BACKGROUND
Digital technologies, especially contact tracing apps, have been crucial in monitoring and tracing the transmission of COVID-19 worldwide, which presented challenges to personal information protection. In China, health code apps were implemented as an emergency response to the pandemic and planned for broader public health services. However, potential problems within privacy policies may compromise personal information protection under the Personal Information Protection Law (PIPL).
OBJECTIVE
Our objective is to evaluate the legal protection of personal information in the privacy policies of health code apps.
METHODS
This paper presents the first content analysis and quantitative research on privacy policies for health code apps in China, emphasizing the information processing justification and the informed consent. Using a mixed-methods approach, we reviewed regulatory documents and 28 available privacy policies.
RESULTS
Our findings reveal unsatisfactory compliance with PIPL, including the lack of specific purpose and sufficient necessity for processing personal information, inadequate notification and the absence of separate consent.
CONCLUSIONS
China should develop a balanced policy addressing both public health and personal information protection while facing the crossroads regarding the future of health code apps. The specific purpose of applying health code apps in public health services and the sufficient necessity for processing personal information should be reconsidered and articulated explicitly. Meanwhile, users’ informed consent must be obtained, including comprehensive notification and separate consent.