Insurance Data for Sale in China – Despite Strict Data Protection Laws


When William Zhang’s car insurance was about to expire in March, he didn’t need to look far for renewal options. In the two months before the policy was up Zhang received calls almost daily from insurers trying to sell him a new one.

Since his initial policy was from Ping An Insurance Group , it was natural the company had been in touch.
“What surprised me is how other insurance companies know that,” said Zhang, a 26-year-old government employee from Shandong. He said they had the same problem with three other car owners, Reuters.

According to sellers and financiers interviewed by Reuters, personal data were widely circulated in China and could be collected for pennies byinsurance companies, banks, credit sharks and fraudsters.

In May, China enacted the most comprehensive data protection legislation today, and narrowed restrictions on the sharing of private data held by financial institutions and other companies.

“Personal information leak is risky,” said Susan Ning, partner at the King & Wood Mallesons law firm in Beijing. “Such information can facilitate other crimes,” he said.

Data trading
Insurers usually take the numbers from online online merchants, who are illegally receiving information according to the people in the sector.

Some companies have disclosed Michelle Hu, a partner at Boston Consulting Group, who advises on insurance contracts that they illegally buy information from motor vehicles, car registrar authorities, car dealers or police stations.
By entering key words such as “personal data” or “mobile phone data” in China, Reuters found more than 30 groups for the purpose of selling and purchasing personal information in the instant messaging service QQ and Baidu Inc’s Tieba forum site.

Baidu refused to comment. In a statement to Reuters, Tencent said “it depends on the protection of user privacy and the protection of data security.”

Informationalists publish ads in online groups and negotiate with buyers via QQ or private messages in WeChat.

Five vendors offered to sell the Reuters lists from financial institutions such as “people needing credit”, “people needing insurance” and “30 to 50 Shanghainese men”.

The price of this information varied among the sellers, ranging from 300 yuan (43.64) to 10,000 yuan.

A sample list included dates of birth, car and host status and mortgage information in addition to name and phone numbers.

Reuters could not confirm the truth of the information.

Three lenders selling mortgages for the three leading Chinese lenders said that customer information was mostly sold by bank employees.

According to Reuters’ communications with these two platforms, some internet companies also provide sensitive personal information for a fee.

For example, Duoi Technology, a Wuhan-based company, operates a personal information search platform.

The Duoku for 5 yuan will return the identity picture of any Chinese citizen given the name and ID number. For 3 yuan, the site returns the data about the use of a person’s mobile phone.

Reuters confirmed that both services worked. The person who requested the ID photo did not know how to get the photo of the services or phone bills.

When Duo asked where he bought or bought the information, Duoi Technology spokesman said that most of the data was purchased from online merchants and sold to bankers and insurance companies.

“Financial institutions use our service only for risk management purposes,” he said.

Reuters’ first published hours posted news that Duoko Technology’s websites removed the above-mentioned products and will not sell them to individuals in the future.

Law and order
Data privacy has also become the biggest problem in the world. Companies like Facebook have criticized users for collecting and selling their personal data without open source. Online frauds are also common in other countries.

Experts say that despite the efforts of consumers to protect consumers in China in recent years, the proliferation of online financial platforms and users has led to an increase in the sharing of personal data.

According to the current legislation, personal information sellers may face up to seven years in prison and fine, while purchasing personal data may be fined by penalty and up to three years’ imprisonment. Companies are subject to similar legal penalties.

Despite such an upsurge, according to a Union Pay report in May, about 90 percent of phone fraud results from personal information infractions.

“The center of this problem is the high economic benefits associated with the low costs of breaching personal information trade and related laws,” Ning said.

“For some authorized people, the personal information of the others is only a few clicks away.”

Ning said other reasons behind personal data breaches include lack of security measures in some web sites and ambiguous terms in certain contracts related to the use of personal contracts.

Ning said, “China has a large population and data privacy cases have a wide coverage, so it can be quite difficult to investigate.”

New guidelines for companies handling personal data were issued by regulatory agencies in May, and consumers were recruited during the recruitment of compliance officers and the collection of personal information.

The European Union’s new rules on privacy protection – the General Data Protection Directive – went into force the same month.

EU regulations, which will affect Chinese companies selling their products or services in the European Union, seem more restrictive than the Chinese. Chinese rules make it possible, for example, to give silent or tacit approval when the European rules do not apply.

Legal warning !
The information, comments and suggestions there are not covered by investment advice. It is based on the author's personal opinions. These views may not fit your financial situation and risk and return preferences. For this reason, based solely on this information, investment decisions may not have the appropriate consequences for your expectation. Our Site is not responsible for any direct or indirect damages incurred by the investors as a result of the use of the information on the Site, deficiencies in the sources, damages incurred by profit, moral damages, or damage to third parties.