Social Credit System – European Chinese Law Research Hub

Rules for Ensuring the Accuracy of Social Credit Data

30. July 2023

A new paper by Hannah Klöber

Born from an intention to establish a financial credit (investigation) system, the Social Credit System (SCS) is a mega-project to improve governance capabilities and legal compliance. However, the modern publicly run SCS resembles rather an interconnected set of initiatives under the umbrella term of creating “trust” than being a comprehensive system to monitor and rank all citizens. Currently, the basic components at the national level that are being created are the information infrastructure and the joint enforcement mechanism. Both components rest on the sharing among agencies and the general disclosure of compliance information on subjects, to on the one hand punish and educate, but also to facilitate assessing any entity’s “trustworthiness”. They constitute an emerging state-led data processing mechanisms which may strongly impact the lives of individuals, companies, social organizations and other actors throughout China, with the centrepiece being the information it holds about its subjects. Acknowledging the wide-reaching consequences that the contents of social credit information about a subject may have, this article (draft) asks: What legal framework do SCS builders create to guarantee the accuracy of personal social credit information?

Why is Personal Data Accuracy Important?

One area where social credit information is currently bringing about consequences for subjects is the joint enforcement mechanism – or “joint disciplining for trust-breaking”. The joint enforcement mechanism is mostly set up by State Council policy documents, promoting desired behaviours and discouraging unwanted ones through so-called blacklists and redlists. Listing might lead to punishment or benefits by unrelated actors (as redlists confer benefits, they are much less problematic and thus not discussed in detail). It has to be noted that the mechanism’s main focus rests on companies but there is a corporate overlap, as leading personnel can get blacklisted due to their company’s wrongdoings. So far, there is no real central management to these lists. For the purpose of analysing the legal aspects of joint enforcement, four stages must be differentiated: preparatory acts before blacklisting, the blacklisting decision, the publication of the blacklist and the ensuing disciplinary action. They can be based on the same facts and norms but may be executed by different actors and be linked together.

To achieve its goal of promoting trust and steering behaviour, the SCS needs large amounts of accurate data. Simultaneously, data inaccuracy in this behemoth of a reputational shaming machine could potentially harm a large number of people: Because open government data is intended to be reused, it is very hard to control once publicised. For example, if an entity is entered on one of the many blacklists for trust-breaking, she may find her name on display in public spaces as well as online platforms, screenshots of which may be further shared across social media. The inaccuracy discussed here encompasses only factual errors, thus instances where data is not correct, complete, or timely, resulting from inattentiveness during handling. Legal errors on the other hand concern the application of law (for example excessiveness of punishment) and are outside the scope of this study.

What Legislation is There?

The looseness of the concept of social credit and the plurality of actors involved make the regulatory situation quite complex. There is no national social credit law (although a draft f o r s o l i c i t i n g c o m m e n t s f r o m t h e p u b l i c has been published in November 2022), but a host of special sectoral and provincial regulations dealing with different social credit initiatives create a jumbled regulatory landscape. Apart from this, in the context of personal data accuracy national legislation such as the 2021 Personal Information Protection Law (PIPL) and the Regulation on Open Government Information (ROGI, revised in 2019) apply. Administrative legislation on procedural issues should be applicable, but the placement of joint enforcement measures under administrative law is still disputed.

What Does it Offer?

Basic Definitions

Generally, social credit is defined as the status of information subjects complying with legally prescribed obligations or performing contractual obligations in their social and economic activities (see e.g., Shanghai Municipal Social Credit Regulations art 2(1), Tianjin Municipal Social Credit Regulations art 2(2)), while social credit information is defined as (objective) data and materials that can be used to identify, analyse and judge the status of information subjects’ compliance with the law and contract performance (see e.g. Shanghai Municipal Social Credit Regulations art 2(2), Henan Provincial Social Credit Regulations art 3 (3)). What this means in detail remains unclear, though. Two types of social credit information exist: public credit information and non-public (or market) credit information, depending on the generating entity (state or private actor).

Accuracy Obligations for Data Processors

PIPL and ROGI provide some guidance on how to handle and publish government information, but data quality requirements are not sufficient for the complex processes of the SCS. The examined provincial documents either set up principles for the processing of public social credit data or impose data-quality responsibilities on information providers. The latter can also be found in sectoral regulation, but only in a third of the covered documents.

