Sage Journals: Discover world-class research

Abstract

As a key constituent of China's approach to fighting COVID-19, Health Code apps (HCAs) not only serve the pandemic control imperatives but also exercise the agency of digital surveillance. As such, HCAs pave a new avenue for ongoing discussions on contact tracing solutions and privacy amid the global pandemic. This article attends to the perceived privacy protection among HCA users via the lens of the contextual integrity theory. Drawing on an online survey of adult HCA users in Wuhan and Hangzhou (N = 1551), we find users’ perceived convenience, attention towards privacy policy, trust in government, and acceptance of government purposes regarding HCA data management are significant contributors to users’ perceived privacy protection in using the apps. By contrast, users’ frequency of mobile privacy protection behaviors has limited influence, and their degrees of perceived protection do not vary by sociodemographic status. These findings shed new light on China's distinctive approach to pandemic control with respect to the state's expansion of big data-driven surveillance capacity. Also, the findings foreground the heuristic value of contextual integrity theory to examine controversial digital surveillance in non-Western contexts. Put tougher, our findings contribute to the thriving scholarly conversations around digital privacy and surveillance in China, as well as contact tracing solutions and privacy amid the global pandemic.

Keywords

Health code apps perceived privacy protection contextual integrity digital surveillance COVID-19 China

Introduction: Health Code apps as digital surveillance instrument

Across different national contexts, contact tracing apps have been proven effective in reducing the spread of COVID-19 (Urbaczewski and Lee, 2020). China is the first country to launch mandatory implementation of its contact tracing solution, Health Code apps (HCAs), and has upheld a nationwide adoption even domestic COVID cases have been relatively low since March 2020. In response to the initial outbreak, local governments promptly worked with Alibaba and Tencent to develop their own HCAs, and then enforced them on local residents and constantly updated in line the central government's guideline for stringent COVID-19 transmission control. Despite data discrepancies among local versions and a slow process to unify, HCAs are widely considered essential to the claimed success of domestic pandemic control and as a token of accomplishment regarding China's digital governance (Chen et al., 2022).

Further, HCAs allude to China's distinct approach to digital surveillance, which has drawn consistent accentuation and enhancement across central and local governments since the late-90s. Notably, the state has revealed unyielding interests in big data technologies such as artificial intelligence, cloud computing, and facial recognition over the past decade (Su et al., 2021). With substantial supports from the private sector, a new generation of digital surveillance instruments is built on data-driven algorithms and orchestrated to bolster a more encompassing “architecture of social management and propaganda” (Jiang and Fu, 2018: 382). The social credit system (SCS) is an exemplary case. Lauding big data technologies as a symbol of modernization and a solution to a variety of economic and social issues, the state has turned to the Internet giants like Alibaba and Tencent for collaboratively developing SCS based on their technological expertise and data assets (Lv and Luo, 2018). This sort of relationship has then made commercial platforms (e.g., Alipay and WeChat) as the fundamental infrastructure of SCS since numerous customer data is aggregated for centralized data analytics against every citizen (Jiang and Fu, 2018; Liang et al., 2018). The resulted social credit ratings set seemingly objective criterion by which the Chinese government can legitimize its regulations on people's Internet-based and -enabled activities in line with preferable social norms and moral values (Kostka, 2019).

Such technical foundation and surveillance approach are further stretched to the design and implementation of HCAs in China. HCAs now primarily function as a proxy to tell whether people are exposed to or already contracted COVID-19 by color-based codes (Liang, 2020). Like SCS, these apps are based on the commercial platforms and become data-driven tools that first send self-reported individual data to local data systems. Then, the data is analyzed against a plethora of individual digital records to assign color codes (Yang et al., 2020). Meanwhile, the apps aggregate and channel the processed data to state-level database for strengthening centralized political power and standardizing local governing practices (Sun and Wang, 2022). In this sense, the everyday use of HCAs connects app users to data systems which synthesize social information from authorities responsible for public health, public transportation, border control, community governance, etc., and ultimately facilitate nationwide restoration of economic and social orders.

Thus, we contend that HCAs are another staple instrument that manifests China's endeavors incorporating big data technologies into its ever-expanding surveillance capacity. Apart from the assumed role to contain the virus transmission, HCAs have turned individual health data like medical records and biometrics into a critical asset to reinforcing political control and social management. These apps characterize the design and implementation of China's digital surveillance inextricably tied to the power interplays in shaping big data technologies between the central and local governments, as well as the public and private sectors. Although HCAs and other digital surveillance instruments have earned a significant degree of public support in China (Su et al., 2021), they have posed significant challenges to individual privacy rights on account of the state's limited interest in and capacity for privacy regulation (Lv and Luo, 2018). Citizens’ privacy protection is often deemed less politically consequential as the relevant regulations typically fall short of addressing the public's lack of privacy trust in both commercial and non-commercial online services (Luo and Lv, 2021; Wang and Yu, 2015).

Among the proliferating body of research on pandemic surveillance, several studies have examined the technical architecture and political underpinnings of HCAs, and the public perception during the early launch stage, albeit with limited attention paid towards user privacy (e.g., Liang, 2020; Liu and Graham, 2021; Meng et al., 2021; Sun and Wang, 2022). Also, these studies are yet to fully consider the specific use context of HCAs and extensive user experience against the evolving backdrop of China's digital surveillance. Articulating how Chinese users engage with the privacy dimension of HCAs after mass adoption not only casts new light on the escalating tension over digital privacy in China, but also brings unique evidence to the crucial debates on contact tracing solutions and privacy worldwide (Bengio et al., 2020).

To address the research gaps, this article focuses on Chinese users’ perceived privacy protection of HCAs contextualized in everyday use, especially to chart influential factors from the use context and interpret their respective effects on the privacy perception. We first elaborate on the use context of HCAs and identify a set of factors affecting users’ perceived privacy protection based on the theory of contextual integrity. Then, leveraging survey data from 1551 adult HCA users in Wuhan and Hangzhou, we find a relatively high level of perceived privacy protection among the users, and interpret the substantial impacts of users’ perceived convenience, attention towards privacy policy, trust in government, and acceptance of government data management on the privacy perception. Moreover, we discuss how our findings contribute to ongoing conversations around digital privacy and surveillance in China, as well as contact tracing solutions and privacy amid the global pandemic.

Literature review: A unique use context of HCAs

Examinations on contact tracing apps have been primarily conducted in Western societies. Prior research has delved into the degree of people's willingness to adopt the apps and underscored public concerns over digital privacy and data security as the major hindrance to mass adoption (e.g., Hargittai et al., 2020; Urbaczewski and Lee, 2020). Nonetheless, this analytical approach cannot be simply replicated in our case because of HCAs’ use context differentiated from the Western counterparts.

