ROGI.
JCL 12:2 375
yongxi chen and anne sy cheung
department of the State Council together with a central organ of the ruling party), and was
enacted more recently. Hence, in the event of any inconsistency between the two, ROGI
should prevail according to the constitutional principles for resolving conflicts amongst
legal norms.133 The ruling in Xie obviously misapplied the law. Unfortunately, it set the
tone, with subsequent cases following suit in blocking access to personal archives with
reference to the Cadre Archives Regulations.134
These problematic rulings demonstrate the predicament in which the legal protection
of personal data finds itself in a political system that prioritises the control of personal
data considered critical to the party-state. The personal archive regime was established in
1956 by the CCP, and primarily covers students and the employees of state-run entities.135
A personal archive is a dossier on an individual that is compiled throughout his or her
life by the institutions directly supervising him or her (e.g. his or her schools and/or state-
owned employers). It comprises materials indicating the most important merits of an
individual, such as his or her diplomas and degrees, academic transcripts, professional
qualifications, work appraisals, political affiliations and major political activities, any
awards and disciplinary sanctions received, and his or her history of employment,
promotions, transfers, dismissals and retirement.136 As declared in the SPC case comment
on Xie, personal archives are not merely records of an individual’s life trajectory, but are
also closely correlated with his or her remuneration, social security benefits and political
party membership.137 In view of the importance of those archives, the SPC comment argues
that the personal archive regime represents a significant feature of China’s personnel
management system, and involves secret matters of the party and state.138 This argument
actually restates the orthodox CCP principle that personal archives, particularly those
concerning cadres (e.g. officials of state authorities and party organs), serve as the crucial
basis upon which the party selects cadres and appraises the merits of individuals.139 Such
personal information is thus necessarily of a political nature and deserving of secrecy.140
133 See Arts 88 & 92, ‘Lifa fa’ (Law on Legislation) (adopted by National People’s Congress, March 15, 2000,
amended and effective March 15, 2015).
134 See for example three recent cases adjudicated respectively in Jiangsu Province, Shandong Province and
Inner Mongolia Autonomous Region: ‘Chen xiaohui su danyangshi shichang jiandu guanliju’ (Chen Xiaohui v.
Market Supervision Bureau of Danyang City), Intermediate Court of Zhenjiang City, June 8, 2016; ‘Li xingong su
jinanshi lichengqu jiaoyuju’ (Li Xin v. Licheng District Education Bureau of Jinan City), Shandong Provincial High
Court, June 12, 2016; ‘Songmou deng su hangjinhou qi renli ziyuan he shehui baozhangju’ (Song X v. Human
Resource and Social Security Bureau of Hangjinhou Banner) Intermediate Court of Bayannao’er City, September 30,
2016).
135 Laodong Renshi Bu Renshi Jiaoyu Ju (Education Department of the Ministry of Labor and Personnel)
& Anhuisheng Renshi Ju (Anhui Provincial Personnel Bureau) (1987) Renshi dang’an guanli (Management of
Personnel Archives) Laodong renshi chubanshe at 19-22.
136 Art. 10, Cadre Archives Regulations.
137 The judicial comment is published on the official portal for judicial news, and authored by a staff member
of the same court that rendered the judgement. See ‘Dangshiren bu ke yaoqiu chaoyue benren renshi dangan’
(The Party Concerned Shall Not Have Access to His or Her Own Personnel Archives), (China Court Online, June
13, 2014), available at:
138 Ibid In explaining justifications for the ruling, the judge writing the judicial comment adds that personal
archives constitute ‘classified information of the Party and the State,’ and are hence covered by the exemption
of state secrets. However, no law or regulation generally identifies personal archives as classified information
or state secrets. The author’s argument is untenable.
139 See the description of the nature of personal archives in a textbook compiled by the central authority:
Management of Personnel Archives supra note 135 at 23-24.
140 Ibid, at 6-7. See also (2009)‘Dangdai zhongguo de renshi guanli’ (Personnel Administration in Contemporary
China) Dangdai zhongguo chubanshe, 222-223.