Notification Requirements

Because of the multi-actor structure of joint enforcement, credit subjects face the problem of recognizing the possibility of rights relief and identifying the right addressee for enforcing their rights. One important way to counteract this situation is notification requirements. The PIPL introduced a general notification obligation in 2021, covering among other things the processor’s name and contact information, and the methods and procedures for individuals to exercise their rights. But proper notification requirements are generally rare among special legislation documents. To best protect credit subjects, notification should occur at all four possible stages of joint enforcement. In the preparatory stage and after the listing decision they are however only seldom found. A few provincial documents provide for the notification of listing, but only for the so-called seriously untrustworthy lists, which cause stricter restrictions than normal blacklists. Some measures consider the publication of blacklists as a form of public notification. Notification of punishment is generally not covered by blacklist management documents, as the listing entity is usually not in charge of punishment. A quarter of the sectoral and most of the provincial documents do not set up any notification procedures.

Review Procedures Prior to Blacklisting

Among the analysed documents, procedures for prior review can be found only in those measures which also stipulate notification before inclusion. None of the norms provide for suspension, however. A clear classification of joint enforcement measures under administrative law would improve the situation, although there is no general administrative procedure law in China.

Access to One’s Personal Credit Information

General access rights are provided by both the PIPL and the ROGI. About half the provincial documents explicitly set up a right to inquire one’s own information. Other regulations appear to take accessibility for granted and only regulate the corresponding procedures for data providers.

Objection Procedures after Blacklisting

If personal information held by the government is found to be incorrect or incomplete, individuals have a general right to request correction under PIPL and ROGI. The content of specific objection procedures among the special legislation is uneven. Two models can be found in the analysed documents: objection to wrong information for a fixed time period after publication of the decision, or a general possibility of objection. In provincial documents, only the latter can be found, while some of the ministerial documents designate no objection possibilities at all. Generally, the stipulated handling time for objections in provincial documents is shorter than in the ministerial regulations, often calling for verification within a few days, rather than weeks. While the State Council calls for the suspension of enforcement during verification procedures, this is rare in implementing documents. On the contrary, some ministries and the SPC explicitly regulate that objection will not cause suspension or impact publication. A compromise, to mark objected information during verification procedures, is employed by almost two-thirds of the provincial documents. The deletion of non-verifiable data is not always required.

Dissemination of Corrected Data throughout the System(s)

The dissemination of corrected data is thinly regulated. Where it is mandated, it often merely requires that other providers of the information are informed. The information subject itself might only be informed of updates and corrections in its social credit information if the change is due to a successful objection the subject has initiated.

A Patchwork

The study finds that special legislation is inconsistent and that national legislation is often too vague to deal with the complicated and diverse processes of the SCS. Further legislation will be needed to standardise procedures. While it is often difficult for data subjects to exercise their rights against first-party collectors, when raised against third party-reusers of data, the problem multiplies. Special legislation by different national actors and local legislators is very diverse, and procedural requirements are often vague, fragmented or missing. Some regulations deviate from protection measures proposed in policy documents. The rules in the examined documents range from almost no regulation to some very promising models in the eastern, economically more developed provinces. The biggest issue remains a lack of solid ex ante control mechanisms, as most relief is only provided after the fact. This is problematic, as the spread of inaccurate data can cause unforeseen consequences, and reputational damage is difficult to repair.

The article The Regulation of Personal Data Accuracy in China’s Public Social Credit System was published in the Hong Kong Law Journal (2023, Vol. 53, No. 1). A free draft is available here.

Hannah Klöber is a Research Assistant at University of Cologne, where she is currently working on her PhD with the Chair for Chinese Legal Culture. Her dissertation deals with the Proportionality Principle in Chinese administrative law, examining it from a comparative perspective, exploring its application by and use for Chinese actors, thereby gaining deeper insight into its function, potential and limitations. She holds a BA and MA in Chinese Regional Studies, Law from Cologne University. She can be contacted at hkloeber[at]smail.uni-koeln.de

Shaming the Untrustworthy and Paths to Relief in China’s Social Credit System

24. April 2023

A new paper by Marianne von Blomberg and Haixu Yu

Media outlets and government websites use cartoons to explain SCS practises

Much has been said and written about China’s Social Credit System (SCS). Stories about an almighty, high-tech surveillance dictatorship that rates its citizens are persistent in global media discourse while the image of an omnipresent and omnipotent social credit score already found its way into memes. An increasing number of observers debunk the horror stories with facts and point to the low-tech nature of most SCS projects. As unfounded as many social credit stories are, they have also fuelled a long-overdue debate outside of China about data protection and the power of assessments. In a proposal for an AI regulation, the European Union cast the imagined “social credit scoring” as antagonist.