First, the mandatory deployment of HCAs conditions a high diffusion of contact tracing apps in China, whereas it confines users’ opportunity to opt-out of HCAs adoption and the underlying data collection process. Specifically, in using HCAs the first time via Alipay or WeChat, users can only agree to a user authorization form that allows personal information to be collected for code generation; besides, canceling or adjusting the authorization would cause HCAs to malfunction, leaving users with a great deal of life troubles. Second, the actual user experience of HCAs is not solely determined by data. At the practical level, using HCAs involves human inspectors whose primary duty is to execute code-based passage rules, but the rigorousness of rule enforcement could vary significantly from place to place and time to time (Liu and Graham, 2021). For example, oftentimes inspectors at a place where uptick in COVID cases is observed would adopt “no code, no pass” rule given that strict lockdown measures are effective, but nevertheless turn perfunctory on code checking soon after the measures are relaxed. Third, despite palpable privacy risks attached to rushed innovations like contact tracing apps, there have been shifts in the political and public discourses to justify public health outweighing individual privacy (Newlands et al., 2020). It is particularly salient in China as the central government marshals its media system to frame the imperative of adopting HCAs and other digital surveillance instruments as a collective value and benefit (Kostka, 2019; Liu, 2021).

This context has subjected users to mandatory information disclosure and data sharing, which may result in social repercussions at the individual level. Yu (2020) argues that HCAs have enabled unprecedented practices of biometric surveillance, which is conducive to gendered information disclosure against women in China. Meng et al. (2021) find that HCAs strengthen social governance to control flow of people between different areas, yielding regulated physical mobilities that discriminate those socially and technologically dependent on others. Sun and Wang (2022) portray HCAs as a social infrastructure that repurposes the existing data systems for deterring users from violating pandemic control rules and modifying individual behaviors in accordance with a desirable mode of citizenry. As shown in the case of SCS (Kostka, 2019; Kostka and Antoine, 2020), how users perceive and respond to the privacy dimension of digital surveillance instruments in China are contingent on their individual characteristics, beliefs, and user experience that is tied to the instruments’ functionality. However, it remains unclear how these factors are related to the use context, and how they affect users’ perceived privacy protection.

Contextual integrity in the use of HCAs

We draw on the theory of contextual integrity (CI) to interpret how users engage with the privacy dimension of HCAs in China. Nissenbaum (2004, 2010) coins and develops CI to better steer the privacy debates surrounding public surveillance and emerging technologies. CI sheds light on the role of contexts in characterizing the nature of personal information and the norms of information processing (e.g., transmission and disclosure). Contrary to applying a homogenous understanding of privacy, CI allows for deliberate accounts of whether health information like HCAs data is legitimately collected, aggregated, used, and reused in specific use contexts (Winter and Davidson, 2019). In the same vein, CI challenges the dichotomy of public/private data by highlighting “a multiplicity of information types” premised on contextual specificity and refuting any stoppage of information flows as the only parameter contouring privacy (Nissenbaum, 2019: 230).

Specifically, according to Nissenbaum's (2019) fundamental theses of CI, framing privacy rests on whether personal information flows are appropriate in relation to privacy norms¹ contingent on the context. These norms, presented in varying forms of social standard (e.g., explicit or implicit), are set to “describe, prescribe, proscribe, and establish expectations for characteristic contextual behaviors and practices” (227). As such, privacy is manifested and protected so long as information flows meet people's expectations governed by the norms in a given context. For instance, Vitak and Zimmer (2020) ascribe high US public acceptance of contact tracing solutions proposed by Google and Apple to the accordance between technical features of data management and people's privacy expectations. On the flip side, people may consider their privacy violated when information flows are not aligned with the norms. For instance, Hargittai et al. (2020) highlight that Americans’ resentments toward government contact tracing technologies stem from concerns over potential long-term citizen surveillance attached to the technology use. Viewing HCAs as digital surveillance instrument, we treat users’ perceived privacy protection of HCAs is synonymous to their reflection on privacy norms that dictate information flows under a public surveillance circumstance. In this vein, the perceived privacy protection denotes the degree to which users’ privacy expectation is fulfilled when being aware of the government's surveillance goals.

The fundamental theses of CI (Nissenbaum, 2019) also set out five key parameters defining privacy norms—subject, sender, recipient, information type, and transmission principle—and bring attention to specifying their respective values in the shaping of norms. Meanwhile, the theses suggest that interrogation of the ethical legitimacy of privacy norms be tied to examining contextual layers, including interests of affected parties, ethical and political values, and contextual functions, purposes, and values. Detailing and synthesizing all these parameters and layers is a demanding work far beyond this article's scope. Instead, we leverage the theses as a heuristic perspective to map out a set of key individual-level factors affecting HCA users’ reflection on the privacy norms.

Privacy policy attention and protection behaviors

The transmission principle refers to the constraints on “who sent the information, who received it, about whom it is, what types of information are involved” (Nissenbaum, 2019: 228). Among the parameters defining privacy norms, the transmission principle often plays a pivotal role in rendering information flows to an extent of appropriateness with respect to the context and involved actors. In the context of contact tracing apps, users recognize and comprehend transmission principles by reading privacy policies, which specify steps and rules of data sharing (Bengio et al., 2020). Besides, users’ consent with privacy policies conditions appropriates flow of information from sender to recipient (Nissenbaum, 2019).

Existing research often contextualizes users ‘engagement with privacy policies in commercial Internet services and has demonstrated a pervasiveness of ignoring policies (e.g., Bakos et al., 2014). Even among users who choose to read the policies, the attention is often insufficient despite the intensive privacy concerns they bear (Obar and Oeldorf-Hirsch, 2020). Yet, explicit, succinct, and readable privacy policies are critical to promoting trust in contact tracing apps, henceforth society-wide adoption in a timely manner (Bengio et al., 2020). Standardization Administration of China (SAC) has required the data collection process via HCAs must be premised on users’ consent or authorization along with provision of privacy policies (2020a). As such, we postulate that as HCA users pay sufficient time to the policies, they would form positive views of their privacy in using the apps.

H1:

The degree of HCA users’ attention paid to privacy policies is positively associated with their perception of privacy protection.

In parallel to the transmission principle, actors that include subject, sender, and recipient constitute another pivotal role in driving the formation and shift of privacy norms. Notably, the respective value of and the relationship between actors account for the very fabric of context (Nissenbaum, 2004, 2019). Applied to the use of HCAs, subject and sender are almost overlapped in that most Chinese citizens report personal information for themselves, except those lacking digital access and know-hows, e.g., seniors. Moreover, the recipient is government agencies responsible for public health administration and Internet surveillance across the central, provincial, and local levels (SAC, 2020b).

To chart the values of actors, one must refer to the contextual ontologies that prescribe how actors’ identities are performed; also, it is essential to factor into the use aspect that concerns a variety of practices around the information flow (Gerdon et al., 2021; Nissenbaum, 2019). In this regard, it is important to note HCA users’ mobile privacy protection behaviors. Studies centered on commercial Internet services, like social networking sites, have shown users’ practice of privacy protection can reflect the degrees of individual privacy skills and cautions against privacy risks on mobile devices (Bright et al., 2021; Büchi and Latzer, 2017; Hargittai and Marwick, 2016). Besides, HCAs are released as mini programs of Alipay and WeChat, two super commercial apps that mediate a myriad of Chinese citizens’ online activities and have become integral to Chinese mobile experience (SandP Global, 2019). That is to say, the everyday practice of HCAs is built into rather familiar app environments to most Chinese users.

