Introduction
The 2022 Winter Olympics were held in Beijing, China from 4th Feb-20th Feb 2022. Even before the start of the Winter Olympics 2022, China was being criticised and accused of allegations pertaining to human rights violations and other related controversies globally. Around 180 human rights groups were of the opinion that all the leaders globally and the governments should boycott the Winter Olympics in Beijing as the Chinese government was held solely responsible for the genocide of the minority communities in China. The Canadian government along with the UK and the United States government were the ones who decided to diplomatically boycott the games; this meant that these countries would only send their athletes to be a part of the games, whereas the government delegates and officials won’t either attend the games or be a part of the event.
But was this the only issue raised by the officials?
The other issue that was largely concerning the majority and the same was being discussed everywhere from news channels to even the U.S Olympics and Paralympics committee was related to the ‘privacy’ of the athletes as well as the ones who were planning to attend the games in Beijing.
The catch to this privacy-related issue is that those who were preparing to attend the 2022 Winter Olympics had to compulsorily download a mobile application called “MY2022”. This app had multiple security flaws and resulted in privacy concerns that were very much applicable to both the domestic as well as international athletes along with the ones who were merely attending.
What is MY2022?
MY2022 is a mobile application that was made a requirement for all the athletes and the attendees of the Winter Olympic Games. The app performs multiple functions right from real-time chat with your contacts along with that video and audio options are also available for the users; users have the option to even share files with each other, as well as the app notifies its users about the weather and news updates. Furthermore, the app is also used to submit health customs information of those who are visiting China from other nations. This includes submitting the user’s passport details, demographic information along with travel, medical history (if any), COVID-19 vaccination status, and lab test results including users’ daily health status.
China’s intention behind collecting this information as per their official statements was to prevent the transmission of COVID-19 and hence was a part of the COVID protocol that was being followed during the Winter Olympics.
It was prescribed that all the athletes and attendees should download the app 14 days prior to their visit to China, and were required to monitor and submit their health information in order to track their health status on a daily basis. Many countries have relied on similar apps in order to track the health status of their citizens and the foreign travelers, especially if we take India as an example here, the app named ‘Aarogya Setu’ was extensively used and is even used today in order to monitor the health status of the people in India.
As per the Chinese government’s guide on the Olympic games, it was discovered that the MY2022 app was created by the Beijing Organising Committee for the 2022 Winter Olympics. However, later through public records and the App Store’s information, it was revealed that the owner of the app is a state-owned company called the ‘Beijing Financial Holding Groups’.
What does MY2022’s privacy policy state?
It is essential to note here that in order to make an app available on the Google Play store and/or on Apple’s App store, the app developer(s) may first publish their privacy policy. A privacy policy is a legal document mandated not just by Google or Apple, rather many federal and state privacy laws mandate the same and are one of their compliance requirements. Hence businesses and organisations who collect, store, and transfer their users’ data are required to draft and publish a privacy policy/privacy statement on their website, as well as the same should be made available on their app.
After reviewing the privacy policy of MY2022-
- From the domestic users, the app collects personal data that includes the name of the user, national identification number, phone number, e-mail address, profile picture, and employment information and such personal data may be then shared with the Beijing Organizing Committee for the 2022 Olympics.
- On the other hand, for international users, the app collects personal data that includes users’ demographic information, and passport details along with the details of the organization they are associated with.
MY2022’s privacy policy also states that the app collects and further uses the users’ daily health status as the same is reported by the users so that the authorities are able to track not just the health but also prevent the spread of the virus. Moreover, the privacy policy clearly states that COVID-19 vaccination status and lab test results are taken for the same purpose. The privacy policy in itself doesn’t state anything about where such personal data is shared, instead if we check the official playbook of the Olympic games, it states the list of entities to whom the personal data of the users’ are shared. The entities include- The Beijing Organizing Committee, Chinese authorities (such as the national government, local authorities, and authorities who are in charge of health and safety protocols), the International Olympic Committee, the International Paralympic Committee, and all other authorities who are in charge of the implementation of COVID-19 countermeasures.
