Reflections about handling interview data from third countries at European universities: Collaboration opportunities and/or risky business for participants and researchers?

Abstract

Through reflections about a case study concerning an unfeasible, planned research study on nurses’ working days during the COVID-19 pandemic, the article aims to describe and discuss legal and ethical challenges when conducting European-based research together with nurses in third countries. The article highlights how the General Data Protection Regulation challenges EU and non-EU research collaborations and research across borders in healthcare research. Digitally recorded interview data can be traced, putting both research participants and researchers at risk in relation to confidentiality, safety and potential critical views by national regimes. This raises ethical claims for research collaborations between EU and third countries and hampers the possibilities to make silent voices discernible through research. It is a questionable solution both to collaborate and not to collaborate with third countries such as China. Further reflections on the ways forward to facilitate research collaboration between EU and third countries are needed.

Keywords

digital tracing ethics European Union GDPR international research third countries

Introduction

International nursing research collaboration is important for developing and exchanging knowledge and experiences, providing new perspectives on nursing practises worldwide.¹ However, most nursing research and collaboration take place in the western world, which calls for research development and collaboration between nurse researchers in low- and middle-income regions and from different income regions.² China is an example of a country with rapid economic development, categorised as an upper-middle-income country in 2015.³ This article focuses on a research project with connections to Sweden and China, with an unfeasible, planned COVID-19 project as the case.

Researchers in the European Union (EU) are subject to the EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018. The GDPR legislation meant a new set of considerations for study approvers and healthcare researchers.⁴ The GDPR is designed to harmonise data privacy laws across all EU member countries and to provide greater protection and rights to individuals. Further, the GDPR is created to alter how businesses and other organisations can handle information of parties that interact with them. The GDPR contains 99 individual articles and can be considered the world's strongest set of data protection rules, guiding people in how to access information about themselves, and limiting organisations in what they can do with personal data.⁵ In line with the EU GDPR, the United Kingdom's GDPR sets out seven key principles: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability.⁶ The GDPR presents a mechanism to regulate research and simultaneously afford greater autonomy for health research participants. However, studies show that, inadvertently, health research regulations have negatively impacted on the capacity to conduct health research, for instance through stricter requirements to achieve patient consent in research.^7,8 In principle, it affects all types of health research such as randomised controlled trials,⁸ big data health studies⁹ and ethnographic studies in healthcare.^4,10 It also affects the possibilities to share genetic and health data across the EU member states, not least because of different national implementations, e.g., of laws regarding the GDPR.¹¹ In terms of data protection laws, the GDPR is a minimum requirement for EU member states, which can present challenges even in research collaborations within the EU. In an international perspective, the GDPR may have major consequences on research collaboration, in terms of collaborations between EU and non-EU states.

The COVID-19 outbreak started in China and the pandemic has challenged the world since March 2020,¹² with implications for nurses and nursing research worldwide. Nurses represent an essential part of the healthcare workforce in relation to COVID-19, which has a significant impact on healthcare professionals, organisations and society.^13,14 Globally, China has the longest experience of dealing with COVID-19, which motivates the current planned study of nurses’ work processes and experiences during the pandemic in the hope of enriching health systems worldwide. A literature review on the GDPR in relation to COVID-19 and ethical considerations of data protection during times of crisis explores whether the GDPR remained true in relation to the pandemic. Further, the review examines the implications regarding the GDPR, the COVID-19 outbreak and research projects related to, for example, the collection of data through mobile applications.¹⁵ The review pinpoints potential tension areas, such as tensions between privacy first and data first approaches at times of crisis, and issues pertaining to cross-border data transfers, including existing tools and mechanisms that enable data transfer with subsequent limitations on data transfers across borders.¹⁵ Christofidou et al.¹⁵ suggest a call for a clarified and harmonised approach to global research, which goes in line with the art of data protection, also in terms of global research endeavours.

This article aims to describe and discuss legal and ethical challenges in relation to conducting research in a third country (outside Europe), based on a case about an unfeasible, planned COVID-19 study originating from Sweden and including collaboration with Chinese research assistants as a case.