People's frequent privacy protection behaviors indicate their high technical familiarity with mobile privacy, causing mobile activities with less privacy concerns (Bright et al., 2021; Park, 2013). Along this line of studies, we suggest the users’ mobile privacy protection behaviors have significant implications on their perceived privacy protection in using HCAs. It is possible that the users’ adoption of privacy protection behaviors regarding their everyday mobile activities is instrumental in shaping their perception of HCAs’ privacy protection.

H2:

The frequency of HCA users’ mobile privacy protection is positively associated with their perception of privacy protection.

Sociodemographic status

From the perspective of CI, actor values are usually identified with respect to exact occupations or jobs in a given context, such as patient and doctor in a hospital (Nissenbaum, 2019). By contrast, users’ professional background is non-specific to the contexts of contact tracing apps. Sociodemographic status becomes a more influential value to how the subject/sender defines his or her privacy expectation. For instance, drawing on survey data about American adults, Hargittai et al. (2020) find older populations are less willing to adopt contact tracing apps, whereas those better educated are more willing.

Prior research suggests that Chinese perception of online privacy varies by sociodemographic status. For commercial Internet services, males are in general more confident in protecting their online privacy than females (Wang and Yu, 2015). Compared with rural women with limited educational obtainment, female college students are more aware of the technical aspect of online privacy and more capable of managing their information disclosure (Wang et al., 2020). For digital surveillance instruments, those who are older, wealthier, better educated, and living in urban areas are inclined to hold supportive views while downplaying the privacy risks of SCS (Kostka, 2019). Also, users having higher incomes and higher educational obtainments are most receptive to the norms embedded in SCS, thereby yielding behavioral changes for individual benefits (Kostka and Antoine, 2020). Combining these findings, we posit certain social groups, i.e., male users, older generations, the wealthy and well-educated, and urban residents, tend to perceive privacy protection well when using HCAs.

H3:

Male, older, wealthier, better educated, and urban HCA users are more likely to perceive high privacy protection.

Trust in government

In general, whether people have trust in government exerts huge impacts on their attitudes and adoption willingness towards contact tracing apps distributed by government (Bengio et al., 2020; Hargittai et al., 2020). Specifically, trust is pivotal to mitigating people's perceived privacy risks attached to contact tracing apps, thereby leading to increase in adoption rate (Duan and Deng, 2022). This role of trust is also evident in the context of HCAs from the CI perspective. The relationship between actors in using HCAs is rather straightforward: as the subject/sender, Chinese citizens adopt the apps in accordance with the mandatory deployment and report health, travel, location, and other types of personal information to local and central governments, the recipient. That said, this relationship does not simply derive from a top-down administrative order. Rather, its formation and dynamics are subject to contextual values whose connection with privacy norms is critical to evaluating the appropriateness of information flows (Nissenbaum, 2010). Trust in government is one such value critical to judging whether novel flows like the data transmission of contact tracing apps is acceptable.

Prior research has documented the shortages of privacy trust in government and public service among Chinese citizens for undue data collection and application (Wang and Yu, 2015). Especially for younger generations, concerns of government's infringement on privacy rights would result in their critical views of digital surveillance instruments (Kostka, 2019). Nonetheless, with the state's effective response to COVID-19, the post-pandemic Chinese society has seen increased trust in government and increased stratification with different levels of government body (Wang, 2021). In light of the public support for HCAs (Liu, 2021) and the stipulation of HCA privacy policies (SAC, 2020a), we assume a positive relationship exists between the users’ trust in government and their perception of privacy protection.

H4:

The degree of HCA users’ trust in government is positively associated with their perception of privacy protection.

Data management purposes and perceived convenience

In addition to values like trust, contextual purposes matter tremendously to norm-based governance of information flows and evaluation of privacy practice (Nissenbaum, 2010, 2019). In the case of contact tracing apps, the purposes are closely intertwined with the interests of recipient and the political values. For instance, surveying Germans before and after the COVID-19 outbreak, Gerdon et al. (2021) point to an increased acceptance of health data sharing for government's infectious disease control amid the global pandemic. Such a change of attitude is due to clear and acceptable purposes of data use set by government and alludes to the public's great interests in government's responsible data collection and processing (Ienca and Vayena, 2020).

Applied to the use of HCAs, the purposes are to “control risks and to restore economic and social mobility” (Meng et al., 2021: 397), which have been well received among Chinese citizens. As discussed above, these purposes overlap with the aim of the state's digital surveillance approach: maintaining political and social stabilities. Simultaneously, the purposes cater to the interests of subject/sender to bring back normal lives after months of lockdown and strict controls of individual mobility. Moreover, enacting the purposes is also accompanied with a series of privacy protection practices centered on data security and confidentiality (SAC, 2020a). We thus assume that as they subscribe to the purposes of government data management that legitimize data use for pandemic control only, HCA users would perceive high privacy protection in using the apps.

H5:

HCA users’ acceptance of government purposes regarding HCA data management is positively associated with their perception of privacy protection.

On the other hand, in the context of HCA use, the interests of subject/sender cannot be reduced to restoring the rhythm of life at the practical level. Perceived convenience, defined as the required time and effort citizens perceive to use HCAs (Chan et al., 2010), is one salient interest because people must rely on HCAs to pass checkpoints and this has become a normalized route for everyone in China (Ricci, 2021). Convenience plays an important role in facilitating the mass adoption of contact tracing apps by addressing concerns over app specifications like battery consumption, update procedure, and background running (Trang et al., 2020). The design of HCAs further boost convenience by plugging into the mature and widely used mini program ecosystems of Alipay and WeChat so that users would have high technical familiarities with the apps (Rehse and Tremöhlen, 2021).

Yet, the benefits brought by convenience may lead to people's negligence of privacy risks and willingness for more information disclosure in the process of adopting new technologies (Lau et al., 2018). Moreover, there often appear human inspectors in various use contexts of HCAs. Their lax implementation of code-based passage rules, e.g., skimming through multiple codes at the same time, would enhance people's perceived convenience for quicker pass but undermine people's confidence in the apps (Liu and Graham, 2021). It is possible that as people perceive a greater convenience in using HCAs, they would find their privacy protected to a less degree.

H6:

The degree of HCA users’ perceived convenience is negatively associated with their perception of privacy protection.

Method and data

Participants and procedure

This article used an online survey data of adult HCA users in two Chinese metropolises—Wuhan and Hangzhou—both are mega cities having over ten-million population. The cities were selected on purpose: the first confirmed COVID-19 case was found in Wuhan and the entire city was under lockdown for nearly three months soon after. With celebratory tones, Chinese media often portrays what people have experienced in Wuhan as the state's great sacrifice and tremendous victory against the pandemic (China Daily, 2020). By contrast, even though the pandemic did not cause serious local outbreaks, Hangzhou was the first metropolitan area where HCAs were introduced and massively adopted in China. Hangzhou was also the first to experiment an expanded use of HCAs into other fields. Besides, the city is home to the headquarter of Alibaba who was first requested to collaborate with the National Health Commission and the State Council to roll out HCAs.