Meanwhile, the social credit stories and their policy responses abroad overshadow the actual innovations and challenges that the SCS brings to governance in China. The SCS does not have the capacity to function as the Orwellian surveillance tool it is often depicted as, but that does not mean that it is less ambitious and transformative. Zooming in on one of the multiple innovations that emerge under the SCS’s overarching aim to engineer trust, we studied the architecture behind the systematic disclosure of information on the “untrustworthy” (失信人) and, in a second part, interrogate paths to relief for targeted subjects. Those who find themselves shamed as “untrustworthy” are almost exclusively persons who have violated laws and regulations or not fulfilled court orders, rather than persons who have breached unspecified moral norms, and consist overwhelmingly of companies rather than individuals. The SCS’s shaming practices are thus best contextualized within public regulation work. Our study finds that the SCS formalizes and elevates a concept of public regulation that is best conceptualized as reputational regulation to new prominence. Shaming as a regulatory tool is not new and has been applied by state agencies globally. The Occupational Safety and Health Administration of the USA for example routinely uses its Twitter account to shame companies that violated work safety rules. However, the SCS is the first central-level government strategy that systematically implements shaming schemes in all regulatory realms from transport to food safety and equips the practice with a clear rhetorical framework. Public disclosure of compliance assessments is also a common practice in emerging, transnational ESG regimes (Environmental, Social and Corporate Governance). The driving factors of both, the SCS’s reputational regulation scheme and global ESG regimes are similar: The aim to enforce norms of public interest in the absence of an efficient and comprehensive regulatory infrastructure.

We first identify three pillars of successful reputational regulation through a review of empirical and theoretical literature on reputational regulation and then point out how the SCS realizes them.

(1) In reputational regulation, the declared purpose of the information disclosure is to punish, rather than to increase government transparency or warn of dangers (e.g., from poisoned food products). The NDRC and PBoC stipulate blacklisting and the public sharing of information on trust-breaking in their 2022 list of SCS disciplinary measures. Both sanctions are reputational only, as the more tangible punishments that come with blacklisting, such as restrictions on market access and subsidies, are listed separately. Further, a plethora of core structural policies document the punitive purpose of disclosure, for instance the foundational Planning Outline on the Construction of a Social Credit System (2014-2020) calling to “give rein to the role of the masses in appraisal, discussion, criticism, and reports, shape social deterrence through social moral condemnation, and censure trust-breaking acts.”

(2) To ensure that the public and media generate the negative publicity necessary to pressure target subjects to change, a government agency engaging in reputational regulation needs to provoke this disapproval by embedding the disclosure within a moral message. The SCS endowed the existing disclosure strategy of dual publicity (双公示), which initially promoted disclosure of administrative punishment decisions to foster government transparency, with the trust-breaking rhetoric, making it part of the SCS toolkit. Negative social credit information technically consists merely of violations of laws and regulations and is not novel. The innovation brought by the SCS is to relabel selected categories of administrative information as “credit/trust information” and publicize them as such. To information recipients, the impression conveyed is that a violator of the law in one realm is overall untrustworthy. The trust rhetoric dominates all publication formats: Blacklists and disclosure platforms carry titles such as “seriously untrustworthy companies”.

(3) Finally, reputational regulation requires that the information must be brought to the attention of actors who are in a position to exert pressure on the deviator. A variety of dissemination channels amplified by a state-dominated media environment ensure that information on trust-breakers reaches far. Apart from online platforms and local government websites, public billboards, announcements at local festivities, television and radio broadcast, ringtone announcements and various apps inform about who has been designated untrustworthy. Credit service agencies also tap into social credit information.

To summarize, the SCS drives a type of information disclosure that is intended more to punish than to warn, comes with a negative moral message, and is disseminated to the public through various channels. Regulatory shaming is, however, notorious for infringing on target subjects’ rights. Chinese literature has described the publication of negative social credit information as a new type of reputational punishment (声誉罚). The agency loses control over the scope and intensity of punishment once information is published because the punitive action itself is carried out by others. Even if a target subject successfully objects to the publication of adverse information and the agency takes it down, the reputational damage can hardly be undone. The second part of our study discusses how targets of reputational punishment under the SCS can seek legal remedy.

There are three potential paths to relief for those adversely affected by SCS-driven regulatory shaming in China: administrative reconsideration (行政复议) and litigation, internal agency controls, and the SCS’s own mechanism of credit repair (信用修复). The prior two paths may provide more or less satisfying outcomes for conventional administrative penalties such as fines, in the case of shaming however, revoking the agency’s act means only ceasing publication. Reproductions of the negative information concerned in news outlets and other channels remain in place. Additional remedies such as apologies and compensation payments appear necessary but while the Administrative Litigation Law provides for such remedies, we could not find court decisions ordering such remedial measures in social credit-related cases.

Where subjects believe to be unlawfully designated “untrustworthy” and bring the claim to court, they frequently face the following issues:

Whom to sue?

