ByteDance, the parent company of the popular social-media platform TikTok, has a not-so-secret weapon. Its powerful algorithms are able to predict users’ preferences with precision and recommend content they actually want to see, thereby keeping them glued to their screens.
But ByteDance may soon have to sheathe that weapon – or, at least, dull its blade. Internet-platform companies in China are facing a slew of new data regulations that could curtail the use of recommendation engines. For starters, the Personal Information Protection Law, which took effect this month, requires platforms to allow users to opt out of personalized content and targeted ads.
But China may soon go much further. Its internet regulator, the Cyberspace Administration of China (CAC), recently issued new draft guidelines that entail a host of restrictions on the collection and processing of data and its transfer across borders.
Notably, apps would have to obtain explicit consent from users before collecting or using data to make personalized recommendations. In other words, individuals would have to opt into personalization, rather than opting out of it, as is the current norm.
This policy could go a long way toward eroding the business models of online platforms like Douyin (the version of TikTok used in China) and Taobao (an online-shopping platform owned by the Alibaba Group), with potentially far-reaching implications for future innovation in the Chinese tech sector. The reason is simple: many users, if asked, decide that personalization is not worth giving up their privacy.
Asking makes all the difference. When Apple buried the option to refuse tracking by apps in its complicated privacy settings, only 25 percent of users took the time to find it and opt out. But when the company began prompting iPhone users with the opportunity to opt out of tracking, 84% took it.
Apple’s new opt-out policy, which it introduced to its iPhone iOS last April, has been devastating for US tech firms such as Facebook, whose business models are built on the collection of user data and the sale of targeted ads.
According to one estimate, Apple’s policy change cost Facebook, Snap, Twitter, and YouTube together nearly US$10 billion in revenue – or 12 percent of the total – in the second half of 2021. Online advertisers, who now must pay much more to reach potential customers, are panicking. This is an ominous sign for China’s tech companies – not least because the CAC’s draft data regulations go well beyond Apple’s new rule. Whereas Apple requires apps to get permission before sharing a user’s data with third parties, the new Chinese measures would require apps to secure user opt-in even to use the data themselves.
China’s proposed opt-in requirement also appears to be stricter than the European Union’s (EU) General Data Protection Regulation – currently one of the world’s toughest privacy laws. While the GDPR requires platforms to secure user consent before collecting and processing data, it does not require specific consent to enable recommendation services.
It remains to be seen how Chinese platforms will respond to the proposed regulation. They will almost certainly lobby the government not to implement it at all. If the government refuses to listen, they will probably try to circumvent the rule by redesigning app features, though this will take time and raise serious compliance risks.
And yet, for the CAC, the struggles of private tech companies may not be much of a concern. While it is impossible to say exactly what factored into the body’s cost-benefit analysis of the proposed opt-in requirement, it seems clear that encouraging business growth and technological innovation is not part of the CAC’s mandate.
So, what are the CAC’s goals? To answer that question, we must consider the agency’s bureaucratic mission, culture, and structure. Given that Chinese administrative enforcement is shaped by path dependence, we must also look to the CAC’s past behaviour – in particular, its status as one of China’s most interventionist government departments.
Operating under the Central Cyberspace Affairs Commission, a leadership group chaired by President Xi Jinping himself, the CAC was initially charged with ensuring cybersecurity and regulating internet content. But since 2013, it has expanded significantly, including by absorbing other cybersecurity agencies.
In July, the CAC grabbed headlines when it surprised the ride-hailing company Didi Chuxing with a cybersecurity inspection just two days after the firm’s initial public offering in New York. The CAC subsequently mandated cybersecurity checks for any data-rich Chinese tech firm planning overseas listings, effectively establishing itself as a gatekeeper for efforts to raise capital abroad.
Given that data are the lifeblood of the platform economy, the CAC has significant scope to expand its bureaucratic bailiwick. And, if the new draft regulation is any indication, it plans to do just that, tearing down the walls surrounding the “walled gardens” of internet platforms, prohibiting algorithmic price discrimination, and clamping down on other unfair pricing practices.
These efforts will undoubtedly overlap with the mandate of China’s antitrust regulator, the State Administration for Market Regulation. But no matter: emboldened by the government’s push to rein in tech giants, the CAC has big regulatory ambitions. In the coming years, its efforts to realize them will play a major role in determining the trajectory of platform businesses – and tech innovation – in China.