Understanding Chinese Internet Users' Perceptions of, and Online Platforms' Compliance with, the Personal Information Protection Law (PIPL)

Abstract

The Personal Information Protection Law (PIPL) was implemented in November 2021 to safeguard the personal information rights and interests of Internet users in China. However, the impact and existing shortcomings of the PIPL remain unclear, carrying significant implications for policymakers. This study examined privacy policies on 13 online platforms before and after the PIPL. Concurrently, it conducted semi-structured interviews with 30 Chinese Internet users to assess their perceptions of the PIPL. Users were also given tasks to identify non-compliance within the platforms, assessing their ability to address related privacy concerns effectively. The research revealed various instances of non-compliance in post-PIPL privacy policies, especially concerning inadequate risk assessments for sensitive data. Although users identified some non-compliant activities like app eavesdropping, issues related to individual consent proved challenging. Surprisingly, over half of the interviewees believed that the government could access their personal data without explicit consent. Our findings and implications can be valuable for lawmakers, online platforms, users, and future researchers seeking to enhance personal privacy practices both in China and globally.