It is often unclear which agency is to sue because a single SCS penalty can involve multiple state agencies. For example, a construction bureau in Jiangsu blacklisted a company for not paying wages to migrant workers, resulting in a different local agency acting on the information by restricting the company from public bidding. When the company sued the construction bureau, the court held that the bureau was not the defendant. It held that the correct defendant was instead the other agency that had punished the company. In other cases, the agency that administered the blacklist was held to be the correct addressee. The confusion over the correct defendant in litigation may be further exacerbated by the trend to outsource shaming work to industry associations.

Are social credit penalties litigable?

If it was confirmed that social credit shaming measures constitute administrative punishment, the Administrative Punishment Law (APL) would apply, subjecting the shaming regulators to a series of procedures such as notifying targets beforehand and offering them a chance to defend themselves. Is SCS-driven regulatory shaming an administrative punishment? No legislation to date has clearly addressed this question. Courts regularly deny arguments that any SCS penalties, including shaming, constitute administrative punishment. Some claims have been accepted nevertheless with courts defining the SCS measure as an administrative act that has affected the plaintiff’s rights, and on this basis examined whether this act had the legal basis it needs according to law. A legal basis may consist of SCS regulations and measures issued by sectoral regulators from the ministry level down to that of local municipal agencies. In rather exceptional decisions, courts held that central-level policy documents that were not translated into local rules do not suffice as a legitimate legal basis for a social credit penalty.

Are social credit penalties subject to procedural restrictions?

A growing number of SCS policy documents stipulate procedures for social credit penalties, which increasingly find their way into local law where they can be invoked by courts. For instance, many local and sectoral regulations stipulate a duty on the part of the regulatory agency to notify a person before entering her on a blacklist. The Jingyang District Court of Deyang City ordered an agency to delete a negative record because the agency failed to “inform the administrative counterpart of the administrative decision to be made and listen to the administrative counterpart’s statement and defence.”

Just information disclosure or a reputational penalty?

In most instances, remedies for social credit penalties are denied because social credit measures pose conceptual novelties to adjudicators. In particular, the courts have invoked the accessory nature of publication, the necessity for government transparency, and the political priority of SCS building to reject plaintiffs’ claims. For Tianheng Investment Construction Management Ltd. from Hangzhou for example, appearing on a list of untrustworthy companies for having submitted forged materials meant the de facto end of its business, at least for the stipulated publication period of twenty-four months. However, the courts of all three instances denied the company’s claim that the disclosure was punitive, holding instead that publication was part of the agency’s duty to objectively record and publicize their decisions. In other cases, the SCS goals of building a trustworthy society and market have been invoked by adjudicators to legitimize credit information recording, scoring, and publication practices. Lianfa Construction & Engineering Ltd. had won an initial case against a local housing agency which had, without legal basis, imposed a social credit penalty. However, the court of appeal overturned the ruling, insisting that the mechanism for disciplining law-violating and trust-breaking behaviour must be perfected. As Peking University Professor Chun Peng points out, in the larger mission of SCS building, courts are not just the guardians of lawful conduct of state agencies but also “vanguards of disciplinary measures for trust-breaking”.

Litigation does little to alleviate the damages ensuing from undue shaming for trust-breakers. The clumsiness of shaming measures and their irreversibility render them hardly controllable through the judiciary. Alternatively, control mechanisms within the information handling agency may prevent undue damages. Only the ability to object prior to publication can provide an effective safeguard against wrongful shaming sanctions, and agency rules on social credit information lay down the procedures that lead to publication. However, no solution to effectively overseeing such procedural rules in the absence of judicial review has surfaced.

Finally, where target subjects admit guilt, they may obtain relief from shaming through the reintegrative path of credit repair. Credit is repaired and respective negative information publication halted if subjects correct untrustworthy conduct and eliminate negative impact, make credit commitments, participate in charitable activities, and/or undergo educational training, depending on the relevant sectoral and local credit repair mechanism. Credit repair is not strictly a remedial path as it does not operate on the premise of agency mistakes and in practice remains porous. However, with credit repair’s concept to function as a reintegrative path comes an innovation that has the potential to resolve the irreversibility of shaming: In some credit repair programs, instead of deleting the original negative record, that record is supplemented by a record of repair clearly explaining the reason for the repair and the final assessment.

Reputational regulation remains a work in progress. But is it effective? Other than traditional enforcement tools of state agencies such as fines, reputational regulation requires the cooperation of non-state actors, in this case, the shaming community which has to act upon disclosed information and exert pressure on the shamed subject. Initial studies found that company representatives across China believe reputational harm from negative publicity to be one of the key concerns with regard to the SCS. However, more research is needed to assess under which circumstances and to whom the disclosure of information on trust-breaking is relevant.

Marianne and Haixu’s paper is published with Modern China, a draft version is available at SSRN.

