Regulating Finnovation: China’s Data Conundrum
The Venture Studio at Anthemis Group identifies opportunities for high potential founders in dynamic markets, and invests human and financial capital into this intersection.
As China transitions into a consumption-driven economy, its ‘techno-utilitarian’ approach has proven extremely effective — enabling startups to launch early, while assessing the implementation of regulation along the way.
Proactive agile regulation is the key enabler for the thriving Baidu, Alibaba and Tencent (BAT) ecosystems, and the emergence of China’s globally-leading fintech sector, which realised a record high investment of $15.1bn in H1 2018.
The Value Exchange
“If they [Chinese citizens] are able to exchange privacy for safety, convenience or efficiency, in many cases, they are willing to do that, then we can make more use of that data.” — Robin Li (Co-Founder and Chief Executive, Baidu)¹
Historically, what has differentiated China from its Western counterparts is the lax attitude towards the sharing of personal information. Chinese consumers have placed far less value on personal data than the likes of the US, UK and EU. In fact, a survey conducted by China Youth Daily showed that 60%of respondents’ default mobile app settings allowed for the sharing of personal information.
To quantify this, Chinese netizens are expected to pay around US$4.48 (0.03% GDP) per person to protect their digital information, compared to Germans who are estimated to pay 41x more, at US$184.20 (0.39% of German GDP).
That is, until now.
Shifting Sentiment
“[Chinese consumers are] no longer content with preventing information from being used for fraudulent purposes…Now they want control in protecting their privacy.” — Nie Zhengjun (Chief Privacy Officer, Ant Financial)²
Data privacy has become front of mind. Rising activity in the illegal data trade has exasperated the situation, with 85% of respondents from a China Consumers Association survey claiming that they’ve been victims of data leaks.
Widespread allegations point fingers at the BAT for faults in their ‘privacy protection’ policies (or lack thereof).
Ant Financial (Alibaba) came under fire earlier this year for check-by-default enrolment into its Sesame Credit credit scoring system — without consent. Baidu was accused of monitoring user’s phone calls and illegally gaining access to data — again without consent. In fact, Chief Executive, Robin Li’s comments on the trade-off between privacy and convenience received strong negative reactions overall.
Weixin (WeChat)
Perhaps, most controversial is the position of Tencent’s Weixin. With 963mn MAUs, Weixin has an 83% penetration rate among China’s 717mn smartphone users, reaching 92% in first-tier cities — it is a way of life in China.
Yet some are rebelling.
Weixin has been subsidised by the Chinese government since its launch in 2011 and it is well known that censorship and monitoring occurs. Extending beyond the censorship of foreign apps, integration ensures that the administration has data autonomy across the Weixin ecosystem.
WhatsApp is the latest foreign messaging app to be banned by Chinese authorities. Many believe the basis for this is its end-to-end encryption service which inevitably restricts government access to conversation data. Around this time, Tencent updated Weixin’s pro-privacy policy which became misconstrued by users as an admission of data-sharing with the government. As such, Tencent publicly clarified these terms, emphasising their commitment to user protection through message encryption. Accounting for the government’s involvement in the service, it remains questionable whether this was to detract attention from the root cause of WhatsApp’s ban, or not.
As most are aware, the EU’s General Data Protection Regulation (GDPR) became enforceable on May 25th, 2018. What may come as a surprise though, is that China implemented its own version of GDPR on June 1st, 2017 — The China Internet Security Law (‘Cybersecurity Law’).
In aligning with global cybersecurity laws and best practices, this national legal framework is actually more rigorous than its EU counterpart. How? Well, China has limited legal collection and the use of personal data on the basis of consensual grounds only. This is not the case within the EU, whereby there are multiple legal avenues that can be exploited.
In principal, one would expect that Chinese netizens would embrace this new regulation. However, as highlighted above, frustrations continue to build during this post-implementation period and there is continued hypersensitivity around this issue. The reason for this: the laws are worded to ensure utmost flexibility on behalf of the government’s access to data. For example, companies are still able to collect data without consent, provided it is justifiable in its relationship with either (a) completing a transaction or (b) protecting a service or network.