It is essential to note here that the app outlines circumstances as to when it will disclose its users’ personal data without their consent, in cases wherein it is about national security, public health, and/or criminal investigations. Moreover, this list shouldn’t be considered as an exhaustive list.
What are the privacy concerns?
The privacy concerns relating to this app can be listed down to two major issues, and they are-
- Concerns regarding SSL certificates- Secure Sockets Layer or SSL functions with the help of encryption and digital signature in order to ensure safe transmissions of the data and with the aim to secure the flow of the communication between the user and the intended server. Unfortunately, the MY2022 app fails to validate SSL certificates, which means, it is difficult to determine whether the user is communicating to the intended server or to a malicious host that is pretending to be the intended and trusted server. Hence, the user’s information that was intended to be communicated or transmitted to the trusted server comes at risk.
- Concerns regarding encryption of sensitive data- The other privacy concern is that the app fails to safeguard the sensitive data during communication & transmission. It was found that the app transmits non-encrypted data, which means, such data can easily be read or collected by anyone.
- The other privacy concerns- The scariest concern is regarding the collection of audio of the users, as the users do not have much control over their microphones, and the audio can be easily collected at any time. Such data (Audio of users) is collected by a Chinese AI firm called ‘iFLYTEK’, surprisingly this firm has already been blacklisted by the United States due to major privacy concerns.
Concern relating to free speech
The other findings of this app are regarding the in-built censorship and surveillance keywords listed in the app by the developers in order to ensure and prevent the users of this app from making any comment, which the Chinese government doesn’t want the general public to talk on. However, it is also found that the keywords are not in action and are inactive in the app currently. The total number of words listed under this is around 2,442 and all of the words listed are considered politically sensitive in China. This kind of built-in censorship can be found in most Chinese apps, and the present observation is not surprising.
Violation of Chinese laws and other related privacy policies
The MY2022 violates China’s own laws on data protection & privacy. The Chinese laws pertaining to privacy and cybersecurity are- the Cybersecurity Law of 2016, the Personal Information Protection Law (PIPL), the Data Security law (DSL), and the Civil Code. If we closely look at certain provisions of these above-mentioned laws, we will come to know that the MY2022 even violates the Chinese laws.
In China, information relating to personal health or medical health can’t be transmitted with an active encryption framework in order to secure such transmission of the data, on the other hand as discussed above, MY2022 fails to perform such encryption during transmission of the personal data. Whereas even Article 51 of the PIPL talks about encryption and de-identification in order to safeguard the personal data, and the app fails to comply with that too. Moreover, Article 27 of the DSL states that the data processors who are involved in processing data, need to mention as to who is responsible for providing data security & necessary protection to the individuals’ data. Hence, the app violates this provision too.
Further, the app violates Google’s Data Security Policy and the Unwanted Software policy, as in order to comply with the former policy, all the apps listed in the Google Play Store need to state which type of data the app collects and whether it is protected with encryption or not. Whereas, in order to comply with the latter, then the listed apps must not collect sensitive personal information/data without encryption. MY2022 is liable to get blacklisted by Google and even from further getting installed by Google Play Protect.
Lastly, the app also violates Apple’s App Store guidelines, as it states that the app needs to have proper safety measures in order to ensure that the information collected/processed is not accessed by third parties and there is no unauthorised disclosure of the same.
Conclusion
If we are aware of Chinese politics, and how the laws function there, the present issue pertaining to privacy won’t surprise us at all. The Chinese government has always been into monitoring and censoring their citizens from speaking against the ruling party. If we further compare any other Chinese apps with the present one, we won’t be surprised, after all these privacy and censorship issues are largely found in all the Chinese apps and platforms. MY2022’s security issues pertaining to encryption can also be found in one of the most popular apps of this decade called Zoom. Privacy is not just a statutory or contractual obligation, it is a fundamental right of the citizens.
Great read! Your perspective on this topic is refreshing. For additional information, I recommend visiting: DISCOVER MORE. What do others think?