The survey was fielded online using a self-administrated and blind opt-in format from January 20 to February 1, 2021, roughly one-year later after Wuhan's lockdown. We adopted a stratified quota sampling method to achieve diversity regarding age, gender, hukou, and education among respondents. The sampling process was conducted via Diaoyanba, a China-based survey company with a representative pool of millions of respondents. Aiming for 1500 valid survey responses (750 from each city), this process began with sending 3000 email invites in Wuhan and 2500 email invites in Hangzhou based on our sampling approach, each city's sociodemographic distribution, and respondents’ activeness (see Table 1). It turned out that 2930 invites were answered, which led to a response rate of 53%, and 1622 respondents finished the questionnaire. The analytical sample included 1551 respondents (N = 1551) after excluding those were under 18 and reported “uncertain” in terms of reading HCA privacy policy. All the respondents were assured of confidentiality and anonymity, and their reported data would be only used for academic purposes.

Table 1.

Survey sample sociodemographics in comparison with Wuhan and Hangzhou city census data.

	Wuhan Population^a (N = 12,326,518)	Hangzhou Population^b (N = 11,936,010)	Wuhan sample (N = 823)	Hangzhou sample (N = 799)	Survey sample total (N = 1622)
Gender
Male	51.94%	52.08%	55.8%	53.4%	54.6%
Female	48.06%	47.92%	44.2%	46.6%	45.4%
Education
Some colleges or above	33.87%	37.76%	83.8%	87.3%	83.6%
Hukou
Urban	84.31%	83.29%	76.0%	79.7%	77.8%
Rural	15.69%	16.71%	24.0%	20.3%	22.2%
Age
0–14	13.05%	13.02%	2.5%	1.8%	2.2%
15–59	69.72%	70.12%	96.5%	97.9%	97.1%
60 or above	13.02%	16.87%	1.0%	0.3%	0.7%

Note. Income information was not publicly released in both cities’ census report.

Source: Wuhan Census Bureau, http://tjj.wuhan.gov.cn/ztzl_49/pczl/202109/t20210916_1779157.shtml

Source: Hangzhou Census Bureau, https://www.hangzhou.gov.cn/art/2021/5/17/art_1229063404_3872501.html

Measures

Dependent variable

Perceived privacy protection of HCAs was measured in two steps. First, we identified whether respondents had used HCAs in seven use contexts: (1) security check during public transport, (2) real name check-in, (3) government services, (4) community access, (5) financial services, (6) daily work clocking-in or school entry, and (7) public safety monitoring (M = 2.00, SD = 0.93). The seven situations were places where other surveillance instruments such as facial recognition systems are massively deployed (Southern Metropolis Daily, 2020). Also, HCAs were most frequently used and required in those use contexts (SAC, 2020b). Second, respondents were asked to use a 5-point scale to evaluate their perceived privacy protection when using HCAs in the contexts respectively (M = 16.42, SD = 9.98). The final score was the average of respective score in the contexts (M = 4.18, SD = 0.79), implying a relatively high degree of perceived privacy protection among HCA users. In general, security check during public transport was the context where the most respondents had used HCAs (N = 1118), whereas daily work or school entry was the least (N = 866).

Independent variables

Reading HCA privacy policy was measured as a proxy for attention towards privacy policy using a 4-point scale (1 = not sure if I read it, 2 = I ignored it, 3 = I read it roughly, to 4 = I read it carefully) on the extent to which the respondent read the HCA privacy policy before using it the first time (M = 2.35, SD = 0.76). In practice, users were provided with the privacy policy before accessing the apps and they must click “consent” in order to use them.

Mobile privacy protection behavior was sum score of 8 items measured by a 5-point scale (1 = never to 5 = always) to indicate respondents’ frequency of conducting 8 types of mobile privacy behaviors: (1) read the privacy policy before signing up a mobile app, (2) change the default security setting of mobile phone, (3) change the privacy settings of social media, (4) encrypt mobile phone and/or texting messages, (5) turn off Wi-Fi for privacy, (6) stop using a particular mobile app due to privacy or security concern, (7) turn off location service enabler due to privacy or security concern, restrict a location based mobile app such as Baidu Map (M = 29.52, SD = 6.81, α = 0.91).

Trust in government was the sum score of 4 items where respondents were asked to indicate to what extent they trust four types of government institutions in a 4-point scale (1 = completely distrust to 4 = completely trust): the central government, the Chinese Communist Party, local governments, and the law enforcement (M = 13.47, SD = 2.42, α = 0.851).

Acceptance of government purposes regarding HCA data management was the sum score of three items measured by a 4-point scale (1 = very unacceptable to 4 = very acceptable), asking respondents to what extent they accept the purposes that government use HCA data to (1) trace positive cases in order to understand how the virus may be spreading, (2) ensure people are complying with experts’ advice on limiting social contact during the coronavirus outbreak, (3) trace who may have had contact with someone who tested positive for the coronavirus (M = 10.22, SD = 1.93, α = 0.80).

Perceived convenience was measured by asking respondents to use a 5-point scale validated in and adjusted from prior research on mandatory e-government service (e.g., Chan et al., 2010; Gilbert et al., 2004) to evaluate the convenience they perceived while using HCAs in the contexts: security check during public transport, real name check-in, government services, community access, financial services, daily work clocking-in or school entry, public safety monitoring (Southern Metropolis Daily, 2020). The final value was the average of perceived convenience in the contexts (M = 4.25, SD = 0.76).

Sociodemographic status was collected regarding respondents’ gender, education, age, hukou, and annual income. In general, around 54% respondents were Male, 83% reported having some colleges or above degrees, 61% were in 30s and 40s, 62% reported having urban hukou, and 53% reported annal incomes over 100,000 RMB (approx.14,569 USD). This demographic distribution corresponds with the relatively better educated and young segment of the two cities’ populations (see Table 1). While this sample falls short of demographic representativeness, it corresponds well with typical respondent profile of web survey conducted in China and is from a survey company's population that enables better generalization than samples of convenience (Robinson and Tannenberg, 2019). Table 2 provides a summary of the analytical sample's sociodemographic status, and Table 3 shows the descriptive statistics of dependent and independent variables.

Table 2.

Sociodemographic status of survey respondents (n = 1551).

	Frequency	Percentage (%)
Age
18–30	522	33.6
31–40	748	48.3
41–50	210	13.5
51 or above	71	4.6
Gender
Male	847	54.6
Female	714	45.4
Education
High school or below	234	15.1
Some colleges or equivalent	421	27.2
Bachelor's degree	877	56.5
Master's degree or above	49	3.2
Hukou
Urban	962	62.0
Rural	589	38.0
Annual income
10,000 RMB or below	190	12.2
10,000–100,000 RMB	539	34.8
100,000–200,000 RMB	589	38.0
200,000 RMB or above	233	15.0

Table 3.

Summary of descriptive statistics (n = 1551).

Variables	Mean	Std. Dev.	Min	Max
Perceived privacy protection	4.18	0.79	1	5
Reading privacy policy	2.35	0.76	1	3
Privacy behavior	29.52	6.81	8	40
Government trust	13.47	2.42	4	16
Data management purposes	10.22	1.93	0	12
Perceived convenience	4.25	0.76	1	5

Results

We applied the stepwise regression procedure to generate four models, in which the aforementioned independent variables were entered in sequence so that their respective association with the dependent variable and contribution to model effects can be observed (Henderson and Denison, 1989). Table 4 reported results of a series of multiple regressions addressing hypotheses concerning how sociodemographic status, privacy concerns, privacy behaviors, government trust, government data handling, and perceived convenience were related to perceived privacy protection of HCAs. When all the variables were entered, they collectively accounted for 62.9% of the variance in the dependent variable (R2 = 0.629, F = 260.588, p < 0.001).