The Transparent Self under Big Data Profiling
376 JCL 12:2
For the same reason, the imperative to withhold personal archives from their subjects
extends to the archives on non-cadres working in state or CCP organs and state-run
institutions,141 as well as individuals working in the private sector.142 All these rules that
were issued jointly by the CCP and the state organs sustain a party-state regime that
governs the most important types of personal information and one-sidedly stresses the
utility of such information to the ruling party. The unfortunate reality, as confirmed by the
courts in a variety of FOI cases, is that the party-state regime overrides national legislation
that purports to protect data subjects’ access right and safeguard individuals’ intermediate
interests.
The dominance of the personal archive regime may extend from the FOI context to
the SCS. There is similarity between personal archives and social credit records: both
include appraisals of individuals’ performance of their societal roles, particularly their
compliance with state-sanctioned rules. In fact, the SCS Outline calls for the establishment
of ‘integrity archives’ for various focal groups, such as civil servants, members of the
judiciary, experts and agents working in the statistics, advertising and environmental
impact assessment sectors, and the creation of ‘credit archives’ for all citizens in relation
to certain types of behaviour, such as online activities and violations of traffic codes.143
The personal information contained in the aforementioned integrity archives may
well fall within the ambit of ‘personal archives’. In particular, the General Office of the
State Council advocates for the compilation of student honesty archives by universities
to include records on academic cheating, failure to repay loans and the falsification of
materials for job applications.144 Such records overlap in full with what is collected in the
personal archives of university students under the Cadre Archives Regulations. More
importantly, part of the rationale for the SCS, i.e. the need to select individuals who satisfy
certain state-approved standards, fits precisely with the political functions of the personal
archive regime. Although it is unclear whether the SCS will operate independently from
the personal archive regime, we should not ignore the impacts of the party-state’s secrecy
imperatives on the officials who design and operate the SCS, which is refreshed system of
citizen profiling. Even if more localities adopt legislation that recognises the subject access
right, the subordination of that legislation to CCP rules may reoccur in practice.
Given the weak legal force of most local PCI legislation and the extra-legal restraints
on ROGI, the protection of access and correction rights in relation to PCI is at a rather
primitive stage, although the initiatives undertaken by local pilot schemes are broadly
consistent with the regulatory trends of big data profiling in some pioneering jurisdictions
such the EU and the US.
141 See Art. 17(4), ‘Qiye zhigong dangan guanli gongzuo guiding’ (Provisions on Personal Archives of
Enterprise Staff) (issued by the Ministry of Labor & State Archives Administration on June 9, 1992). State
Archives Administration is concurrently a department of the State Council and a department under the CCP
Central Committee. In practice, however, its operation, funding and personnel management is carried out
within the CCP system.
142 See Art. 14(4), ‘Liudong renyuan renshi dangan guanli zanxing guiding’ (Provisional Provisions on
Personal Archives of Footloose Persons) (issued by the Organization Department of the CCP Central Committee
& Ministry of Personnel on December 18, 1996).
143 See SCS Outline.
144 See Guidelines on Individual Integrity, supra note 79, Part II, Section 4.
JCL 12:2 377
yongxi chen and anne sy cheung
C O N C L U S I O N
Law-making on public credit information at the local level is the first step taken by the
Chinese state to standardize the practices in constructing the ambitious Social Credit System.
It deserves close examination for those who are concerned with the privacy impact and
other profound implications of the SCS, a big data-empowered system that is potentially
capable of tracking and profiling each individual and rating him or her according to state-
imposed criteria with legal and social consequences. Distinct from the regimes common
to most jurisdictions that regulate private bodies’ handling of financial credit data, PCI
legislation focuses on government agencies and adopts a highly fluid concept of credit
data. In the absence of general legal framework for personal data protection, it is such
legislation that sets the basic albeit interim rules for the “jungle of big credit data”.
However, PCI legislation largely fails to live up to the tenets of personal data protection,
as demonstrated by the foregoing analysis in this paper. This regulatory approach gives
virtually free rein to secondary use of and big data analytics concerning records on
misbehaviours, including those records that many individuals regard as sensitive and
should be kept private. Automatic matching of credit data databases and profiling about
individuals are hence permissible, entailing threats to a series of privacy-related interests
including rehabilitation, personal autonomy, and non-discrimination.
