A Critical Review of E-Cigarette Regulation in China: Challenges and Prospects for Youth Prevention and Tobacco Control.

INTRODUCTION: The increasing popularity of electronic cigarettes (e-cigarettes) has led to the emergence of public health concerns, particularly among the youth. As a major producer and exporter of e-cigarettes, China has faced public health challenges in regulating the unregulated e-cigarette industry. AIMS AND METHODS: This study aims to evaluate the regulatory development of e-cigarettes in China. We searched and obtained national policy documents related to e-cigarettes and subnational smoke-free laws from LexisNexis on August 2, 2023, which were enacted between January 1, 2023 and July 31, 2023. We used 99 policy documents for the final analysis, specifically 68 national policy documents on e-cigarettes and 31 subnational smoke-free laws. We chronologically reviewed these policy documents in full text and summarized them on the basis of their content and the requirements of the World Health Organization Framework Convention on Tobacco Control (WHO FCTC). RESULTS: Chinese policymakers established the current regulatory framework for e-cigarettes by amending, enacting, and enforcing laws and regulations. E-cigarettes are categorized as tobacco products, and the State Tobacco Monopoly Administration regulates the e-cigarette industry. The Chinese authorities prioritize youth prevention in strengthening the regulation on e-cigarettes. China adopts various tobacco control measures for e-cigarettes and cigarettes. CONCLUSIONS: China gained certain degrees of progress on tobacco control by regulating e-cigarettes and adopting measures required by the WHO FCTC. However, tobacco monopoly hinders the full realization of tobacco control goals, which necessitates the National Health Commission to assume its responsibility for the complete implementation of the WHO FCTC. IMPLICATIONS: This study presents a critical review of the development of e-cigarette regulation in China by reviewing relevant policy documents and analyzing tobacco control measures. It recognizes the degrees of progress of tobacco control measures and highlights tobacco monopoly as a significant hindrance of the full implementation of the WHO FCTC. Furthermore, empirical studies are required on the enforcement of tobacco control measures in China.

Medical Information Protection in Internet Hospital Apps in China: Scale Development and Content Analysis.

BACKGROUND: Hospital apps are increasingly being adopted in many countries, especially since the start of the COVID-19 pandemic. Web-based hospitals can provide valuable medical services and enhanced accessibility. However, increasing concerns about personal information (PI) and strict legal compliance requirements necessitate privacy assessments for these platforms. Guided by the theory of contextual integrity, this study investigates the regulatory compliance of privacy policies for internet hospital apps in the mainland of China. OBJECTIVE: In this paper, we aim to evaluate the regulatory compliance of privacy policies of internet hospital apps in the mainland of China and offer recommendations for improvement. METHODS: We obtained 59 internet hospital apps on November 7, 2023, and reviewed 52 privacy policies available between November 8 and 23, 2023. We developed a 3-level indicator scale based on the information processing activities, as stipulated in relevant regulations. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 70 level-3 indicators. RESULTS: The mean compliance score of the 52 assessed apps was 73/100 (SD 22.4%), revealing a varied spectrum of compliance. Sensitive PI protection compliance (mean 73.9%, SD 24.2%) lagged behind general PI protection (mean 90.4%, SD 14.7%), with only 12 apps requiring separate consent for processing sensitive PI (mean 73.9%, SD 24.2%). Although most apps (n=41, 79%) committed to supervising subcontractors, only a quarter (n=13, 25%) required users' explicit consent for subcontracting activities. Concerning PI storage security (mean 71.2%, SD 29.3%) and incident management (mean 71.8%, SD 36.6%), half of the assessed apps (n=27, 52%) committed to bear corresponding legal responsibility, whereas fewer than half (n=24, 46%) specified the security level obtained. Most privacy policies stated the PI retention period (n=40, 77%) and instances of PI deletion or anonymization (n=41, 79%), but fewer (n=20, 38.5%) committed to prompt third-party PI deletion. Most apps delineated various individual rights, but only a fraction addressed the rights to obtain copies (n=22, 42%) or to refuse advertisement based on automated decision-making (n=13, 25%). Significant deficiencies remained in regular compliance audits (mean 11.5%, SD 37.8%), impact assessments (mean 13.5%, SD 15.2%), and PI officer disclosure (mean 48.1%, SD 49.3%). CONCLUSIONS: Our analysis revealed both strengths and significant shortcomings in the compliance of internet hospital apps' privacy policies with relevant regulations. As China continues to implement internet hospital apps, it should ensure the informed consent of users for PI processing activities, enhance compliance levels of relevant privacy policies, and fortify PI protection enforcement across the information processing stages.