Case: A planned collaborative research study on nurses’ working days in China during the pandemic

This study was planned as a collaboration between two researchers from a Swedish university and two non-institution affiliated nurses from China with master's degrees as research assistants. During the planning of the research process, the nurses became affiliated to a Swedish university. The research team had a particular interest in investigating the content of nurses’ working days and working processes during the pandemic, including nurses’ uses of social media relating to their work, in line with a recent study of Scandinavian nurses’ uses of social media during the COVID-19 pandemic.¹⁶ The Chinese-speaking research assistants, based in China and Sweden, respectively, planned to conduct semi-structured interviews via digital audio/video platforms (e.g. VooV^©, Zoom^©, Skype^©), only recording the sound with external audio recorders, not images. In parallel with constructing an interview guide and preparing information letters, the research team faced multiple challenges regarding ethical and GDPR-related issues.

A question was whether the study needed to be ethically approved and, if so, in Sweden and/or in China. Since the project stems from a Swedish university, Swedish regulations must be considered. However, the researchers wanted to make sure that there were no barriers in relation to the handling of data from a third country. The data collection process was not planned to include the collection of any sensitive personal data,⁵ although interviews can generate rich and unplanned data, possibly entailing such information. Nevertheless, protective measures, such as anonymisation, presenting results on a group level, and secure handling of data, were planned to minimise the risks of identification of individual participants. However, personal data, such as contact information of the participants, to establish agreements were necessary. An initial dialogue with researchers who had conducted studies in China about nursing resulted in the conclusion that there was no ethics committee system for research studies with qualitative designs in China. The research assistants also explored the ethical approval requirements in China and found no local or national requirements or approval needs for interview studies that are not institution-affiliated in China.¹⁷ There were no intentions to recruit at the institutional level. In China, there are independent ethical committees dedicated to the handling of only clinical trials and biomedical studies.¹⁸ The case was also discussed with research ethics experts at Swedish universities. As there was no plan to collect sensitive personal data, the study did not require ethical approval in Sweden, as the data processor and data controller country. The planned recruitment process entailed snowballing, using the Chinese research assistants’ personal contacts in China, with potential participants being recruited and contacted primarily via email, WeChat^©, and telephone. Contact information was to be kept separate from the empirical material and would not be linkable to the interviews (no codes). The project would adhere to the Helsinki declaration principles, with oral/written information about the study to the participants, informed consent and information about the possibility for participants to withdraw their consent and participation without explanation nor consequences for them.¹⁹

A parallel question was how to act in relation to the GDPR and its guiding principles: lawfulness, fairness, and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability. All research projects conducted at the university responsible for the planned research project and that involve personal data processing must be registered in a specific database at the university.^5,6 The overall idea is that people must be able to trust that the university processes their personal data in accordance with existing laws and regulations. It is a matter of both public confidence and the university's credibility (https://www.staff.lu.se/support-and-tools/legal-records-management-and-data-protection/personal-data-and-data-protection-gdpr/area-specific-information/research), which goes in line with the GDPR principle of accountability. In the current study, the handling of personal data in accordance with the GDPR and the Swedish university's rules could be fulfilled in Sweden. However, worries arose in relation to doing research in third countries and the treatment of personal data. Empirical data were not to be shared and transferred to a third country, but data (audio files) were to be transferred from a third country (China) to Sweden. As the Swedish university was responsible for the project, the research team needed to ensure that the participating nurses and interviewers from China would not be traced when doing digital interviews. In the current case, it was estimated that a risk of tracing was present; a risk that the researchers were not ready to take. The risk of tracing could include uninvited persons, governments, and/or other organisations overhearing the interviews, thereby representing potential risks for the researchers and participants. Even though the research topic seems unproblematic as such, the research team could not guarantee that research participants and interviewers were not traced and that their participation in a study conducted under the auspice of a foreign university was not interpreted as offensive in some way by the country in which data were collected. An information security analysis according to the GDPR would include the assessment of multiple factors, such as assessing risks of access by, for example, non-authorised parties to empirical data or identifiers leading to the research participants. Such assessments could include an estimation of risks for foreign governments, national security, or other non-authorised parties getting access to the information. A proper assessment in the current case would include assessments of regulations in China, what technical equipment would be used and how, and what security measures could be implemented to protect personal data (⁵^{: Art. 32}). According to persons responsible for data management and data protection at the Swedish university, additional organisational and technical safety measures were needed to make sure that the study was feasible while minimising risks. However, such a risk assessment was difficult to conduct properly within the economic and time frame of the current study. Since the project involved both an EU country and a third country, here China, there were multiple potential risks to take into consideration, i.e. not only related to secure data transfer, but also related to the collection of data in a country with a non-democratic regime. With this in mind, for safety reasons, the study could be accepted as risk-free enough only if conducting face-to-face interviews without recording, taking only manual notes and by excluding all types of identifiers. However, it was impossible for the research team to travel to/around China because of COVID-19, long travel times, and lack of research funding and time. Further, interviewing for 1–2 hours, while simultaneously taking notes rich enough, or having two note takers, to cover the interviews in a trustworthy and usable way, is a significant practical and economical challenge. The researchers could not jeopardise the research team's or the study participants’ security through compromised confidentiality, anonymity, and by potentially (unconsciously) offending a state actor and/or a foreign regime.²⁰ A decision was hence made to suspend this research project. It remains a pertinent project in spe, which at present seems both legally and ethically challenging to conduct without potentially jeopardising confidentiality and safety demands.

