China’s Tech Boom Driven by Public Data, Highlighting the Dilemma Between Regulation and Growth

China’s Tech Sector Booms on Government Data Access
Fears Grow Abroad over Personal Data Leaks from Chinese Products
Beijing Struggles to Balance Regulation and Growth

Analysts say China’s technological rise has been fueled by vast amounts of data. Government-collected citizen data has been made widely available to industries with little regulatory oversight, providing a powerful growth engine for the country’s tech companies.

Public Data Powering the Growth of Chinese Tech Firms

According to industry sources on October 22, many Chinese tech companies have achieved rapid growth by leveraging vast amounts of personal data. A prime example is iFlytek, a leading voice recognition firm, which gained access to government-provided public data used to train speech, facial recognition, and artificial intelligence models. This access enabled the company to attain world-class technological capability in a short time. Today, iFlytek’s voice recognition technology is being used to enhance China’s industrial competitiveness.

SenseTime, now one of the world’s top facial recognition companies, followed a similar trajectory. With the government’s open data policy, the company trained its systems on more than 10 billion images and videos, building a massive data foundation capable of processing over 40 billion recognition and analysis requests annually. SenseTime’s technology is now deployed across 36 airports and metro systems for facial-entry control, and is also used in financial services for anti–deepfake identity verification, as well as in urban management, traffic systems, and building operations.

China’s willingness to open data so freely stems from its “regulate after implementation” approach. The government allows companies to use the personal data generated by its 1.4 billion citizens, imposing regulations only after problems arise. This combination of massive data access and advanced AI development has become a key driver of industrial growth in China’s tech sector.

Global Backlash Against Chinese Services and Products

The growing global aversion to Chinese-made services stems largely from these concerns. Many fear that using Chinese platforms—which operate with virtually no personal data protection—could expose not only citizens’ private information but even national security secrets. The controversy surrounding DeepSeek, an AI model developed by a Chinese startup, illustrates this perception clearly.

Following the so-called “DeepSeek shock,” widespread fears emerged over potential data leaks. Because DeepSeek is subject to China’s Data Security Law, it cannot be considered fully free from risks of personal information exposure. Enacted in 2021, the law requires companies to cooperate with the government when data is collected for national security purposes. In response, agencies such as NASA, as well as Texas and New York state authorities, blocked access to DeepSeek, while several European countries—including Italy—restricted its download from app stores. South Korea also banned downloads of the app, citing data privacy concerns.

Since then, concerns have expanded beyond DeepSeek to other Chinese products and services. E-commerce platforms like AliExpress and Temu, as well as internet-connected devices, have drawn renewed scrutiny over their potential security risks. Real-world incidents have reinforced these fears. In July last year, AliExpress was fined about 1.4 million dollars after it was found to have shared Korean customer information with 180,000 overseas sellers. In another case, a Chinese-made robot vacuum cleaner—Ecovacs’ “Deebot X2”—was hacked in Minnesota, where it reportedly hurled racial and sexual slurs at users and chased their pets, shocking consumers and further fueling distrust toward Chinese tech products.

Regulation vs. Growth: An Unavoidable Trade-Off

Experts say China’s growth model clearly illustrates the dilemma between regulation and technological advancement. One market analyst noted, “The weaker the regulations, the faster the pace of technological growth. In the tech industry, where the number of data points collected directly translates to competitiveness, privacy restrictions have a profound impact on how quickly companies can innovate.” The analyst added that countries like South Korea, which maintain strict personal data protection standards, inevitably struggle to keep up with the rapid growth of China’s tech sector.

South Korea’s National Assembly appears to have recognized this challenge. On October 21, the National Assembly Research Service published a report titled “AI Innovation and Personal Data Protection: A Path to Coexistence — Legislative Reform of the Personal Information Protection Act in Response to Data Demands for AI Development.” The report highlighted that as global competition in AI development intensifies, Korea’s current legal framework restricts the use of personal information for technological and industrial purposes, preventing the legislative environment from keeping pace with the realities of AI innovation.

The report pointed out that “the current legal system provides little clarity on how publicly available personal information can be used,” noting that the Personal Information Protection Act lacks specific standards for handling “publicly disclosed personal data,” which still qualifies as protected information. It further explained that the reasons permitted for secondary use or sharing of personal data are limited, and the current rules make it difficult to reuse or repurpose such data, resulting in a narrow scope for data reutilization.

To address this, the report recommended establishing a separate balancing-of-interests standard that considers the unique characteristics of publicly available personal data. Under this relaxed standard, data use could be allowed when the benefits of utilization outweigh privacy concerns, even if explicit consent is not obtained. Other proposals included permitting the free use of publicly available data when it is not intended to identify individuals, revising the special provisions on pseudonymized data, and updating guidelines on the “additional use and provision” of personal information to broaden the range of lawful data reuse.