The Domino Effect
In the same vein, China’s peer-to-peer lending industry has consumers up in arms. With $217.96bn in outstanding loans, this exceeds the combined value of the rest of the world.
Demand aside, constraints within the Chinese banking system see only 30% of individuals having access to lending facilities. SMEs account for 60% of the GDP, yet only 20–25% are eligible for financing from the Big Four state-owned commercial banks. Package this with solid flows of investment capital bundled with an attractive yields (8–12%) and we have a recipe for disaster.
Lax regulation saw a spurious level of market growth, reaching a peak of 3 500 online P2P lending businesses (300x growth) in 2015 alone. The typical P2P borrower is between the ages of 20 and 39, earning between $300 and $1,200 a month, with little credit history. Opportunists preyed on these consumers, creating unrealistic yield expectations.
Inevitably the system imploded, and it’s only getting worse.
While there are multiple fraud causes, Ezubao catalysed the government’s urgent regulatory overhaul. The long and short of it is that Ezubao, at $9bn, turned out to be one of the biggest Chinese Ponzi schemes on record. In response, the government has chosen to fight back by implementing its first regulatory instrument for online lending — Interim Measures on Administration of Business Activities of Online Lending Information Intermediaries.
“Ironically, a policy backed by official guidance has led to financial turmoil for tens of millions of families.” ³
Since then, China has ceased the issuance of new online P2P licenses altogether. In addition, lenders had until June 2018 to submit for an operating license; provided they enforce higher capital requirements, appoint custodian banks, provide full disclosure of fund information and ban unsecured cash loans.
As the deadline fast approached, a lack of investor confidence saw large deposit withdrawals. This caused panic amidst the already tarnished market, leading to mass protest and even a case of suicide.
Ironically, the June 2018 deadline has been extended to 2020. While it provides greater opportunity for lenders to comply with regulation, this may prove to be a stopgap more than anything else. Uncertainty surrounding market credibility still creates ample cause for concern. Investors are worried, but if the extension can help to calm sentiment and reduce bankruptcy risks for lenders, perhaps they can rectify their financial position, which in turn may help to stabilise the industry over the long run.
The Western World
Despite the West’s regard for data privacy, combined with its measured approach towards tech innovation, one can’t help but highlight the Facebook and Cambridge Analytica scandal of 2018. Up until April 2015, companies/developers using Facebook’s Graph API were freely acquiring a rich dataset at a ratio of 1:185. To put that into perspective, all it took was eight million downloads to cover Facebook’s entire user base — it’s no surprise that nine million apps and websites took advantage of this.
What were the repercussions? A £500,000 maximum fine as per the UK’s Data Protection Act of 1998 (under the GPDR the fine would be the higher of €20 million or four percent of annual global turnover). The best part: Facebook is appealing this.
While it’s easier said than done, the key is to strike the right balance between innovation and consumer protection. In the financial services space, this extends to ensuring that regulatory efforts are constructively enhancing the status quo, reducing risks and encouraging high-quality market players.
The West needs to be cognisant of this balance and the knock-on effects of lax regulation versus regulatory overkill. While this is context-dependant, the crux of it all is that despite the benefits of sharing one’s personal data, data privacy is front of mind for the modern day global netizen.
As public sentiment continues to shift, it will be interesting to see how the situation in China unfolds. Considering the cause and effect relationship between tech innovation and its contribution to economic growth; regulatory overhaul may jeopardise the country’s position as a global innovation hub. Driven by the ambition to become a global AI powerhouse by 2030, China is at the sharp end of the Fourth Industrial Revolution. However, if current trends around data privacy and regulation unfold, its greatest strength may be its biggest weakness.
If you or your network are passionate about this space, and would like to learn more, please feel free to reach out.
E: Dario@Anthemis.com
[1] CRI Online, March 2018, “Baidu Chief Under Fire for Privacy Comments”
[2] Economist, January 2018, “In China, Consumers are Becoming More Anxious About Data Privacy”
[3] Tang, Z, Lahiri, T & Huang, E, August 2018, “How Peer-to-Peer Lending Turned Middle-Class Chinese Dreamers into Angry Protestors”