Discussion

The current case pointed at three main issues in relation to the wish of doing research in third countries in collaboration between EU and non-EU state researchers and research assistants. This discussion will focus on these main issues, which consist of ‘Digital data per se represents a risk of harm’, ‘Protecting both research participants and researchers in research’, and ‘The need of finding ways to collaborate’.

Digital data per se represents a risk of harm

The digital era is prone to vulnerabilities. All digital data can in principle be traced, in the EU and in third countries, although technical and ethical security measures can be used to minimise the tracing of data to, for example, individuals and specific organisations. Personal data are any information that is or can be related to an identified or identifiable living person (⁵^{: Art. 4.1}). An identifiable living person is a person who can be identified, directly or indirectly, through, for example, a name, an identification number, location data, an online identifier, or other factors specific to the physical, physiological, genetic, mental, economic, cultural, and/or social identity of the person. In view of the GDPR, it should in principle not be permitted to use digital tools at all, as it may violate the principle of lawfulness and purpose limitation.⁶ It is per se always possible (for experts) to trace digital interviews and thus track involved persons. Moreover, recorded interview audio files cannot be transferred from China to Sweden for storage as the Swedish law demands,^21,22 as a Swedish university was responsible for handling data in the planned project. Security issues, including espionage, are well-known research problems, not least in non-democratic countries.²³ With the GDPR in mind, however, only face-to-face interviews without recording voices, or interviews recorded with a device without Internet connection that are transcribed then deleted, would be possible in the current research project, unless the research team could make sure to prevent risks for the participants. However, Lawrence²⁴ used digital interviewing in a recent study conducted with participants in China, basing his strategy on a reflexive process through which research risks were carefully balanced against benefits. With regards to the GDPR, personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, also called data minimisation (⁵^{: Art 5.1}). Furthermore, the handling of data shall adhere to the GDPR principle of purpose limitation, with data being collected for specified, explicit and legitimate purposes only.⁶ Nonetheless, the Swedish law demands 10 years’ storage of research data, including interview audio files as they are regarded as public documents in Sweden, although securely archived.^21,22 The GDPR principle of storage limitation requires that the length of time of any data storage be justified, with anonymisation of not actively used data.⁶ This highlights risks related to digital technology as such and challenges both the GDPR and ethical research guidelines concerning non-harm.¹⁹

Due to the GDPR concerns regarding the tracing of data obtained through digital collection modes in third countries, here China, the current study was discontinued. Digital tracking could put the individual at risk in relation to confidentiality principles.²³ The danger of digital tracking in the current case could occur in several of the process’ phases: 1) establishing contacts between interviewers and participants; 2) during the interview and its recording; and 3) transferring data from China to Sweden. Benefits must always be weighed against risks in all research.¹⁹ Research ought to be as risk-free as possible, although a balance between benefits and risks guides research projects to minimise risks while expanding the knowledge base. Projects must be designed to minimise and handle potential risks through proper methodological and practical precautions. An acceptable risk could be making sound judgements on what questions to ask that generate research benefits but reduce the respondents’ exposure to sensitive issues and protect their identity. Nevertheless, researchers are only in control of the questions they ask, and not of the interviewees’ answers. Although the topic of nurses’ handling of the COVID-19 pandemic in clinical practice in China itself seems uncomplicated, a possibility that the participating nurses choose to share sensitive information, for example, health issues, is present, which risks leading back to them (identifiers) as individuals and is considered sensitive according to ethics committees and the GDPR.^5,25 Further, the possibility of a critique from the study participants of the state actors is present, or that research results are interpreted as such by state actors. The state's handling of the COVID-19 pandemic has been criticised both internally in China²⁶ and by the world community,²⁷ which could potentially also include a critique of the healthcare system, including nursing practices. Risking study participants’ and the team's safety through research is unethical and would also go against the Swedish university's regulations, demanding that research conducted at the university respects laws and regulations in the country where the research is conducted. Research ought not be used for ethically indefensible research, and Swedish universities must live up to a Swedish standard when conducting research in other countries.²⁸ Such principles are motivated; however, regulations can impede on research endeavours and collaborations in counterproductive ways.²⁹ Both regulations, as such, and related infrastructures can contribute to difficulties in translating collaborative research ambitions into practice. Yet, it is a questionable solution both to collaborate and not to collaborate with third countries, here China, as China has a large world population and is a significant producer of knowledge on a global scale.^30,31 Nevertheless, individual researchers and institutions need knowledge, transparency, and a moral compass to guide such endeavours.^30,31

