An employee scans a quick response (QR) code displayed on Alipay app at a store in Hong Kong. [Photo/VCG]
A digital spending profile based on a person's history of mobile purchases that went online on Wednesday has sparked a public outcry over privacy issues.
Alipay, the country's leading e-wallet app, was thrown into the spotlight after a lawyer complained on social media that the company was not explicit enough about its intention to share user data with its commercial partners.
Alipay's 520 million users were able to use the app starting Wednesday to review their 2017 transaction history. But a small section－checked by default and buried at the bottom of the landing page－contained an agreement that automatically enrolled its users in its credit rating service if they viewed their spending history by swiping upward on the screen.
The post has since gone viral and caused outrage among netizens, forcing Alipay to issue an apology on Wednesday night. The company has also tweaked the settings, making the agreement statement more prominent on the page. Alipay also provided detailed instructions on how users can go about rescinding their consent.
The reaction to Alipay's attempts to assuage concerns has been lukewarm.
Cao Lei, a university administrative staff worker who is a regular user of Alipay, accused the company of "deliberately concealing" a data breach that could have compromised the information hundreds of millions of users.
Jiang Yongwei, a partner at Jiangsu Xinsu Law Firm, said Alipay should have presented the legal agreement on the page more explicitly and made it mandatory for users to manually agree or reject it before they could proceed.
The issue highlights growing concern over a lack of transparency in how companies gather and use personal data. A few days ago, messenger app WeChat denied allegations that it was keeping backups of users' chat conversations on its servers.
Victoria Petrock, principal analyst at consultancy eMarketer, expects similar problem to arise in the future as an increasing amount of data is shared across different apps, devices and platforms.
Under China's Cybersecurity Law, companies are permitted to collect customer data but they are also responsible for ensuring that the usage, storage and deletion of data are done within legal limits, said Ling Xiao, a partner at Hui Ye Law Firm.
Like many other countries, China is ramping up its data protection efforts through law enforcement, but there is still much to be done, such as rolling out more stringent rules for obtaining user consent and permission and also giving users to right to have information removed from online search results, Jiang said.
© China Daily Information Co