Privacy alarm as applicant passport details published by China National Intellectual Property Administration
- WTR finds CNIPA published thousands of trademark applicant passport numbers
- Impacted parties include high-profile individuals Taylor Swift and JK Rowling
- Expert says sensitive data could open door to bad actors and urges redaction
China’s National Intellectual Property Administration (CNIPA) has published the passport details of thousands of individuals on publicly-accessible databases, WTR can reveal. Such sensitive information impacts both small business owners and high profile celebrities (including Taylor Swift, JK Rowling and Lionel Messi), with experts calling for CNIPA to urgently address the public release of such sensitive information.
In China, any individual that wishes to obtain registered trademark rights is required to submit a copy of their passport or ID card to CNIPA. The requirement was introduced to verify the information of all individual trademark applicants (where natural persons), in an effort to crackdown on fraud and improve the integrity of the Chinese trademark register. While that passport information is generally hidden from public view on the more than 5.5 million trademarks recorded by CNIPA, WTR has learned that the passport number of over 3,000 foreign individual applicants have been published by the Chinese trademark office.
An investigation finds that the passport number can be found on any online trademark search tool that contains CNIPA data. Out of the 3,000 records with passport details, most are business owners located in Europe, North America and across Asia (with South Korean applicants particularly affected in that region). A number of high-profile celebrities are impacted too, including musicians Taylor Swift and Ringo Starr, author JK Rowling, actor Robert Downey Jr, sports stars Usain Bolt, Venus Williams, Stephen Curry and Lionel Messi, and fashion designers Tom Ford and Jasper Conran. Other public figures affected include Yoko Ono, Gary Kasparov, Lady Mountbatten, Manolo Blahnik, and Orla Kiely.
The revelation has sparked alarm with trademark experts that WTR has reached out to. For example, Chris McLeod, partner at Elkington and Fife, says it is “a concern for any applicant” who has filed a trademark application in China, and that “the onus should be on CNIPA to keep this information secure”. He adds: “There cannot be any legitimate reason to make it available, in my view, and it seems clearly open to abuse. In fact, this appears to be a strange development from a trademark office which is in other ways trying to modernise itself, as [the passport requirement] adds a layer of bureaucracy rather than simplifying the application process.”
That concern was shared by Suzan Ure, chartered trademark attorney at HGF, who says publishing the passport number of trademark applicants “potentially opens dangerous doors for any individual”. In fact, if such sensitive information has a chance of being publicly released, it could impact how foreign individuals approach seeking trademark rights in China, she adds. “Whilst it is understandable for the Chinese IP Office to need to verify identity, in the same breathe, it is hard to see a justification to publish these beyond internal databases and I think it is important to make sure clients are aware that these details are potentially open to public inspection before they decide to proceed,” she tells us.
While the publication of passport details of high profile figures is notable, “the risk posed to those who are not famous is no less acute”, claims Bruce Jones, head of intellectual property at Kuits Solicitors. “Everybody knows what Ringo Starr looks like and the mere mention of his name will be noteworthy in a transaction,” he adds. “A small business owner who is 35 years old from Chingford is going to be much easier to impersonate and, therefore, is exposed to potentially greater risk as a result. Ultimately, the kind of personal data made public by the Chinese trademark agency is clearly of such a character that the majority of individuals in the UK would neither voluntarily publish it nor expect it to be published by third parties to whom they had provided it. The availability of that data is clearly a major concern for the data subjects.”
As well as concerns for the impacted individuals, the public release of this sensitive data – even if unintentional – could have legal implications for CNIPA itself, states James Wall, commercial and IP partner at Kuits Solicitors. “UK and European data protection laws, as well as data protection laws in China, require personal data to be kept secure, used only for a lawful purpose for which it was provided and such data should be anonymised or minimised as appropriate,” he tells us. “The relevant data protection authorities have wide powers to (and do) take action to impose fines for unauthorised use or disclosure of personal data and the levels of fines which are available to the authorities are substantial.”
The data privacy concern at CNIPA comes barely a year after the US Patent and Trademark Office (USPTO) caused concerns over sensitive information it was requiring. In that case, it changed its rules to require trademark applicants to submit their physical address and their personal email address. The ensuing backlash accused the USPTO of risking “death threats, doxxing, and physical harm” to applicants and of potentially breaching data protection and privacy laws. A few months later, the USPTO backtracked and began masking the email address on publicly-accessible trademark records.
On top of that, Ure pointed out that the World IP Organisation (WIPO) now requires an applicant email address for the submission of international trademarks. “While these are not open up to public inspection, it has raised some eyebrows by my clients, which places the moves of the Chinese trademark office in context,” she notes.
Another IP expert (who preferred not to be named) tells WTR that CNIPA needs to take urgent action. “People in the public eye need to be particularly concerned, as personal details like their date of birth are already publicly available – when combined with their passport number, it could provide an opportunity for bad actors,” he says. “For that reason, CNIPA needs to make sure that passport numbers are not made publicly available, and any existing records need to be redacted from the public register. In the meantime, local law firms need to take care when filing applications so that passport details are not included in the applicant name field, and IP owners need to consider that, unless this issue is resolved, it may be safer to use a corporate entity to hold IP rights when filing in China.”
WTR has reached out to CNIPA representatives, and this article will be updated if they respond.