Table 4.

Multiple regressions on individuals’ perceived privacy protection of HCAs.

Level of perceived HCAs privacy protection
	Model 1		Model 2		Model 3		Model 4
	b	β	b	β	b	β	b	β
Age	−0.003 (0.049)	−0.002	0.057 (0.044)	0.034	−0.005 (0.041)	−0.004	0.034 (0.030)	0.020
Gender (0 = male)	−0.047 (0.041)	−0.030	−0.019 (0.037)	−0.012	0.008 (0.034)	0.005	0.012 (0.025)	0.008
Education (0 = high school)	0.021 (0.059)	0.009	0.006 (0.054)	0.003	0.040 (0.049)	0.017	0.034 (0.037)	0.015
Hukou (0 = rural)	0.061 (0.053)	0.032	0.034 (0.049)	0.018	0.042 (0.044)	0.022	0.040 (0.033)	0.021
Income	0.052 (0.013)	0.111***	0.018 (0.012)	0.039***	0.027 (0.011)	0.058*	0.014 (0.008)	0.030
Reading privacy policy			0.301 (0.027)	0.291***	0.215 (0.025)	0.208***	0.103 (0.019)	0.100***
Mobile privacy protection behavior			0.023 (0.003)	0.199***	0.007 (0.003)	0.061*	0.002 (0.002)	0.015
Government trust					0.072 (0.008)	0.211***	0.022 (0.006)	0.065***
Data management purposes					0.115 (0.010)	0.281***	0.030 (0.008)	0.073***
Perceived convenience							0.696 (0.020)	0.672***
Constant	4.002 (0.063)		2.714(0.096)		1.196(0.123)		0.241(0.095)
F value	3.863**		48.961***		82.263***		260.588***
R ²	0.012		0.182		0.325		0.629
Adjusted R²	0.009		0.178		0.321		0.626
R² change			0.169***		0.143***		0.304***

Note: Standard errors are in parentheses. *p < 0.05; **p < 0.01; ***p < 0.001.

Considering the actor values in this very context, Model 1 in Table 4 introduced basic sociodemographic variables including gender, age, education, hukou and income. H3 attends to whether HCA users’ sociodemographic status drew a line between their perceptions of HCA privacy protection. It turned out only income had a significant relationship with perceived privacy protection. Respondents with higher income were more likely to perceive high privacy protection in using HCAs. Yet, other factors had no significant effect on influencing perceived privacy protection.

In addition to the sociodemographic status, Model 2 attended to the transmission principle and the use aspect of context by adding attention towards privacy policy and mobile privacy protection behavior. H1 suggested that the degree of HCA users’ attention paid to privacy policies is positively associated with their perception of privacy protection. The results showed users who read privacy policy more carefully perceived higher privacy protection. Addressing H2, the frequency of HCA users’ mobile privacy protection was positively associated with their perception of privacy protection.

Model 3 further incorporated the contextual value and purpose by adding trust in government and acceptance of government purposes regarding HCA data management. Addressing H4, it turned out greater trust in government institutions was positively related to perceived privacy protection. Addressing H5, the results suggested higher acceptance of government purposes regarding HCA data management was also positively related to perceived privacy protection.

Model 4 introduced perceived convenience to examine the interest of subject/sender. H6 suggested that the degree of HCA users’ perceived convenience is negatively associated with their perception of privacy protection. Rather than the assumed negative relationship, we found a positive relationship: individuals who perceived higher convenience are also more likely to perceive higher privacy protections when using HCAs. Therefore, H6 was not supported.

Put together, H1, H4, and H5 were supported throughout the models whereas H2 was not supported in Model 4. While mobile privacy behavior was a significant factor associated with perceived privacy protection in Model 2 and Model 3, it became non-significant in Model 4 due to the introduction of perceived convenience, which is strongly associated with perceived privacy protection (β = 0.672, p < 0.001). By the same token, income was a significant factor throughout Model 1 to Model 3 but became statistically non-significant in Model 4. Trust in government and acceptance of government purposes remain as significant factors after introducing perceived convenience in Model 4, albeit with drastically decreased effects. Adding perceived convenience also substantially increased the R square of the overall model by 93.54% (from 0.325 to 0.629).

Discussion

The main purpose of this article is to examine the relations of individual characteristics, beliefs, and user experience with the perceived privacy protection of HCAs. Particularly, drawing on the theory of contextual integrity (CI), we consider the use context of HCA use differentiated from similar cases in Western societies and identify a set of key factors contributing to perceived privacy protection. Leveraging an online survey that targeted Chinese HCA users during January and February 2021, our findings identify users with higher levels of attention to privacy policies, trust in government, acceptance of government data management, and perceived convenience of HCAs are more likely to perceive great privacy protection while using HCAs. By contrast, their frequency of mobile privacy protection does not exert significant impacts on the perceived privacy protection. Also, users’ sociodemographic status, including age, gender, educational obtainment, urban/rural residency, and income, is not significantly associated with the perceived privacy protection.

In particular, our analysis first shows that HCA users, on average, report a relatively high degree of perceived privacy protection in a variety of use contexts. In other words, most users deem their privacy expectations fulfilled, implying an alignment between HCAs’ privacy norms and information flows from the user perspective. This result seems to challenge certain public opinion during the launch stage that suggests the necessity to give up personal privacy for pandemic control and consider most information collected through HCAs not that private (Liu and Graham, 2021). That said, it poses no surprise to us given the time we conducted survey fielding, approximately a year since the first HCA went online. On the user end, despite a great deal of public privacy concerns during the launch stage, it is possible that HCA users have been exploring the technical specifications of HCAs and obtained a good understanding of the data processing details driven by growing awareness of individual privacy rights (Jiang and Fu, 2018). Besides, the responsible government agencies have issued explicit guidelines on setting privacy protection features in the design of various HCAs (SAC, 2020a). In a similar vein, the state has promulgated Personal Information Protection Law to address public privacy concerns over commercial platforms and e-government services (NPC, 2021). These administrative and legal efforts may help enhance users’ privacy trust in the apps.

Second, HCA users’ perceived convenience emerges as the most influential factor that positively affects their perceived privacy protection. That is, compared with other values and parameters, the interest of subject/sender rises to a paramount significance in terms of evaluating HACs’ privacy norms. This finding lends an ostensible conflict with the privacy-convenience tradeoff often underscored in studies examining early adopters of emerging technologies like IoT (Kang and Oh, 2021; Lau et al., 2018). In those cases, people are drawn to such technologies for great convenience in use and lapse into a spiral of information disclose for furthering the convenience experience after adoption. By contrast, HCA users report to have a rather balanced perception between convenience and privacy. One possible explanation would be the design of HCAs that manages to deliver a combined sense of convenience and privacy (Trang et al., 2020). In particular, Alibaba and Tencent have contributed profound expertise of big data technologies to the design process with great emphasis on user convenience while complying with the top-down data protection rules.

