Stepn to Limit Access for Chinese Users: the Personal Data Regulations Are to Blame

data processing regulations china
The Cyberspace Administration of China (CAC) is in charge of the entire web business sector in China. Source: REUTERS

On May 27 Stepn announced access restrictions for users joining with Chinese IP addresses. The reason lies in the app’s data processing method failing to comply with the Chinese regulations on personal data.

Stepn is a gamified blockchain project. On acquisition of a pair of NFT sneakers players gain income in crypto by walking, running, and working out — anything one can do with sneakers on. The app requires access to location to count steps and assign rewards. Without processing personal data like this, it is impossible to use Stepn.

Data Processing Regulations in China

Two laws regulate data processing and storage in China. One, the Personal Information Protection Law (PIPL) determines processing methods for the data of citizens of China. Its structure is similar to that of the EU General Data Protection Regulation (GDPR). The other, the Data Security Law (DSL) regulates data export. Personal data like location is its primary concern.

According to the Chinese laws, confidential personal information is to be stored and kept locally in China. Data export is allowed, however, the data in question is to pass the security assessment in the Cyberspace Administration of China (CAC). The CAC, which is in charge of the entire web business sector in China, may request the data to be anonymised. As Stepn needs personal data to function properly, the regulations become a direct obstacle for the app’s operation in the PRC.

This is the first business Stepn is running in China. Nevertheless, China’s data storage and processing regulations are extraterritorial, or apply to the entire planet. Any organization, even if located abroad (and Stepn’s head office is located in Australia), may hold liability for data storage of the Chinese citizens. This may create challenges for Stepn’s Chinese employees, when returning to China for example.

Not a Sole Case: Who Else Faces Struggle on the Chinese Market

Stepn is not alone when it comes to struggling to comply with the Chinese data-related regulations. In order to avoid limitations and be able to stay on the Chinese market, major companies like Apple and Tesla had to open data processing centers in China.

Rideshare DiDi is another example. The company faced delisting from the New York stock exchange after the regulatory bodies of China expressed concern over the amounts of data potentially transferred to other countries. As a reaction measure, China blocked DiDi and forbade registration for new users. DiDi managed to compromise with the Chinese authorities by guaranteeing the app’s listing in Hong Kong. However, the company is not back to the market yet and is still waiting for the regulatory bodies of China to lift the limitations.

User location and movement tracking are the Chinese government’s main concern in data sharing and export. Special attention is paid to apps that require this kind of data, such as fitness trackers, transportation services providers, and now Stepn. Earlier, another company drew the regulators’ attention for a similar reason. Strava, an essential fitness assistant for pro athletes, is widely used among the military and civil fitness enjoyers around the planet. There is no crypto component to it, but it collects and processes the users’ location. With access to this data and in-app achievement boards, it is easy to restore the users’ profiles and even model their lives.

Regulations and limitations of this kind may become a challenge to VODPROM in the future. The state of the Chinese cryptocurrency market complicates the starting conditions for any web3 or crypto-related startup. VODPROM collects personal data for proper system operation and grants the VOD token holders access to all features. Find out more about how we operate and what we have to offer on our web page.