Indulge in sophistication with our black car service for seamless airport transfers to and from Dallas/Fort Worth International Airport. Travel in luxury and comfort aboard our lavish black cars and SUVs, ensuring a stylish arrival. Reserve now to elevate your journey with a refined travel encounter. Count on us for punctuality, reliability, and personalized convenience.
Black Car Service In Dallas Fort Worth is a professional chauffeur service that provides luxury transportation for business or pleasure. Black car services are typically more expensive than traditional taxi or limousine services, but offer a higher level of service and comfort.
Celebrate in style with our Miami bachelor and bachelorette party bus service. From spacious interiors to VIP amenities, our fleet ensures a memorable experience. Choose affordable luxury for your Miami party bus rental needs.
Discover Miami’s dynamic party bus rentals, offering diverse options for your event needs. Explore party buses in Miami, FL, for stylish and convenient transportation solutions. Elevate your celebration experience with reliable and affordable party bus rentals.
Discover reputable bus companies in Maryland offering reliable group transportation services. Whether for corporate events or leisure outings, Maryland’s transportation options ensure seamless journeys. Elevate your experience with KV Limo, which offers luxurious transportation solutions for various needs.
Airport Transfers Bahamas is proud to serve the island of New Providence with professional transportation services.
Nassau Airport to Atlantis – We’re excited to be able to provide professional transportation services from Nassau Airport to Atlantis and Paradise Island!
Bahamas Premium Transfers is proud to serve the island of New Providence with professional transportation services.
Owen Sound Taxi provides reliable and efficient transportation services in Owen Sound, Ontario. Our professional drivers and fleet of vehicles ensure safe and comfortable commuting for residents and visitors in the area.
Experience convenient transportation with Cabs Niagara Falls Ontario. Reliable Niagara Falls Taxi services, including Niagara Taxi, for seamless travel in and around the scenic Niagara region. Your trusted choice for local and tourist transportation needs.
Make your journey exceptional with Deerhurst airport limo. We provide top-notch Deerhurst airport luxury transportation, dependable Deerhurst airport taxi, and efficient Deerhurst airport Shuttle services for your travel needs.
Experience exclusive Airport Mercedes Sprinter Transfers in Chicago. Our premium service ensures comfort and style for group travels. Whether it’s for business or leisure, enjoy personalized transportation solutions tailored to your needs and preferences.
Experience luxury limo service between NYC and Brooklyn. Our NYC-Brooklyn limousine ensures a comfortable ride for all occasions, including airport transfers and chauffeur services. Book your NYC limo service today!
Explore Africa with Matadi Africa and Travel Tours, offering specialized travel experiences across South Africa. Services include African tours, Cape Town packages, and personalized travel solutions for an unforgettable African adventure.
Bay Area Car Service offers premium airport car service, ensuring reliable and luxurious transportation. Experience the best with our Bay Area limo service, town car service, and chauffeur service, providing exceptional comfort and convenience for all your travel needs.
Houston Shuttle Service offers reliable Houston Airport shuttle service, including IAH shuttle service and Hobby Airport shuttle service. Experience convenient and affordable Houston shuttle transportation service, ensuring timely pickups and drop-offs to and from all major airports in Houston.
Enjoy a premium transfer Dubai Airport to Atlantis The Palm. Choose our car from Dubai Airport to Atlantis The Palm or a limo from Dubai Airport to Atlantis The Palm for a comfortable ride from Dubai International Airport to Atlantis The Palm.
Best chauffeur drive experience across the UAE Our well-trained drivers with range of sprinter and premium cars are available 24×7
Airport Transfer Dubai (ATD) make sure that your every trip is comfortable
Unleash the allure of Dubai in our stretch limousines. For special moments, corporate travel, or leisure, our chauffeur-driven limousines provide a lavish and memorable experience, turning heads across the city.
When you looking Luxury Ride in Dubai we provide excellent transportation services at cheap rental rates. We offer top quality transport solutions in Dubai, UAE.