From a legal perspective, the existing Chinese legislation at both national and local
levels does not effectively prevent the party-state from expanding and intensifying its
control over each citizen by generating, aggregating and exploiting personal data on their
social behaviours. While law-making concerning the SCS may evolve, the party-state’s
governance strategy is one of the most important factors to consider when we try to
understand the effectiveness of legislation in mitigating the privacy impacts of the SCS.
A natural response to the flaws of current PCI legislation is to call for substantial revision
of existing provisions and making of new and, ideally, national law which incorporate
the cardinal principles of data protection. For instance, the public may demand the law
to explicitly grant data subjects’ with a right to access and correct their credit data, and a
right to object to third parties’ access to and use of their credit data. However, if the SCS
develops truly according to the blueprint prescribed by the SCS Outline and Big Data
Outline, there may be growing gaps between the system and wishful suggestions on legal
reform towards more stringent protection of personal data. Throughout the construction of
the SCS, tension persists between the state’s ambition of big data profiling and the societal
call for privacy preservation. Our current study is meant to be an invitation for follow-up
studies of the interaction between the law and practices concerning the SCS.
The Transparent Self under Big Data Profiling
378 JCL 12:2
G L O S S A R Y O F C H I N E S E T E R M S
Romanisation
(Hanyu Pinyin)
Chinese Characters English Translation
geren chengxin 个人诚信 individual integrity
geren xinyong xinxi 个人信用信息 personal (financial) credit
information
gonggong xinyong xinxi 公共信用信息 public credit information, i.e. PCI
shehui chengxin 社会诚信 trustworthiness in the society
shehui xinyong tixi 社会信用体系 social credit system
shixin beizhixing ren 失信被执行人 untrustworthy person subject to
judicial enforcement
xinyong 信用 financial creditworthiness, or
trustworthiness (in a broader
sense)
zhengxin 征信 (financial) credit investigation
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 1/10
LOUISE MATSAKIS SECURITY 07.29.2019 03:25 PM
How the West Got China’s Social Credit
System Wrong
It occupies a spot next to ‘Black Mirror’ and Big Brother in popular
imagination, but China’s social credit project is far more complicated than a
single, all-powerful numerical score.
In October 2018, Vice President Mike Pence paid a visit to the Hudson Institute—a conservative
Washington, DC, think tank—to give a wide-ranging speech about the United States’
relationship with China. Standing stiffly in a shiny blue tie, he began by accusing the Chinese
Communist Party of interfering in US politics and directing Chinese businesses to steal
It occupies a spot next to Black Mirror and Big Brother in popular imagination, but China’s social credit project is far more complicated
than a single, all-powerful numerical score. STR/AFP/GETTY IMAGES
https://www.wired.com/contributor/louise-matsakis
https://www.wired.com/category/security
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 2/10
American intellectual property by “any means necessary.” Pence then turned his attention to
the country’s human rights abuses, starting not with the persecution of religious minorities, but
with a peculiar governmental initiative: the social credit project. “By 2020, China’s rulers aim
to implement an Orwellian system premised on controlling virtually every facet of human life
—the so-called ‘social credit score,’” Pence said. “In the words of that program’s official
blueprint, it will ‘allow the trustworthy to roam everywhere under heaven while making it hard
for the discredited to take a single step.’”
The vice president’s remarks echoed a steady stream of Western media reports, published in
dozens of outlets over the past few years, that paint China’s Social Credit System as a dystopian
nightmare straight out of Black Mirror. The articles and broadcast segments often said China’s
central government is using a futuristic algorithm to compile people’s social media
connections, buying histories, location data, and more into a single score dictating their rights
and freedoms. The government can supposedly analyze footage from hundreds of millions of
facial-recognition-equipped surveillance cameras in real time, and then dock you points for
misbehavior like jaywalking or playing too many video games.
PRI’s The World
This story was produced in collaboration with PRI’s The World, the award-winning public
radio show and podcast on global issues, news, and insights from BBC, WGBH, PRI, and PRX. It
was coreported by The World’s Lydia Emmanou ilidou. You can listen to The World’s audio
program about China’s social credit score here.