Protecting both research participants and researchers in research

Both research participants and researchers are of concern. Van Deursen and Kummeling³² argue that much scientific research involves information that can be either directly or indirectly related to individuals when doing research in third countries, concerning both information about research subjects and researchers themselves. In China, the protection of personal data is subject to the collective community, where exposing personal data is allowed for reasons of national security, the public interest or judicial procedures.³³ Since November 2021, The Personal Information Protection Law of People’s Republic of China³⁴ and Data Security Law of People’s Republic of China³⁵ have been implemented. Although there are several similarities between the EU and China regarding general principles of data processing and basic rights for data subjects,^36,37 sharing of personal data with China is challenging.³² It is noticeable that data transfer from China abroad can be interpreted as criminal offences.^36,37 Despite the current challenges related to differing governance principles in China and Sweden and related ethical issues, Shih and Serger^30,31 argue against normative views on research collaborations between the countries.

The need of finding ways to collaborate

The question is how to find sound ways to collaborate between EU and third countries to promote mutual understanding of contexts and complexities in people's lives worldwide. This is needed while meeting the EU's GDPR requirements, the Declaration of Helsinki and acknowledging challenges such as differing legal basis and governance systems, and cultural-specific difficulties. In addition, handling cross-border data while adhering to the GDPR and related confidentiality and safety demands between EU and third countries/China was challenging. By refraining from research collaboration, societies also refrain from useful knowledge and from possibilities to influence each other through collaboration and knowledge exchange. The GDPR and ethics are currently being challenged in countries such as China.³⁸ China has a long history of systematic censorship, also in digital realms,^24,39,40 implying a possibility that participants express circumscribed opinions due to social norms and requirements.⁴¹ Simultaneously, when it is not possible to do research, it becomes difficult to make unheard voices heard. Conversely, trying to convey the people's voice to the world from inside and outside the actual country can also provoke suffering, as researchers have no control over how research is used and how potential uses of research may harm participants. This raises an ethical claim on how academics through collaborative research can mobilise silent voices without harming individuals, and without being transgressive towards laws and regulations in the involved countries.

Conclusion

This case put two main issues of concern in the forefront. The first issue was related to regulations governing research in an EU country and possibilities to adhere to them in international collaborative and/or cross-border research projects. It regarded legally and ethically binding principles, which university researchers were bound to adhere to. These regulations served to guarantee security, and at times also curbed research endeavours. An ethical approval process as such was not needed for the current project neither in Sweden nor in China. However, challenges related to the GDPR could jeopardise ethical aspects such as confidentiality and safety of the involved individuals. In this case, legal and ethical requirements hampered the project's completion. Legal and ethical rules stem from a willingness to protect the parties involved, which in itself is motivated. Such rules and related infrastructures nevertheless complicated the possibilities for research and through research to bring out silent voices. The second issue related to the involved countries’ political governance, including an EU country/Sweden and a third country/China. It raised issues pertaining to legal and ethical aspects associated with research endeavours. To oversimplify, not doing research with third countries is one option. Initiating collaborations is another option, to create routes for collaboration across borders that may contribute to new knowledge and change, for instance by supporting that people's voices can be equally heard worldwide. The question is hence: what are the ways forward to facilitate cross-border research collaborations between EU and third countries without doing harm to individuals, and without being transgressive towards laws and regulations in the involved countries?