Marianne von Blomberg is a Research Associate at Bern University of Applied Sciences, Institute for Global Management, and is currently completing a PhD with Cologne University’s Chair for Chinese Legal Culture and Zhejiang University’s Guanghua Law School. Her research revolves around social credit regimes in China and beyond, assessment-based public regulation, and data governance. In her dissertation, she explores how the Social Credit System project in China strengthens, weakens, and transforms the law. She holds an LL.M in Chinese Law from Zhejiang University and a BA in Communication, Culture and Management from Zeppelin University. She can be contacted via Twitter @mariannehuashan or email at m.vonblomberg[at]uni-koeln.de.

Haixu Yu is a Research Associate and doctoral student of the Chair of Chinese Legal Culture. He passed the national judicial examination of the People’s Republic of China in 2014. His research interests include Chinese judicial reform and Chinese public law. Before studying in the University of Cologne, Haixu Yu graduated from the Chinese University of Political Science and Law in 2018, where he received LL.M degree, majoring in Chinese economic law and fiscal law. He received his LL.B. and B.A. degree in 2015 also at China University of Political Science and Law.

The financial credit information system and China’s evolving data protection law

1. March 2021

A new paper by Lu Yu and Björn Ahl

The headquarters of the People’s Bank of China in Beijing, supervising entity of the financial credit information system

How is data protected in the evolving Social Credit System? Both, social credit and Chinese data protection law is diverse and fragmented, making the search for an answer to this question a complicated endeavour. Lu Yu and Björn Ahl dive into one arguably most sophisticated arm of the Social Credit System, that is, the financial credit information system (FCIS) in their new article “China’s evolving data protection law and the financial credit information system: court practice and suggestions for legislative reform” (free draft here).

The FCIS is not only one of the most mature parts of the overall SCS, as it regulates private entity’s data collection, it also features stricter and clearer data protection rules than those Social Credit subsystems that include data collection by state organs. Most importantly, Chinese data protection law requires data subjects’ consent to the collection and further transfer of personal data. The authors have found the consent requirement to be incompatible with the functions and purposes of the FCIS, with data subjects having no real choice, as consent is linked to obtaining the financial service in questions. Hence, future rounds of reform should establish exceptions to the consent requirement.

In their article “China’s evolving data protection law and the financial credit information system: court practice and suggestions for legislative reform” (free draft here) the authors investigate the limits that Chinese data protection law imposes on the FCIS. The FCIS receives both financial credit data from financial institutions and public data from public authorities. Yu and Ahl analyse the legal framework and how data protection rules are applied in court practice, including the preconditions for and levels of protection afforded data subjects’ rights and the legal consequences of any violations of those rights. Although the courts have adopted differing approaches to the interpretation of data protection law, the authors find that they have established consistent practice in protecting data subjects against the transfer of incorrect negative data. Chinese data protection law provides for neither an effective legal basis nor for limits on the collection and transfer of public data by public authorities. The Information Security Technology – Personal Information Security Specification (2020, hereafter: Specification) provides comprehensive protection for the personal data processed by all organisations, including public authorities, but it is only a recommended standard that lacks binding authority. Although the 2012 Regulations on the Administration of the Credit Investigation Industry grant data subjects a number of rights, the courts have difficulties applying the data protection rules in practice. In sum, there is a need in both the private and public sectors for nationally applicable, binding and more sophisticated data protection rules.

→ What is the FCIS? Different public authorities organise and maintain their own credit systems. The FCIS is one system at the national level that is supervised by the People’s Bank of China and functions as a public credit registry. It draws on financial credit data, the discredited judgment debtor list system operated by the SPC, which concerns individuals or entities refusing or failing to comply with an effective court judgement; and the information system operated by the China Securities Regulation Commission in relation to capital market activities. Founded in 2006, the FCIS is a predecessor of the Social Credit System: Pursuant to the Interim Measures for the Administration of the Basic Data of Individual Credit Information, the FCIS collects and stores individual credit data to provide inquiry services to commercial banks and individuals. It further offers information to be used for the formulation of currency policy, financial supervision and other purposes provided for by law. Hence, the purpose of the FCIS is twofold: to inform financial institutions for the purpose of reducing credit risks and to provide information to regulators to support policy making. At the end of 2018, the FCIS held personal data concerning 980 million natural persons.

Progress was recently made with the introduction of personal data protection to the new Civil Code, and a comprehensive data protection law is currently on the legislative agenda. Because the Specification has already established a sound model by providing very detailed data protection rules, the future comprehensive data protection law should address the processing of data by public authorities and further refine the already established data protection principles in the Cybersecurity Law and Specification. Improvements in data protection, in particular the regulation of data sharing between public authorities, could serve to balance social governance and individual rights and contribute to enhancing the legitimacy of the overall SCS.