But there is no single, all-powerful score assigned to every individual in China, at least not yet.
The “official blueprint” Pence referenced is a planning document released by China’s chief
administrative body five years ago. It calls for the establishment of a nationwide scheme for
tracking the trustworthiness of everyday citizens, corporations, and government officials. The
Chinese government and state media say the project is designed to boost public confidence
and fight problems like corruption and business fraud. Western critics often see social credit
instead as an intrusive surveillance apparatus for punishing dissidents and infringing on
people’s privacy.
http://www.theworld.org/
https://www.pri.org/stories/2019-07-29/truth-about-chinas-social-credit-system
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 3/10
With just over a year to go until the government’s self-imposed deadline for establishing the
laws and regulations governing social credit, Chinese legal researchers say the system is far
from the cutting-edge, Big Brother apparatus portrayed in the West’s popular imagination. “I
really think you would find a much larger percentage of Americans are aware of Chinese social
credit than you would find Chinese people are aware of Chinese social credit,” says Jeremy
Daum, a senior research fellow at Yale Law School’s Paul Tsai China Center in Beijing. The
system as it exists today is more a patchwork of regional pilots and experimental projects, with
few indications about what could be implemented at a national
scale.
That’s not to say that fears about social credit are entirely unfounded. The Chinese government
is already using new technologies to control its citizens in frightening ways. The internet is
highly censored, and each person’s cell phone number and online activity is assigned a unique
ID number tied to their real name. Facial-recognition technology is also increasingly
widespread in China, with few restraints on how it can be used to track and surveil citizens.
The most troubling abuses are being carried out in the western province of Xinjiang, where
human rights groups and journalists say the Chinese government is detaining and surveilling
millions of people from the minority Muslim Uyghur population on a nearly unprecedented
scale.
But Western concerns about what could happen with China’s Social Credit System have in
some ways outstripped discussions about what’s already really occurring. Critiques are often
based on worst-case scenarios far off in the future, and run the risk of minimizing the
troubling aspects of the project as it is in place today. The exaggerated portrayals may also
help to downplay surveillance efforts in other parts of the world. “Because China is often held
up as the extreme of one end of a spectrum, I think that it moves the goalposts for the whole
conversation,” says Daum. “So that anything less invasive than our imagined version of social
credit seems sort of acceptable, because at least we’re not as bad as China.”
How Misconceptions Formed
One of the earliest Western accounts was published by an unlikely source: the American Civil
Liberties Union, which doesn’t operate in China. As part of his job as a policy analyst at the
ACLU’s Speech, Privacy, and Technology Project, Jay Stanley blogs about emerging threats to
https://www.wired.com/story/internet-freedom-china-2018/
https://www.hrw.org/video-photos/interactive/2019/05/02/china-how-mass-surveillance-works-xinjiang
https://www.nytimes.com/interactive/2019/04/04/world/asia/xinjiang-china-surveillance-prison.html
https://www.wired.com/story/inside-chinas-massive-surveillance-operation/
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 4/10
civil liberties. On October 5, 2015, he published a post titled “China’s Nightmarish Citizen
Scores Are a Warning for Americans.” The article is representative of much of the initial wave
of coverage, which was often derived from secondhand information that traveled like a game
of telephone, rather than on-the-ground reporting. Stanley’s post was sourced largely from a
similar story from Privacy News Online, which itself was based on an article from a Swedish
website.
Today Stanley says he intended to highlight China’s program as a cautionary tale for the US.