Footnotes

Acknowledgements

Thanks to Associate professor Tommy Shih and Professor Sylvia Schwaag Serger, Lund University, for valuable comments on the article drafts.

Declaration of conflicting interests

Open access funding provided by Lund University.

Funding

Open access funding provided by Lund University. The authors received no financial support for the research and authorship of this article.

ORCID iD

Stinne Glasdam

References

Rocha

Cassiani

. Nursing networks: strategies to strengthen research and extension studies. Rev Gaúcha Enferm 2015; 36: 10–11.

Yanbing

Hua

Chao

, et al. The state of nursing research from 2000 to 2019: a global analysis. J Adv Nurs 2021; 77: 162–175.

Zhou

. Looking ahead: China becoming a high-income economy. In: Zhou S and Hu A (eds), China: surpassing the “middle income trap”. Contemporary China studies. Singapore: Palgrave Macmillan, 2021, pp.179–209. https://doi.org/10.1007/978-981-15-6540-3_5

Lee

McDonagh

Farre

, et al.

Data protection, information governance and the potential erosion of ethnographic methods in health care?

Sociol Health Illn 2022; 44: 211–217.

European Union. Regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Brussels: European Union. 2016.

Onetrust. Understanding the 7 Principles of the GDPR. London: Onetrust. Available at: https://www.onetrust.com/blog/gdpr-principles/ (2021, accessed 22 March 2022).

Crowhurst

Bergin

Wells

. Implications for nursing and healthcare research of the general data protection regulation and retrospective reviews of patients’ data. Nurse Res 2019; 27: 45–49.

Kirwan

Mee

Clarke

, et al. What GDPR and the health research regulations (HRRs) mean for Ireland: “explicit consent”—a legal analysis. Ir J Med Sci 2021; 190: 515–521.

Wouters

Shadlen

Salcher-Konrad

, et al. Challenges in ensuring global access to COVID-19 vaccines: production, affordability, allocation, and deployment. Lancet 2021 Mar 13; 397(10278): 1023–1034. doi: 10.1016/S0140-6736(21)00306-8. Epub 2021 Feb 12. PMID: 33587887; PMCID: PMC7906643.

10.

Vike

Furst

. Research ethics and freedom of research: challenges for anthropology. Norsk Antropologisk Tidsskrift 2020; 31: 165–176.

11.

Molnár-Gábor

Sellner

Pagil

, et al. Harmonization after the GDPR? Divergences in the rules for genetic and health data sharing in four member states and ways to overcome them by EU measures: insights from Germany, Greece, Latvia and Sweden. Semin Cancer Biol 2022; 84: 271–283. https://doi.org/10.1016/j.semcancer.2021.12.001

12.

WHO. WHO Director-General’s opening remarks at the media briefing on COVID-19 – 11 March 2020 . Geneva: WHO, 2020.

13.

Xu H, Stjernswärd S, Glasdam S. Psychosocial experiences of frontline nurses working in hospital-based settings during the COVID-19 pandemic - A qualitative systematic review. Int J Nurs Stud Adv 2021 Nov;3:100037. doi: 10.1016/j.ijnsa.2021.100037. Epub 2021 Jul 17. PMID: 34308373; PMCID: PMC8285218.

14.

Stjernswärd S, Glasdam S. Solidarity and polarisation regarding COVID-19 and related risks - A thematic analysis of comments from an international survey. Soc Sci Humanit Open. 2021;4(1):100211. doi: 10.1016/j.ssaho.2021.100211. Epub 2021 Sep 28. PMID: 34604736; PMCID: PMC8479510.

15.

Christofidou

Lea

Coorevits

. A literature review on the GDPR, COVID-19 and the ethical considerations of data protection during a time of crisis. Yearb Med Inform 2021; 30: 226–232.

16.

Glasdam S, Jacobsen FF, Hybholt L, Stjernswärd S. Scandinavian Nurses' Use of Social Media during the COVID-19 Pandemic-A Berger and Luckman Inspired Analysis of a Qualitative Interview Study. Healthcare (Basel). 2022 Jul 5;10(7):1254. doi: 10.3390/healthcare10071254. PMID: 35885781; PMCID: PMC9321788.

17.

Wang

, et al. Nurse researchers’ perspectives on research ethics in China. Nurs Ethics 2019; 26: 798–808.

18.