Aside from the design aspect, we argue it would be more likely ascribed to HCA users’ overemphasis on the value of convenience since they must use them multiple times a day to gain access to workplace, home, public venues, etc. Prior research mainly looks into controversial instances where people encountered privacy violations in the early stage of HCAs deployment (e.g., Yu, 2020). As people are accustomed to such a normalized use, convenience may become the salient pragmatic parameter to assess the entirety of app performance, including privacy protection. This is especially noticeable in the context of mandatory e-government service where convenience is one of the strongest determinants affecting citizen's satisfaction with the service (Chan et al., 2010). Placing the greatest value on perceived convenience, HCA users may take high privacy protection as granted upon passing the checkpoints with satisfaction. Such a user mindset may also explain the decreased effects of reading privacy policy, trust in government, and acceptance of government purposes in the final model, because they are more of the prerequisite or background to the actual use context and bear little pragmatic value like convenience. Further, in relation to the implementation of surveillance instrument, providing citizens with benefits like tangible convenience is prone to mitigate their privacy concerns (Kostka, 2019).

Third, HCA users’ attention towards privacy policies is instrumental in forming high perceived privacy protection. This finding not only resonates with related studies that foreground the prominence of transmission principle in the arrangement of contextual constituents surrounding contact tracing apps (Gerdon et al., 2021; Hargittai et al., 2020; Vitak and Zimmer, 2020). In addition to increasing public trust in and adoption of contact tracing apps, policies in line with users’ privacy expectation maintain adopters’ perceived privacy that ensues in practical use. Users see privacy policies as the statement of institutional privacy assurances that significantly influence the degree of privacy concerns (Xu et al., 2011). While Chinese governments take a retrospective way to improve HCAs’ privacy policies and address related privacy concerns, users may well notice the policies with regard to the policy guidelines and privacy decree showing the state's commitment to privacy protection (NPC, 2021; SAC, 2020a). So long as users pay attention to the policies, they are likely to perceive high privacy protection over the course of long-term implementation of HCAs.

Fourth, HCA users’ greater trust in government is associated with their higher perception of privacy protection. It conforms to the fact that people's trust in the providers of contact tracing apps is determinant to their privacy assessment of the technologies (Hargittai et al., 2020; Kehr et al., 2015). Besides, users’ acceptance of government purposes regarding HCA data management accounts for their perceived privacy protection, echoing the importance of contact tracing data management to circumscribing privacy risks conjured by the users (Gasser et al., 2020). From the CI perspective, both findings shed light on how contextual purposes and values exert significant impacts on shaping privacy norms that prescribe appropriate information flows. Trust in government functions beyond facilitating public adoption as it maintains users’ positive view of HCA primary providers, i.e., the central and local governments, and then undergirds the trustworthy relationship between users and HCAs in actual use (Duan and Deng, 2022; Wang et al., 2022). In a similar vein, users’ consent with the purposes of government data management, especially those for the benefit of public health, grounds their positive perception of HCAs (Utz et al., 2021).

Last, our analysis shows that HCA users’ frequency of mobile privacy protection behaviors is a rather marginal factor to the degree of perceived privacy protection. This challenges our expectation that there is a possible spill-over effect of people's mobile privacy knowledge and skill for a familiar use environment, Alipay or WeChat, on their mobile devices. It is possible due to the mandatory nature of HCAs which strictly define few protection behaviors, such as switching off location service (Boyles et al., 2012), that users can replicate in the contexts of HCAs. Also, we speculate that people may classify HCAs and Alipay or WeChat into separate app categories and recognize the former as a rather context-specific tool. Thus, there is limited common ground for extending privacy knowledge and skill. As for sociodemographic status, we find HCA users’ perceived privacy protection do not vary by sociodemographic status. This finding expands existing literature that highlights Chinese people's willingness to use contact tracing apps is not related to their sociodemographic background (Utz et al., 2021). It further suggests a different pattern of privacy understanding among Chinese in contrast with prior studies regarding commercial Internet services and other surveillance instruments (Kostka, 2019; Wang et al., 2020). It is possibly due to users’ high access to and great technical familiarity with HCAs given the mandate and the presentation form, i.e., mini programs on Alipay and WeChat, as well as long period of use since the apps’ first launch.

Conclusion

HCAs have characterized China's approach to COVID-19 pandemic control. Aside from their claimed effectiveness in restoring economic and social order, HCAs’ data-driven technical architecture also grounds continuous flows of personal information sent to data systems at both central and local levels. Those apps are the de facto digital surveillance instrument illustrating the state's aggressive embrace of big data technologies in strengthening its surveillance capacity. Interestingly, users’ perceived privacy protection of HCAs in China is rather positive as opposed to Western criticism on the associated privacy risks and intrusions. Such a stark contrast is conducive to research inquires exploring how people engage with the privacy dimension of contact tracing apps in a regime keen to harness the full potential of big data technologies in perfecting digital surveillance.

By addressing Chinese users’ perceived privacy protection of HCAs, our findings contribute to the robust scholarly debates on digital privacy and surveillance in China. First, compared to existing research on HCAs, the findings depict a more holistic picture concerning how users engage with the apps beyond the early stage of deployment. In specific, the significant impacts of perceived convenience, attention towards privacy policy, trust in government, and acceptance of government data management on users’ perceived privacy protection can enrich the existing scholarly discussions on public opinions of HCAs. Second, leveraging CI to interpret privacy perception in the unique use context of HCAs, we cast new light on the heuristic implications of the theory for articulating the tensions between pandemic surveillance and individual privacy in China. The findings show that the transmission principle, the contextual purposes and values, and the interests of subject/sender saliently account for how users reflect on the privacy norms in this specific context, whereas the actor values and the use aspect of context play a marginal role. Third, the findings advance the existing scholarship that interrogates the supportive views of governments’ digital surveillance instruments among the Chinese public. Other than state media depiction and governments’ information control (Xu et al., 2021), users’ high perceived privacy protection may underpin public support for and continuous acceptance of the surveillance measures. Last, in terms of methodology, this article draws on original survey data to complement prior HCA research that predominantly adopts qualitative methods, and to address the paucity of quantitative research on this intriguing topic in the broad field of digital privacy and big data surveillance.

Despite HCAs’ mandatory nature, our findings also contribute to ongoing conversations around contact tracing solutions and privacy amid the global pandemic. The examination on HCAs broadens the current scope of research on contact tracing solution as most existing studies wrestle with low public adoption rate and ineffective tool design and implementation in the West (Elkhodr et al., 2021). We manage to explain how a set of individual factors affect users’ privacy perception of HCAs in the Chinese society where mass adoption and almost a year-long mandatory deployment had occurred. Moreover, given the noticeable success of China's pandemic control in contrast with how most Western societies have achieved, this article echoes the necessity to interrogate China's COVID-19 surveillance measures through a constructive perspective that transcends the dichotomies of West/China, public/private, democratic/authoritarian, etc. (Liu, 2021). The findings lend practical implications for big data-driven preparations regarding future pandemics outside the Chinese context. First, the responsible government authorities should prioritize releasing transparent goals of government data management in line with the society-wide privacy interests, therefore easing the public privacy concerns over long-term surveillance measures. Second, the authorities should pay great attention to the gamut of possible use contexts of adopting surveillance measures and specify what practical benefits users can obtain other than the purported collective values.