Lu Yu is a research assistant at the chair of Chinese Legal Culture of Cologne University. She is about to submit her dissertation on European and Chinese data protection law to the Georg-August-Universität Göttingen where she has conducted research since October 2017, after working as a legal counsel with Rödl & Partner in Guangzhou. Reach out to her at yuluna5(at)gmail.com.

Björn Ahl is Professor and Chair of Cologne University’s Chinese Legal Culture. Before joining the University of Cologne in 2012, he was Visiting Professor of Chinese Law, Comparative Public Law and International Law in the China EU School of Law at the Chinese University of Political Science and Law in Beijing. Prior to that he held a position as Assistant Professor of Law in the City University of Hong Kong. He has also worked as Associate Director and Lecturer in the Sino German Institute of Legal Studies of Nanjing University and as a Researcher at the Max Planck Institute of Comparative Public Law and International Law in Heidelberg. Find him on LinkedIn.

How Comprehensive is Chinese Data Protection Law?

1. February 2021

A new paper by Anja Geller

When I told people that I am writing an article about Chinese data protection law, the most common reaction was the question “does that even exist?” The surprised and doubtful undertone motivated me to find a convincing answer. On my way, I encountered some obstacles. There is a plethora of regulations with different scopes, legislation bodies and legal effects. Even for specialised Chinese lawyers, it can be difficult to figure out which norms apply in a certain case. In the end, I chose to restrict my analysis to the 13 most important Chinese regulations with a nationwide scope of application.

Lacking a unified law, these norms have to be seen in combination to determine the comprehensiveness of Chinese data protection law. As the European General Data Protection Regulation (GDPR) is one of the most comprehensive and modern data protection regimes, I used it as a framework. When viewing the Chinese norms against this backdrop, it quickly becomes clear that especially the non-binding norms and drafted provisions are the most progressive and strict ones. They show that the Chinese legislators are moving towards the European system rather than the US or a taking a third way.

However, as is common for such cases of legal orientation, “Chinese characteristics” remain. For example, strong divergences exist in the area of administrative penalties. Instead of a focus on severe monetary penalties similar to the GDPR, there are many different sanctions. Starting with warnings and orders to correct, infringers may face a suspension or closure of their business, revocation of their business licences or even a definitive ban from the profession. Furthermore, measures of “naming and shaming” such as the publication of these sanctions in the “Social Credit Register” and other public announcements may be ordered. Compared to the European medieval equivalent of the pillory, such punishments have a long and living tradition in China. Especially the emerging “Social Credit System” relies on such punishments and is presented as a crucial tool for making citizens and companies comply with the law.

Another “Chinese characteristic” is the “real-name registration” requirement, which has already existed in many other fields for quite some time. Providers of network access and other digital services have to require users to provide true identity information before allowing access. Although this may help law enforcement in digital environments, there are well-founded fears concerning its negative implications on privacy and the freedom of speech.

Nevertheless, there are also a lot of positive developments from a European data protection perspective. The Chinese legislators have been very active in recent times and many new regulations and drafts appear on an annual basis. In fact, on 21 October 2020, one month after the online publication of my article, perhaps the most significant draft was published: the “Law of the People’s Republic of China on the Protection of Personal Information (Draft)” (中华人民共和国个人信息保护法（草案）). In the article, I covered an already very promising draft of the same name, which was proposed by several delegates of the National People’s Congress (NPC) in 2017. The 2020 draft, on the other side, was published by the Standing Committee of the NPC as a whole, which gives it much more weight. Both drafts intend to become the first national “laws” that aim to protect the right to personal information as a primary goal. All other regulations that share this as a central objective are on a lower level in the hierarchy of norms.

A quick comparison of their lengths and the amount of their articles – 70 compared to 44 – suggests that the 2020 draft is even more comprehensive. Among the most striking innovations is the broad extraterritorial applicability of the 2020 draft, which is relatively similar to the GDPR. One could say that reciprocity prevails here. As the introduction of the European rules have led to much discussion and controversy, it will be interesting to see what the international response will be as this draft becomes more widely known. Since a more detailed treatment of this new draft would go beyond the scope of this blog post, I refer to the comparisons here, here and here (all in Chinese), and a comprehensive analysis here (English). When and in which form this draft will be enacted is still unclear. Nonetheless, it shows yet again that the Chinese lawmakers are actively working to create an increasingly comprehensive data protection regime.

Therefore, to the question whether or not a Chinese data protection law exists, the short answer is: yes.

