Ant Financial Services Group said it will conduct sweeping reviews of all its business lines after being reprimanded by regulators for data-privacy violations.
The Cyberspace Administration of China (CAC) met with representatives of Alipay, China’s largest third-party payment services provider, as well as its affiliate, Zhima Credit, over a default setting that opted users into sharing their personal information with the company, according to a Wednesday announcement from the internet regulator.
Last week, Ant Financial, which operates Alipay, apologized for automatically enrolling users into its credit-rating system following a backlash from the public as well as the central bank.
The CAC said that Alipay’s and Zhima Credit’s collection of individual information violated a pledge the company signed on individual information protection.
Ant Financial has taken immediate measure and will conduct a complete review of its business lines with regards to privacy protection, Nie Zhengjun, chief privacy officer at Ant Financial, told Caixin.
Ant Financial has also created a new department that specifically oversees personal information protection following the incident.
However, some have said that they think Ant Financial got off easy.
“Alipay’s and Zhima Credit’s public relations teams responded to this promptly, and avoided administrative and other types of penalties through their comprehensive apology,” a legal professor told Caixin.
Chinese companies rarely hire external lawyers who specialize in user privacy to work with them, although this is a common practice in Europe and the U.S., a senior lawyer told Caixin, adding, “It seems in China, companies would rather deal with a crisis after the fact than spend money on lawyers to do compliance work in advance.”
This is not the first time Ant Financial has had to apologize for user privacy violations. In July, Ant Financial’s online lending service, Huabei, drew scorn for failing to provide clear definitions in its user authorization agreement and collecting unnecessary data from users.
In September, Huabei, through related parties, sought the collection of loan repayments from Taobao users, drawing questions over invasion of user privacy. And in October, the Jinan Daily newspaper reported that Alipay’s payment service for public transit had a default setting that allowed user information to be linked to Zhima Credit.
And soon, Ant Financial may have stricter standards to consider.
“If a similar situation took place in the European Union, it would not be resolved this way,” a senior lawyer who wished to remain anonymous told Caixin, referring to the lack of penalties from regulators.
The General Data Protection Regulation (GDPR), which the European Parliament approved in April 2016 and is slated to take effect in May, represents the most sweeping and strict international data protection measures so far. International companies are taking note, as the rules apply to all providers of goods and services to EU citizens.
Noncompliant companies face being slapped with a fine of 20 million euros ($23.9 million) or 4% of yearly revenue, whichever is more.
“If an EU resident uses Alipay in China, and a lawyer is able to get evidence on a case like the incident that just occurred, the company can be liable for EU fines as outlined in the GDPR,” the lawyers said.
Alipay is also expanding its international reach. It has operations in more than 31 countries and regions, including the U.K, France and Germany, and at least four locations in the U.S.
Contact reporter Liu Xiao (email@example.com)
- 1Power To The People: Pintec Serves A Booming Consumer Class
- 2Largest hotel group in Europe accepts UnionPay
- 3UnionPay mobile QuickPass debuts in Hong Kong
- 4UnionPay International launches premium catering privilege U Dining Collection
- 5UnionPay International’s U Plan has covered over 1600 stores overseas