These contributions aside, this article has several limitations that call for future research. First, we merely focused on users in Wuhan and Hangzhou for respective city characteristics in terms of pandemic control and HCA release. Nonetheless, we are unable to bring all sorts of HCA user in Wuhan and Hangzhou under scrutinization due to the respondent profile of web survey and our sampling strategy; also, the results fall short of generalizability regarding the entire user population in China. Future research needs to refine the sampling strategy so that minor, senior, and poorly educated HCA users can be included. Besides, the examination on HCAs should be expanded to a national representative sample, especially including those living in rural and technologically disadvantaged. Second, we mainly rely on the CI theory to identify important factors related to users’ perceived privacy protection of HCAs. However, it is possible that users’ general privacy attitude, previous experience with surveillance instrument, and personal travel history contribute to their HCA user experience and practical assessment of the apps. Future research needs to pay attention to alike attitudinal and behavioral factors in thoroughly unpacking users’ engagement with the privacy dimension of HCAs. Third, this article lacks attention paid towards other pandemic control measures and local policies that may trivialize HCAs. China's approach to pandemic control is a moving picture since new big data-driven surveillance instruments are constantly put forth across local governments, e.g., travel code (行程码) and location code (场所码), to complement the use of HCAs. These instruments derive from local pandemic control policies that vary from place to place, and sometimes outweigh HCAs given how inspectors execute the policies. Future research should factor these instruments along with the variation of local policies into examination on the public opinions and user experience of HCAs.

In addition, future research should explore how the downsides of China's zero-COVID policy impact the public perception of HCAs. Our analysis rests on survey data collected around the tipping point of China's pandemic control trajectory where the success of COVID-19 containment drew considerable attention and compliments within the international community. National pride among Chinese citizens was invoked and amplified, so were positive views of HCAs in relation to how poorly most Western societies had handled the pandemic (Liu, 2021). Yet, the social crisis tied to Shanghai's COVID lockdown this April and the incident of HCA data abuse in Henan Province this June have not only invited intensive criticism from the outside, but also jeopardize Chinese public confidence in the state's ability to appropriately manage new domestic outbreaks. These sudden turns are poised to render HCAs less effective, reliable, and trustworthy. Prior research on SCS demonstrates that although public support for this surveillance instrument has been steady in the recent years, it may dwindle if the state's positive framing meets unexpected setbacks (Kostka, 2019; Kostka and Antoine, 2020; Xu et al., 2021). In this sense, our findings may not see substantial changes since both Wuhan and Hangzhou have smoothly handled a few local outbreaks this year. That said, it is plausible that a replicated study in Shanghai and Henan would lead to different results.

Footnotes

Acknowledgements

The authors would like to thank the editors and three anonymous reviewers for their constructive comments and detailed editing of this article.

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

ORCID iD

Gejun Huang

Notes

References

Bakos

Marotta-Wurgler

Trossen

(2014) Does anyone read the fine print? Consumer attention to standard-form contracts. The Journal of Legal Studies 43(1): 1–35.

Bengio

Janda

, et al. (2020) The need for privacy with public digital contact tracing during the COVID-19 pandemic. The Lancet Digital Health 2(7): 342–344.

Boyles

Smith

Madden

(2012) Privacy and Data Management on Mobile Devices. Pew Research Center. Available at: https://www.pewresearch.org/internet/2012/09/05/privacy-and-data-management-on-mobile-devices (accessed 31 May 2022).

Bright

Lim

Logan

(2021) “Should I Post or Ghost?”: Examining how privacy concerns impact social media engagement in US consumers. Psychology and Marketing 38(10): 1712–1722.

Büchi

Just

Latzer

(2017) Caring is not enough: The importance of Internet skills for online privacy protection. Information, Communication and Society 20(8): 1261–1278.

Chan

Thong

Venkatesh

, et al. (2010) Modeling citizen satisfaction with mandatory adoption of an E-government technology. Journal of the Association for Information Systems 11(10): 519–549.

Chen

Huang

(2022) Red, yellow, green or golden: The post-pandemic future of China’s health code apps. Information, Communication and Society 25(5): 618–633.

China Daily (2020) White paper—Fighting Covid-19: China in Action. Available at: https://covid-19.chinadaily.com.cn/a/202006/08/WS5edd8bd6a3108348172515ec.html (accessed 31 May 2022).

Duan

Deng

(2022) Exploring privacy paradox in contact tracing apps adoption. Internet Research. https://doi.org/10.1108/INTR-03-2021-0160.

10.

Elkhodr

, et al. (2021) Technology, privacy, and user opinions of COVID-19 mobile apps for contact tracing: Systematic search and content analysis. Journal of Medical Internet Research 23(2): e23467–e23467.

11.

Gasser

Ienca

Scheibner

, et al. (2020) Digital tools against COVID-19: Framing the ethical challenges and how to address them. arXiv preprint arXiv:2004.10236.

12.

Gerdon

Nissenbaum

Bach

, et al. (2021) Individual acceptance of using health data for private and public benefit: Changes during the COVID-19 pandemic. Harvard Data Science Review. https://doi.org/10.1162/99608f92.edf2fc97.

13.

Gilbert

Balestrini

Littleboy

(2004) Barriers and benefits in the adoption of e-government. The International Journal of Public Sector Management 17(4): 286–301.

14.

Hargittai

Marwick

(2016) “What can I really do?” Explaining the z with online apathy. International Journal of Communication 10(2016): 3737–3757.

15.

Hargittai

Redmiles

Vitak

, et al. (2020) Americans’ willingness to adopt a COVID-19 tracking app. First Monday, 25(11). Available at: https://journals.uic.edu/ojs/index.php/fm/article/view/11095 (accessed 31 May 2022).

16.

Henderson

Denison

(1989) Stepwise regression in social and psychological research. Psychological Reports 64(1): 251–257.

17.

Ienca

Vayena

(2020) On the responsible use of digital data to tackle the COVID-19 pandemic. Nature Medicine 26(4): 463–464.

18.

Jiang

(2018) Chinese social media and big data: Big data, big brother, big profit?: Chinese social media and big data. Policy and Internet 10(4): 372–392.

19.

Kang

(2021) Communication privacy management for smart speaker use: Integrating the role of privacy self-efficacy and the multidimensional view. New Media and Society: 1–23. https://doi.org/10.1177/14614448211026611.

20.

Kehr

Kowatsch

Wentzel

, et al. (2015) Blissfully ignorant: The effects of general privacy concerns, general institutional trust, and affect in the privacy calculus. Information Systems Journal 25(6): 607–635.

21.

Kostka

(2019) China’s social credit systems and public opinion: Explaining high levels of approval. New Media and Society 21(7): 1565–1593.

22.

Kostka

Antoine

(2020) Fostering model citizenship: Behavioral responses to China’s emerging social credit systems. Policy and Internet 12(3): 256–289.

23.

