This study examines the enforcement efficacy and practical challenges of “Special Privacy Rectification Campaigns” (SPRCs)—a hallmark of China’s centralized privacy governance—in addressing widespread app-level privacy violations. Drawing on semi-structured interviews with 18 frontline app engineers and employing thematic coding and grounded theory analysis, it provides the first empirical account of SPRCs’ operational logic, compliance pressures (e.g., tight deadlines, ambiguous regulatory standards), and corporate coping strategies. Results indicate that SPRCs substantially improve short-term compliance but suffer from structural limitations, including low sustainability and inadequate technical alignment with industry practices. The study fills a critical gap in micro-level empirical research on campaign-style enforcement in China’s privacy regime and offers key evidence on the efficacy boundaries of authoritarian digital privacy regulation.

In recent years, major privacy laws like the GDPR have brought about positive changes. However, challenges remain in enforcing the laws, particularly due to under-resourced regulators facing a large number of potential privacy-violating software applications (apps) and the high costs of investigating them. Since 2019, China has launched a series of privacy enforcement campaigns known as Special Privacy Rectification Campaigns (SPRCs) to address widespread privacy violations in its mobile application (app) ecosystem. Unlike the enforcement of the GDPR, SPRCs are characterized by large-scale privacy reviews and strict sanctions, under the strong control of central authorities. In SPRCs, central government authorities issue administrative orders to mobilize various resources for market-wide privacy reviews of mobile apps. They enforce strict sanctions by requiring privacy-violating apps to rectify issues within a short timeframe or face removal from app stores. While there are a few reports on SPRCs, the effectiveness and potential problems of this campaign-style privacy enforcement approach remain unclear to the community. In this study, we conducted 18 semi-structured interviews with app-related engineers involved in SPRCs to better understand the campaign-style privacy enforcement. Based on the interviews, we reported our findings on a variety of aspects of SPRCs, such as the processes that app engineers regularly follow to achieve privacy compliance in SPRCs, the challenges they encounter, the solutions they adopt to address these challenges, and the impacts of SPRCs, etc. We found that app engineers face a series of challenges in achieving privacy compliance in their apps...