“This really seemed to be pointing the way towards a dark potential future,” he says. “There
were frankly a lot of signs and similarities to things happening in the United States,” like digital
profiling. The ACLU post wasn’t the only outlet to use China’s nascent system as a way to draw
attention to privacy and surveillance issues in the West. “The more I look around, the more it
seems like an American social credit system is springing up around us—and it doesn’t look all
that different from China’s,” Casey Newton, a writer at The Verge, wrote in his popular
newsletter just last month. “China’s Dystopian Tech Could Be Contagious,” The Atlantic
similarly declared last year.
https://www.aclu.org/blog/privacy-technology/consumer-privacy/chinas-nightmarish-citizen-scores-are-warning-americans?redirect=blog/free-future/chinas-nightmarish-citizen-scores-are-warning-americans
https://www.privateinternetaccess.com/blog/2015/10/in-china-your-credit-score-is-now-affected-by-your-political-opinions-and-your-friends-political-opinions/
https://www.vice.com/en_au/article/j5d84g/this-is-how-much-marketers-know-about-you-based-on-one-facebook-like
https://www.getrevue.co/profile/caseynewton/issues/china-s-social-credit-system-is-coming-to-america-186114
https://www.theatlantic.com/technology/archive/2018/02/chinas-dangerous-dream-of-urban-control/553097/
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 5/10
A demonstration of monitoring technology at the headquarters of Huawei Technologies in Shenzhen earlier this year. BILLY H.C.
KWOK/GETTY IMAGES
While a number of journalists and academics have tried to correct the record, the science
fiction myths about China’s social credit score continue to endure in the West. “There’s so
much that’s been written about this now that’s wrong, that it’s really taken on a life of its own,”
says Shazeda Ahmed, a PhD student at the University of California at Berkeley studying the
Social Credit System in China. “I still see articles quoting things from 2014, 2015, that I thought
were largely debunked.”
The confusion is understandable, though. First, there’s the language barrier. Daum says the
phrase “social credit,” has different connotations in English that it does in Chinese. To an
English speaker, the two words together might signal a reference to interpersonal
relationships. In Chinese, the term is more closely associated with a phrase like “public trust.”
There’s also the added linguistic hurdle of deciphering dense legal documents. “I think
language is a real barrier,” says Daum. “Both legal jargon and political jargon and Chinese
versus English.”
The original plan for social credit released in 2014 is also vague and sweeping, and it wasn’t
entirely clear what the project might ultimately consist of. “They expected the different parts of
the government, both centrally and locally, to try out their own approach in terms of
implementation,” says Xin Dai, a professor and associate dean at China’s Ocean University Law
School, who has researched social credit. “You have this really massive but also chaotic scene
of different people trying to put together different types of programs.”
For example, the government partnered with corporations on some early initiatives, including
“credit scores” calculated by private tech companies, like Ant Financial’s Sesame Credit
program. In 2015 the Chinese government authorized eight tech companies, including Ant
Financial, an affiliate of the corporate giant Alibaba, to experiment with developing credit
reporting systems for individuals. In addition to financial data, Sesame Credit does take into
consideration things like social media connections and purchasing habits—a product feature
that garnered a lot of attention in the West, including in a WIRED cover story.
By 2017, the Chinese government had decided that none of the pilots would receive
authorization to be official credit reporting measures, due to concerns about potential conflicts
https://www.technologyreview.com/f/613027/chinas-social-credit-system-isnt-as-orwellian-as-it-sounds/
https://www.wired.com/story/age-of-social-credit/
https://www.ft.com/content/f772a9ce-60c4-11e7-91a7-502f7ee26895
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 6/10
of interest. But initially, it was unclear how closely tied the programs would be to the
government’s efforts, even in China. “I think there were, and maybe still are, Chinese citizens
who didn’t quite understand that there was a difference as well,” says Ahmed. “Because in the
beginning, Sesame Credit was marketing itself as contributing to the whole Social Credit
System.”
Today, Sesame Credit, as well as other similar initiatives, essentially function like loyalty
rewards programs. Participants with high scores earn privileges like renting a bike without
leaving a deposit or deferring payment for medical expenses, but the scores are not part of the
legal system, and no one is required to participate.
The state-run projects that have captured the most attention in the West are the local pilots.
Dozens of Chinese cities are experimenting with their own versions of social credit, and some
have designed programs that do give individuals a personal numerical ranking. These
initiatives largely don’t rely on mass surveillance or supercharged artificial intelligence, and
many citizens may not even know they exist. It’s difficult to generalize about all of them, since
they can vary widely. Some are incorporating blockchain technology, for example. For now it’s
not clear when, if ever, any of them will be adopted at the national level.