Wang

Zhou

Sun

, et al. Challenges in the ethics review process of clinical scientific research projects in China. J Int Med Res 2019; 47: 4636–4643.

19.

World Medical Association. WMA declaration of Helsinki: ethical principles for medical research involving human subjects. Fortaleza: World Medical Association, 2013.

20.

Tardell

. Swedish experiences of research collaboration with China: challenges and the way forward. Stockholm: Swedish National China Centre, 2021.

21.

The Swedish Parliament. Arkivlag (1990:782). Stockholm: The Swedish Parliament. 2015.

22.

The Swedish Parliament. Offentlighets- och sekretesslag (2009:400). Stockholm: The Swedish Parliament. 2021.

23.

Baykal

Benner

. Risky business. Rethinking research cooperation and exchange with non-democracies. strategies for foundations, universities, civil society organizations, and think tanks. Berlin: Global Public Policy Institute, 2020.

24.

Lawrence

. Conducting cross-cultural qualitative interviews with mainland Chinese participants during COVID: lessons from the field. Qual Res 2020; 22: 154–165. https://doi.org/10.1177/1468794120974157.

25.

Swedish Ethical Review Authority (s.d.). Värnar människan i forskning [Protect people in research], https://etikprovningsmyndigheten.se/ (accessed 22 March 2022).

26.

Zhang

Shen

Liu

, et al. The impact of COVID-19 on primary health care and antibiotic prescribing in rural China: qualitative study. BMC Health Serv Res 2021; 21: 1–11.

27.

Silver

Devlin

Huang

. Unfavorable views of China reach historic highs in many countries. Washington: Pew Research Center, 2020.

28.

Renström

. Lunds universitets föreskrift om etisk standard för forskning som avser människor och som bedrivs utomlands [Lund University’s regulation on ethical standards for research that concerns people and is conducted abroad]. Lund: Lund University, 2021.

29.

Jacobsson

. Gör om lagen så att jurister inte stoppar viktig forskning [Redo the law so that lawyers do not stop important research]. 23 November. Dagens Nyheter Debatt. 2021.

30.

Shih

Serger

. Att förhålla sig till Kina kräver kunskap, kommunikation och kompass – erfarenheter från Sverige [Relating to China requires knowledge, communication and compass – experiences from Sweden]. Forskningspolitikk, 16 June. 2021.

31.

Shih

Serger

. Förbud mot samarbete med Kina är ingen bra lösning [A ban on cooperation with China is not a good solution], Universitetsläraren, 13 October. 2021.

32.

van Deursen

Kummeling

. The new silk road: a bumpy ride for Sino-European collaborative research under the GDPR? High Educ 2019; 78: 911–930.

33.

. China issues personal information security specification. London: Norton Rose Fulbright, 2018.

34.

The Personal Information Protection Law of People’s Republic of China. Available at: http://lawinfochina.com/display.aspx?lib=law&id=36358 (2021, accessed 22 March 2022).

35.

Data Security Law of People’s Republic of China. Available at: https://www.informatica-juridica.com/ley/data-security-law-of-the-peoples-republic-of-china-dsl/ (2021, accessed 22 March 2022).

36.

Blanton

. China’s Personal Information Protection Law (PIPL)-2021. The University Texas System. Available at: https://www.utsystem.edu/sites/default/files/documents/general-documents/2021/chinas-personal-information-protection-law-pipl/chinapiploverviewprivacyuts.pdf (2021, accessed 22 March 2022).

37.

Creemers

Webster

. Translation: Personal Information Protection Law of the People’s Republic of China – Effective Nov. 1, 2021. Stanford University. Available at: https://digichina.stanford.edu/work/translation-personal-information-protection-law-of-the-peoples-republic-of-china-effective-nov-1-2021/ (2021, accessed 22 March 2022).

38.

Inboden

. China and the international human rights regime: 1982–2017. Cambridge: Cambridge University Press, 2021.

39.

Guo

Feng

. Understanding support for internet censorship in China: an elaboration of the theory of reasoned action. J Chin Political Sci 2012; 17: 33–52.

40.

Tai

. Specificity, conflict, and focal point: a systematic investigation into social media censorship in China. J Commun 2020; 70: 842–867.

41.

Meng

Pan

Yang

. Conditional receptivity to citizen participation: evidence from a survey experiment in China. Comp Polit Stud 2017; 50: 399–433.