Personal Information Protection and Privacy Policy Compliance of Health Code Apps in China: Scale Development and Content Analysis.

Background: Digital technologies, especially contact tracing apps, have been crucial in monitoring and tracing the transmission of COVID-19 worldwide. China developed health code apps as an emergency response to the pandemic with plans to use them for broader public health services. However, potential problems within privacy policies may compromise personal information (PI) protection. Objective: We aimed to evaluate the compliance of the privacy policies of 30 health code apps in the mainland of China with the Personal Information Protection Law (PIPL) and related specifications. Methods: We reviewed and assessed the privacy policies of 30 health code apps between August 26 and September 6, 2023. We used a 3-level indicator scale based on the information life cycle as provided in the PIPL and related specifications. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 71 level-3 indicators. Results: The mean compliance score of the 30 health code apps was 59.9% (SD 22.6%). A total of 13 (43.3%) apps scored below this average, and 6 apps scored below 40%. Level-1 indicator scores included the following: general attributes (mean 85.6%, SD 23.3%); PI collection and use (mean 66.2%, SD 22.7%); PI storage and protection (mean 63.3%, SD 30.8%); PI sharing, transfer, disclosure, and transmission (mean 57.2%, SD 27.3%); PI deletion (mean 52.2%, SD 29.4%); individual rights (mean 59.3%, SD 25.7%); and PI processor duties (mean 43.7%, SD 23.8%). Sensitive PI protection compliance (mean 51.4%, SD 26.0%) lagged behind general PI protection (mean 83.3%, SD 24.3%), with only 1 app requiring separate consent for sensitive PI processing. Additionally, 46.7% (n=14) of the apps needed separate consent for subcontracting activities, while fewer disclosed PI recipient information (n=13, 43.3%), safety precautions (n=11, 36.7%), and rules of PI transfer during specific events (n=10, 33.3%). Most privacy policies specified the PI retention period (n=23, 76.7%) and postperiod deletion or anonymization (n=22, 73.3%), but only 6.7% (n=2) were committed to prompt third-party PI deletion. Most apps delineated various individual rights: the right to inquire (n=25, 83.3%), correct (n=24, 80%), and delete PI (n=24, 80%); cancel their account (n=21, 70%); withdraw consent (n=20, 60%); and request privacy policy explanations (n=24, 80%). Only a fraction addressed the rights to obtain copies (n=4, 13.3%) or refuse advertisement of automated decision-making (n=1, 3.3%). The mean compliance rate of PI processor duties was only 43.7% (SD 23.8%), with significant deficiencies in impact assessments (mean 5.0%, SD 19.8%), PI protection officer appointment (mean 6.7%, SD 24.9%), regular compliance audits (mean 6.7%, SD 24.9%), and complaint management (mean 37.8%, SD 39.2%). Conclusions: Our analysis revealed both strengths and significant shortcomings in the compliance of privacy policies of health code apps with the PIPL and related specifications considering the information life cycle. As China contemplates the future extended use of health code apps, it should articulate the legitimacy of the apps' normalization and ensure that users provide informed consent. Meanwhile, China should raise the compliance level of relevant privacy policies and fortify its enforcement mechanisms.