China is perhaps the first country to use tracking mechanisms through mobile phones and/or social media Apps such as WeChat and Alipay to track people’s movements or to stop people diagnosed of Covid-19 from travelling. It has now developed into a national Health QR Code System (Jiankang Ma). While an early study suggests that the health QR code had helped control the spread of Covid-19 in China, the effectively compulsory use of the QR code and the apparently unconstrained collection of personal information and data for the system have caused some major concerns about its potential for misuse or abuse at the expense of individual rights. Among these is a serious question concerning the protection of privacy in China, where a right balance between its protection and the need for safeguarding public health is yet to be established.

The emergence of a national QR code system

Hangzhou was the first city in China to introduce a health App in early February 2020, and soon similar mechanisms were widely promoted and adopted by local governments. This local development was quickly endorsed by the central government and, thus, China began to encourage the nationwide use of a health QR code system (or a (paper-based) health pass system where the electronic version was not yet available), without providing details or regulation, when the Notice on the Prevention and Control of Novel Coronavirus Pneumonia Epidemic with Scientific Precision was issued on 24 February 2020. The national system is built upon the ‘Internet + Medical Health’ system as well as other data systems that had been established by both public and private organisations.

As a local initiative, early adoption of the QR code system by local governments was inconsistent. Different versions of the code, containing different data and information, used in different places were incompatible. Further, it was claimed that the health QR code relies on ‘troves of data the authorities have collected from individuals — including their personal information, location, travel history, recent contacts and health status.’

Standardisation of the Health QR Code

Despite different practices at local levels, there were three sets of ‘uniform standards’ jointly issued, in May 2020, by the State Administration for Market Supervision and the National Commission on Standardisation for the establishment and national use of the health QR code. Among them is the ‘Personal Health Information Code –   Data Format’ (GB/T 38962-2020) which specifies four sets of information to be collected for the health QR code:

·       Personal data: name, gender, nationality, ID type and number, area of household registration, home address, contact phone number, basic health history, and other information;

·       Personal health information: body temperature, current symptoms, information relating to living and staying in high-risk areas, contact with people from high-risk areas, time of health declaration, and other information;

·       Travel history: local position for places where the person has recently lived and stayed for a certain period of time, including present location and travel information, and other information;

·       Health certification information: assessment result of current health by health information management authorities, including health risk grade assessment, assessment time and reasons for the assessment, medical test results, details of health testing institutions, testing time and sources of data, and other information.

The problem with such ‘uniform standards’ is that it is a set of open-ended demands for information and data with no restrictions on collecting or incorporating further information or data.

Further efforts were made in December 2020 through the Notice on Service Action Plan to Further Promote ‘Internet + Medical Health’ and the ‘Five First’ Services which was jointly issued by several State Council authorities. The Notice is to ensure that a uniform version of code would be followed by all local governments that would also be accepted nationwide under the policy of ‘uniform policy, uniform standards, mutual recognition and one code for all travel purpose’. Importantly, this Notice specifically calls for the incorporation of information and data stored in other electronic cards and apps including financial payment cards. A truly national health QR code system, storing a huge amount of personal information and data, thus began to emerge in China.

In practice, the health QR code in use is linked to information and data held by other systems, including data held by the civil aviation, railroad, highway, electronic toll collection, local bus systems, telecommunication operators, and payment data held by banks and other financial institutions. Others have reported the collection of such information as income, height, blood types, etc. Most recently, as part of China’s effort to push for a vaccine passport system as a means to open borders, information about nucleic acid test, vaccination and travelling history to high and medium-risk areas are to be automatically incorporated into the QR code.

Although participation is not made compulsory for all residents (for instance, elderly are specifically mentioned as a group of people who might need to retain the old paper-based system), the reality is more complicated. First, the refusal to information collection by linked systems would likely lead to the denial of many services, including telecommunication and banking services. Further, the health QR code is connected to the use of many essential services such as hospitals and travel. As a result, it is effectively compulsory for the great majority of residents. As for Chinese citizens returning from overseas, participation is mandatory. They are required to enter their personal information, health status, recent travel history and other information on a daily basis in advance via an international version of the health QR code.

A Battle between Protecting Privacy and Safeguarding Public Interests?

Not surprisingly, the use of these mechanisms has caused some major privacy concerns. Many are worried that their personal information may be leaked, and their information security could be compromised and the system might be used for other social control purposes, and this is despite the requirement by national guidelines that local governments standardise the use of personal information collected by the health QR code, strengthen data security management, and protect personal privacy.

Until this day, however, privacy concerns are yet to be properly addressed. In fact, in issuing the national standards for the contents of the health QR code system, the need to balance the protection of privacy with the need to sharing such information was heavily emphasised. Most recently, in mid-March 2021, four authorities under the State Council jointly issued the Provisions on the Scope of Personal Information Necessary for Common Types of Apps of Mobile Internet (effective 1 May 2021). These Provisions clarify for the first time the so-called necessary information/data for 39 types of common Apps. However, the health QR code is not covered by the Provisions, suggesting that the system will continue to be open-ended and privacy will only be a secondary consideration.