Heath code apps, along with robust testing, isolation, and the care of cases, are a vital strategy for containing the spread of the COVID-19 outbreak in China. They have remained stable and consistent, allowing China to extensively restore its social and economic development. However, the ethical and legal boundaries of deploying health code apps for disease surveillance and control purposes are unclear, and a rapidly evolving debate has emerged around the promises and risks of their fast promotion. The article outlines the legal challenges by applying the core values of the Personal Information Protection Law (PIPL), the fundamental law for personal information protection in China, into the context of the nationwide use of health code apps. It elaborates on the balance between the demands for upholding individuals’ rights to the security of their personal information and those for public access to such information to prevent the spread of infectious diseases. It identifies the current gaps in addressing personal information harms during the use of the apps, particularly with regard to user consent, transparency, necessity, storage duration, and security safeguards.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.