Users claim Alibaba unit violated privacy with data collection
Risks including privacy violation and payment safety are rising in China's fast-growing mobile payment sector, and authorities are expected to tighten regulation by employing technology, experts noted.
Their warning came after Sesame Credit (also known as Zhima Credit), a credit-scoring system operated by Alibaba's subsidiary Ant Financial, allegedly violated users' privacy.
On Wednesday, Alibaba's third-party payment platform Alipay sent out annual bills to its users. But before users could check their e-bills, they found that next to a line of text reading "I agree to the Sesame service agreement," a box of type in a tiny font was automatically ticked.
Sesame Credit apologized late on Wednesday night, saying it was wrong to have set the service agreement to automatic. The system later canceled the automatic feature of the agreement on the e-bills and showed users how to remove the authorization on the platform.
More than 10 users the Global Times talked to on Thursday said that they did not even notice the text because it was so small.
"Actually, if users don't agree to the service's terms and conditions, they can still view their bill. But the tricky thing is, most users cannot see the words because they are in such small font," a user surnamed Chen told the Global Times on Thursday.
As a result, many users "authorized Sesame Credit to collect their information without knowing it," he said.
"In this case, Sesame Credit has infringed consumers' rights including the rights to know and choose, and it also violated the security and privacy of user information," Qiu Baochang, director of Beijing Society of E-Commerce Law, told the Global Times on Thursday.
After users approved the Sesame service agreement, it allowed the system to provide users' credit information to other third parties. Also, ticking the agreement acts as authorization for the platform to analyze user data and share it with its cooperation institutions, according to the Sesame service agreement.
Experts said that payment platforms could analyze and process the data they collect, and could possibly use the data in a profitable way.
The "loophole" is actually common in the online payment sector and many other similar cases exist, but they are little known among the public because other payment services do not have such a large user base as Alipay, Hao Junbo, a lawyer at Beijing-based Hao Law Firm, told the Global Times on Thursday.
Alipay had about 520 million users in 2017 and 82 percent of them used mobile payments.
Transactions in the third-party online payment sector reached 6.38 trillion yuan (2 billion) in the third quarter of 2017, up 8.6 percent over the previous quarter, according to data released by Beijing-based marketing consultancy firm Analysys in December, 2017.
Alipay topped the market with a 24.94 percent share in the third quarter of 2017, followed by China UMS, Tencent's various financial service platforms and 99bill.com, accounting for 23.51 percent, 10.21 percent and 9.11 percent, respectively, Analysys data showed.
Although the domestic mobile payment sector is growing fast, many risks persist such as payment security and privacy protection, Qiu said.
Du Xi , a 20-something white-collar worker in Beijing, said that "I just found that I 'had given authorization' without knowing it to other platforms such as Alibaba's online travel booking platform fliggy and Alibaba's online lending platform Huabei. When did this happen? I had absolutely no idea!"
"It is high time that the Chinese government rolls out relevant rules and laws to regulate the industry," Hao said.
He said that the rules and laws should specifically forbid online payment platforms to mislead users into authorizing any agreements.
User information safety is closely related to financial security and if issues like violations cannot be properly addressed in the payment sector, more legal problems will emerge, experts said.
Qiu noted that authorities should use technology to tighten supervision in the market, where many platforms are likely to use some technology to "trick" users.