The city of Rongcheng, about 500 miles from Beijing, is one place assigning residents
individual social credit scores. According to policy documents outlining the project that Daum
translated, it’s relatively limited in scope. In order to lose points in the system, you would need
to violate an existing law, regulation, or contract you entered. Maintaining “Exceptional
Creditworthiness” is thus a matter of following the rules already in place. The benefits of
maintaining a high score are also fairly modest, like free health checkups and the ability to
apply for an interest-free loan. “Looking at how fragmented this implementation is, you see
that different governments don’t have quite the same resources,” says Ahmed. “Some of the
smaller cities, they can only subsidize fairly unexciting benefits.”
Blacklists and Red Lists
The primary mechanism of the Social Credit System are the nationwide blacklists and red lists.
Each regulatory agency was asked to come up with a rap sheet of its worst offenders,
https://www.wired.com/story/guide-blockchain/
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 7/10
businesses and individuals who violated preexisting industry regulations. The red lists are the
exact opposite—they’re rosters of companies and people that have been particularly
compliant. Those archives were then made public on a centralized website, called China
Credit, where anyone can search them. Think of the Better Business Bureau, or letter grades
given to restaurants.
Many regulatory agencies have signed memorandums of understanding with each other, in
which they promise to punish people and businesses on one another’s blacklists.
Hypothetically, if this system were in the US, a business might now face additional penalties
from the Environmental Protection Agency for breaking a rule at the Food and Drug
Administration. There’s no evidence that citizens’ social media or purchasing data is being
incorporated, at least not yet. “They’re making it so that these records are communicated to
other agencies,” says Daum. “Somehow, that got interpreted as everything you do is being
watched all the time in a panopticon, and that I have not seen.”
Chinese legal researchers are worried about one of these databases in particular: The Supreme
People’s Court maintains a blacklist of people who the government alleges did not comply
with court judgments, for example by not paying fines, but also things like failing to formally
apologize to someone they are found to have wronged. Being on the blacklist now comes with
harsh punishments. You might be unable to purchase high-speed train tickets, fly on an
airplane, or send your kids to a private school. Over 13 million people were on the list as of
March, according to state reports, and the government has prohibited more than 20 million
plane tickets from being purchased.
https://www.scmp.com/economy/china-economy/article/3006763/chinas-social-credit-system-stops-sale-over-26-million-plane
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 8/10
People pour through China’s Hangzhou East train station. NI YANQIANG/ZHEJIANG DAILY/VCG/GETTY IMAGES
Yu-Jie Chen, a Taiwanese human rights lawyer and post-doctoral researcher at the Institutum
Iurisprudentiae of Academia Sinica, says the judgement defaulter’s blacklist is imposing “layers
of disproportionate, arbitrary, and wide-ranging punishments,” on people who have largely
already suffered the consequences of breaking the law. She says she’s also worried about how
the list penalizes people who didn’t commit any offense, like a child who is barred from
attending certain schools because of their parent’s actions. It’s not clear whether citizens can
effectively get off the list if they’re included on it by accident, or even if they fulfill their court-
ordered obligations.
To enforce these punishments, Ahmed has written that the government is sharing blacklists
with technology platforms. That way, people on them can’t do things like book flights or buy
train tickets online. Local governments are also asking social media companies to help
orchestrate public shaming initiatives. In the southern city of Nanning, the social media app
Douyin (the Chinese version of TikTok) partnered with the local court to broadcast photos of
blacklisted people between videos, like a digital mugshot. In the northern city of Shijiazhuang,
blacklisted people and entities are displayed on a map within the messaging app WeChat. The
features aren’t yet widespread, but still raise privacy concerns, especially if people are
wrongfully added to a blacklist and that information is then broadcast to everyone they know.
https://logicmag.io/china/the-messy-truth-about-social-credit/
https://mp.weixin.qq.com/s/dRNRnDbXyFIkZlIPemg2rw
http://www.chinadaily.com.cn/a/201901/16/WS5c3edfb8a3106c65c34e4d75.html
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 9/10
Social Credit’s Future
As the 2020 deadline approaches, China’s Social Credit System still remains largely in
development. There are some signs, however, that the system could soon incorporate more
forms of data collection. For example, Chen says, the China Credit website already encourages
users to log in by scanning their faces, though it’s not mandatory. “So there will be a facial-
recognition element if the government can persuade people to use that more,” she explains.