The paper “How Comprehensive Is Chinese Data Protection Law? A Systematisation of Chinese Data Protection Law from a European Perspective” appeared in GRUR International 2020, 1191-1203. It is available via open access here.

Anja Geller is a PhD candidate at the Ludwig-Maximilians-Universität and a junior research fellow at the Max Planck Institute for Innovation and Competition, Munich, Germany. Contact her via Anja.Geller@ip.mpg.de or via Linkedin.

How to Build Your Municipal Social Credit System

26. October 2020

‘The trustworthy shall roam everywhere under heaven, while those who breach trust shall not be able to move a single step’ is the underlying maxim of China’s Social Credit System (SCS) project. Taking a step closer to understand what is behind this rhetoric quickly reveals that the SCS is better to be spoken of in plural, and the initiatives proliferating under it include projects as various as commercial loyalty programs, market regulation measures, and judicial enforcement mechanisms. But what does the central government envision in terms of a comprehensive system? We may find answers by looking at how the central government organs in charge of SCS building regularly assess the progress of the pioneers, cities. This is done through quantified criteria, so called SCS Construction Assessment Indicators. They offer a rare comprehensive depiction of how the perfect municipal SCS looks like in the eyes of the central planners. Based on these criteria, Marianne von Blomberg lays out what it takes to build a municipal SCS.

The National Development and Reform Commission and the People’s Bank of China, two major players in SCS creation, annually issue assessment indicators to evaluate the progress cities make on that front. Those performing best are designated “SCS construction model cities” (社会信用体系建设示范城市). Each of the twelve indicators in every set deals with what may be understood as one construction site within the larger SCS project. This is how they work: For progress on each site, cities get points. Further, a set of “hard indicators” includes ten concrete goals “which all must be completed without exception”. They may be regarded as centrally designed manuals for municipal SCS building which are handed to local leaders.

Filling a gap between the broadly termed conceptual central documents and the orders, legislation and specifications scattered across localities and realms which each relate to one of the SCS’s many parts, they are a rare official depiction of the whole SCS which is, moreover, translated into concrete criteria.

Step 1: Build your infrastructure for credit information production & sharing

The code: Under the unified social credit code, the gathered credit information is allotted to the then credit subjects. Issuing this code to legal persons and other organizations is a first fundamental element in SCS construction that reappears in all sets of indicators with the bar to earn points being raised throughout the years.

The records: Credit information is stored in credit records (信用记录, sometimes: sincerity files 诚信档案) that are to be set up by departments in charge of more than 21 realms as various as tax collection, construction, transport, e-commerce, birth control, education and research, environmental protection, law firms and lawyers, notaries, and for civil servants. In addition, the judiciary and providers of public utilities such as water, electricity and telecommunication are to gather and share information. What amounts to credit information differs across localities and administrations, it is commonly stipulated in credit information catalogues (find an example of such a catalogue here). As of 2019, Hangzhou has collected 140 million pieces of credit information, Suzhou has collected 350 million pieces, and Nanjing 1,4 billion (Zhu Lili 祝丽丽 2019).

The platform: Such credit information, once gathered, is directly to be forwarded to the credit information sharing platform (信用信息共享平台). The indicators of 2016 were the last to ask for the creation of such a platform, it was in the following years treated as given prerequisite. Its vital role in the system is illustrated by the fact that approximately one fourth of all points can only be attained if the platform is constructed. One indicator reads: “0.5 points are deducted for every city-level unit that is not connected to the credit sharing platform and sharing their information”. However, the experience of SCS construction model city Zhengzhou shows that linking up the platform with the sources of information such as administrative departments and providers of public utilities is a significant challenge.

Step 2: Make trustworthiness records the basis for decision-making in public administration

Joint reward and punishment: Joint reward and punishment (联合奖惩) refers to the realization of punishments and rewards in one realm to those entities who have been enlisted for trust-breaking or exemplary trustworthy behaviour in another realm. The ban to book high-speed trains for those who have defaulted on court judgments is an example. Joint reward and punishment was, upon the announcement of the first batch of model cities described as the “ring in the bull’s nose” of SCS construction, that, if being taken care of, will “cause all smaller things to follow.” Correspondingly, it has steadily gained importance in the indicators: 11% of all points in 2017 are to be achieved by implementing joint reward and punishment, jumping to 21% in 2018, and to 22% in 2019. Cities can gain points for example for each case where joint punishment was meted out against a trust-breaking entity or where benefits materialized for the red-listed, as well as for institutionalization of joint reward and punishment, meaning its integration in information systems and work procedures. Hard indicator 11 requires that “the number of realms where the city implements joint reward and punishment is not less than the respective number of realms at national level”.