Lau

Zimmerman

Schaub

(2018) Alexa, are you listening?: Privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. Proceedings of the ACM on Human-Computer Interaction 2(CSCW): 1–31.

24.

Liang

(2020) COVID-19 and health code: How digital platforms tackle the pandemic in China. Social Media+Society 6(3): 1–4.

25.

Liang

Das

Kostyuk

, et al. (2018) Constructing a data–driven society: China’s social credit system as a state surveillance infrastructure. Policy and Internet 10(4): 415–453.

26.

Liu

(2021) Chinese public’s support for COVID-19 surveillance in relation to the West. Surveillance and Society 19(1): 89–93.

27.

Liu

Graham

(2021) Making sense of algorithms: Relational perception of contact tracing and risk assessment during COVID-19. Big Data and Society 8(1): 1–13.

28.

Luo

(2021) “Nine dragons run the water” fragmented internet governance in China. In: Haggart

Tusikov

Scholte

(eds) Power and Authority in Internet Governance: Return of the State? London: Routledge, pp.123–146.

29.

Luo

(2018) Authoritarian practices in the digital age. Asymmetrical power between internet giants and users in China. International Journal of Communication 12: 19. Available at: https://ijoc.org/index.php/ijoc/article/view/8543 (accessed 31 May 2022).

30.

Meng

Liu

Keane

(2021) Restoration of mobility through mobile health: The digital health code as a technology of governance. Asian Journal of Communication 31(5): 391–403.

31.

Newlands

Lutz

Tamò-Larrieux

, et al. (2020) Innovation under pressure: Implications for data privacy during the COVID-19 pandemic. Big Data and Society 7(2). https://doi.org/10.1177/2053951720976680.

32.

Nissenbaum

(2004) Privacy as contextual integrity. Washington Law Review 79(1): 119–157.

33.

Nissenbaum

(2010) Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford, CA: Stanford Law Books.

34.

Nissenbaum

(2019) Contextual integrity up and down the data food chain. Theoretical Inquiries in Law 20(1): 221–256.

35.

NPC (2021). 中华人民共和国个人信息保护法 [Personal Information Protection Law of the People’s Republic of China]. Available at: http://www.npc.gov.cn/npc/c30834/202108/a8c4e3672c74491a80b53a172bb753fe.shtml (accessed 31 May 2022).

36.

Obar

Oeldorf-Hirsch

(2020) The biggest lie on the Internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication and Society 23(1): 128–147.

37.

Park

(2013) Digital literacy and privacy behavior online. Communication Research 40(2): 215–236.

38.

Rehse

Tremöhlen

(2021) Fostering participation in digital contact tracing. Information Economics and Policy, 1(40): 1–15.

39.

Ricci

(2021) The new codes governing everyday life in China. AFP. Available at: https://correspondent.afp.com/new-codes-governing-everyday-life-china (accessed 31 May 2022).

40.

Robinson

Tannenberg

(2019) Self-censorship of regime support in authoritarian states: Evidence from list experiments in China. Research & Politics. https://doi.org/10.1177/2053168019856449.

41.

SAC (2020a) 《个人健康信息码》系列国家标准问答[FAQ for National Standards of Personal Health Code Information]. Available at: http://www.cesi.cn/202005/6411.html (accessed 31 May 2022).

42.

SAC (2020b) 个人健康信息码参考模型 [Personal health information code—reference model]. Available at: http://openstd.samrgov.cn/bzgk/gb/newGbInfo?hcno=ED391A20971F017E8DBC265ECD66CCCE (accessed 31 May 2022).

43.

SandP Global (2019) China Leads Rise of Mobile “Super Apps”. Available at: https://www.spglobal.com/marketintelligence/en/news-insights/blog/china-leads-rise-of-mobile-super-apps (accessed 31 May 2022).

44.

Southern Metropolis Daily (2020) 人脸识别应用公众调查报告. [Facial recognition Apps survey report]. Available at: https://www.baogaoting.com/info/14446 (accessed 31 May 2022).

45.

Cao

(2021) What explains popular support for government monitoring in China? Journal of Information Technology & Politics: 1–16. https://doi.org/10.1080/19331681.2021.1997868.

46.

Sun

Wang

(2022). Governing with health code: Standardising China’s data network systems during COVID-19. Policy and Internet. https://doi.org/10.1002/poi3.292.

47.

Trang

Trenz

Weiger

, et al. (2020) One app to trace them all? Examining app specifications for mass acceptance of contact-tracing apps. European Journal of Information Systems 29(4): 415–428.

48.

Urbaczewski

Lee

(2020) Information Technology and the pandemic: A preliminary multinational analysis of the impact of mobile tracking technology on the COVID-19 contagion control. European Journal of Information Systems 29(4): 405–414.

49.

Utz

, et al. (2021) Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents, in arXiv.org. [Online]. 2021 Ithaca: Cornell University Library, arXiv.org. p.

50.

Vitak

Zimmer

(2020) More than just privacy: Using contextual integrity to evaluate the long-term risks from COVID-19 surveillance technologies. Social Media+Society 6(3): 1–4.

51.

Wang

(2021) What Do the Chinese Think about Their Government’s Response to COVID-19? The Chicago Council. Available at: https://www.thechicagocouncil.org/commentary-and-analysis/blogs/what-do-chinese-think-about-their-governments-response-covid-19 (accessed 31 May 2022).

52.

Wang

Balnaves

Sandner

(2020) Shameful secrets and self-presentation: Negotiating privacy practices among youth and rural women in China. SAGE Open 10(1): 1–12.

53.

Wang

Ngien

Ahmed

(2022) Nationwide adoption of a digital contact tracing app: Examining the role of privacy concern, political trust, and technology literacy. Communication Studies: 1–16. https://doi.org/10.1080/10510974.2022.2094982.

54.

Wang

(2015) Privacy trust crisis of personal data in China in the era of big data: The survey and countermeasures. The Computer Law and Security Report 31(6): 782–792.

55.

Winter

Davidson

(2019) Big data governance of personal health information and challenges to contextual integrity. The Information Society 35(1): 36–51.

56.

Dinev

Smith

, et al. (2011) Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems 12(12): 798–824.

57.

Kostka

Cao

(2021). Information control and public support for social credit systems in China. The Journal of Politics. https://doi.org/10.1086/718358.

58.

Yang

Baik

Ahn

, et al. (2020) Tracing Digital Contact Tracing: Surveillance Technology and Privacy Rights During COVID-19 in China, South Korea, and the United States. SSRN. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3743491 (accessed 31 May 2022).

59.

(2020) Digital surveillance in post–coronavirus China: A feminist view on the price we pay. Gender, Work, and Organization 27(5): 774–777.

Privacy at risk? Understanding the perceived privacy protection of health code apps in China

Abstract

Keywords

Introduction: Health Code apps as digital surveillance instrument

Literature review: A unique use context of HCAs

Contextual integrity in the use of HCAs

Privacy policy attention and protection behaviors

Sociodemographic status

Trust in government

Data management purposes and perceived convenience

Method and data

Participants and procedure

Measures

Dependent variable

Independent variables

Results

Discussion

Conclusion

Footnotes

Acknowledgements

Declaration of conflicting interests

Funding

ORCID iD

Notes

References