In the meantime, Dai says, Chinese academics have begun discussing the potential privacy and
other risks posed by the project. They were influenced, in part, by the enormous amount of
attention the Social Credit System has garnered in the West, despite the fact that it often hasn’t
been portrayed accurately. “This entire thing is just so massive, and it varies across place to
place” says Dai. “It is easy to sort of misinterpret or only catch part of it, without seeing the
entire picture.”
This story was produced in collaboration with PRI’s The World, the award-winning public
radio show and podcast on global issues, news, and insights from BBC, WGBH, PRI, and PRX.
It was coreported by The World’s Lydia Emmanouilidou. You can listen to The World’s audio
program about China’s social credit score here.
Updated 10-25-19, 12:07 pm ET: This story originally stated that the city of Nanning partnered
with the social media app Tiktok. It has been updated to reflect that the partnership was with
Douyin, the Chinese version of the network, which TikTok says is a separate organization.
Both share the same parent company Bytedance.
More Great WIRED Stories
High drama: A cannabis biotech firm roils small growers
Lunar mysteries that science still needs to solve
Are super-automatic espresso machines worth it?
The best algorithms don’t recognize black faces equally
These hackers made an app that kills to prove a point
http://www.theworld.org/
https://www.pri.org/stories/2019-07-29/truth-about-chinas-social-credit-system
https://www.wired.com/story/high-drama-cannabis-biotech-company-roils-small-growers/?itm_campaign=BottomRelatedStories_Sections_1
https://www.wired.com/story/apollo-11-lunar-mysteries-moon-science/?itm_campaign=BottomRelatedStories_Sections_1
https://www.wired.com/story/automatic-espresso-machines/?itm_campaign=BottomRelatedStories_Sections_1
https://www.wired.com/story/best-algorithms-struggle-recognize-black-faces-equally/?itm_campaign=BottomRelatedStories_Sections_1
https://www.wired.com/story/medtronic-insulin-pump-hack-app/?itm_campaign=BottomRelatedStories_Sections_1
3/8/2020 How the West Got China’s Social Credit System Wrong | WIRED
https://www.wired.com/story/china-social-credit-score-system/ 10/10
� Want the best tools to get healthy? Check out our Gear team’s picks for the best
fitness trackers, running gear (including shoes and socks), and best headphones.
📩 Get even more of our inside scoops with our weekly Backchannel newsletter
Louise Matsakis is a Staff Writer at WIRED covering Amazon, security, and online platforms. She was
formerly an editor at Motherboard, VICE’s science and technology site. She is based in New York. Send tips
to louise_matsakis@wired.com or via Signal at 347-966-3806.
STAFF WRITER
Featured Video
A Woman’s Life in China’s Digital Gulag
A Woman’s Life in China’s Digital Gulag
TOPICS CHINA SURVEILLANCE PRI’S THE WORLD
https://www.wired.com/gallery/best-fitness-tracker/?itm_campaign=BottomRelatedStories
https://www.wired.com/gallery/best-running-gear/?itm_campaign=BottomRelatedStories
https://wired.com/gallery/best-trail-running-shoes-round-up/?itm_campaign=BottomRelatedStories
https://www.wired.com/gallery/best-running-socks/?itm_campaign=BottomRelatedStories
https://www.wired.com/gallery/best-headphones-under-100/?itm_campaign=BottomRelatedStories
https://www.wired.com/newsletter/?name=backchannel&sourceCode=BottomStories
https://www.wired.com/contributor/louise-matsakis
https://www.wired.com/contributor/louise-matsakis
https://www.wired.com/tag/china
https://www.wired.com/tag/surveillance
https://www.wired.com/tag/pri-the-world
Reading:
Page #
Text Passage/Description of Text
Your reactions, thoughts, meditations