Regulation by credit classification (信用分级分类监管) refers to adjusting the intensity of market regulation measures, such as random inspections, to the credit status of the relevant subject. Regulation by credit classification is on the ascendant, with a rise in proportional value within the respective sets of indicators of 9%, to 17%, to 22% from 2017-2019. This “novel type of regulation” is not only overhauling traditional market regulation but increasingly a tool for administrative agencies concerned with other realms. Since 2017 it has been woven into other indicator groups such as commercial sincerity, social sincerity and judicial credibility construction.

Step 3: Foster a market for credit products for individuals that make use of public credit information

A score: A municipal social credit score is to be set up for the respective city’s residents using their social credit information (this is what in Hangzhou is called the Qian River Score, in Fuzhou the Jasmin Score, in Suzhou the Osmanthus Score, etc). Through the “credit+ programs” enumerated below, public credit information translated into the score indeed follows a subject into numerous areas in daily life- in a rewarding manner.

Credit+ programs: Integrating market forces has helped to develop credit products that are to be used by local administrations in their daily work so that social credit information directly impacts how convenient a citizen’s everyday life is. In the 2017 indicators still vaguely termed “sincerity conveniences in public service”, the concept has matured into fully-fledged programs such as “credit easing procedure” (信易批) in the course of which administrative agencies tolerate the lack of secondary documents when proceeding requests of high-scorers. Likewise, “internet+credit+medical treatment”, “internet+credit+elderly care”, “credit easing transport” and “credit easing loans”, to name just a few of those programs enumerated in the latest set of indicators, allow high-scoring subjects certain privileges such as fast track handling of paperwork at hospitals.

Step 4: Equip your SCS with remedial paths- or don’t

From a legal point of view it appears striking that the objection procedures laid out at some length in province-level social credit regulations and recently reemphasized by the latest central level SCS guideline are not mentioned throughout the indicators. A careful deduction we can draw from that and the fact that the author could not yet find legal cases involving relevant provisions is that the focus of municipal SCS building lies on pushing forward the system’s coverage first.

Credit Repair: Not strictly speaking a remedial measure, credit repair (信用修复) refers to a procedure with the help of which credit subjects can have unfavourable credit information deleted and relevant punishment halted. They are required to eliminate all damages caused by their “untrustworthy” behaviour, or where that is not applicable, undergo “credit repair trainings”. The indicators award points to cities for cases of successfully completed trainings (possible in online formats and without final exam, making them easily circumventable) and the de-blacklisting of entities as a result of such.

Step 5: Make sure your city has a sound financial environment

Interestingly, the indicator on constructing a trustworthy financial eco-system seems to be standing on its own- other than the other indicators, it makes no mention of the credit sharing platform, blacklists, credit records, regulation by credit classification or other central SCS tools. Instead, points are given to cities on the bases of whether normatively, the level of trustworthiness is high. For instance, where no significant regional financial risk has occurred, the 2019 Indicators award two points. While most of the indicators seek to have a system of dealing with specific trust-related problems set up, the indicator on the financial eco-system is less concerned with SCS infrastructure building, but with the greater goal to achieve a more trustworthy financial environment. Further, this indicator alone is to be evaluated not by the assessment groups that handle the other indicators but by the PBoC alone.

Extras

Political ideology: It is less helpful for municipal SCS designers aiming for the title of SCS model city to put much effort on living up to political rhetoric. While the indicators do mention the ubiquitous Xi Jinping Thought, implementing the CPCCC’s and the State Council’s directives on the SCS (all eleven of them which are enlisted, translations here), and Socialist Core Values- The relevance of these elements in relation to the other indicators shrank from 11% in 2017 to 8% in 2018 and 2019, the 2016 indicators and the hard Indicators do not mention them at all.

Innovations and making use of local specialities: Notably, not even this indicator that explicitly encourages experimentation and lists examples mentions the application of AI and other technology that is frequently associated with the SCS. Indeed, the most high-tech element the indicators lay down is the building of the information sharing platform and credit websites. Most technological innovation for municipal SCSs appears to happen within the private sector: Cities gain points for fostering a market of credit products. How such products may eventually be “incorporated” into the larger, centrally driven project was demonstrated in early 2018: The PRC’s first credit scoring services that were given licenses to experiment with their products did not get the license in the end but were made minority shareholders of one PBoC-lead Credit Scoring entity called Baihang Zhengxin (百行征信, the whole story).

Marianne von Blomberg is a PhD Candidate at Zhejiang University’s Law School and Cologne University’s Chair for Chinese Legal Culture and working as a Research Associate with the latter. She is particularly interested in the intersections of the law and social credit and recently focuses on reputational sanctions within the Social Credit System. Get in touch with her on LinkedIn or follow her on Twitter.

European Chinese Law Research Hub

Tag: Social Credit System