Shanghai Cyberspace Administration: 8 types of problems need to be self inspected and rectified. Catering enterprises excessively collect user personal information during the process | personal information | users
Since the launch of the "Liangjian Pujiang Consumer Personal Information Rights Protection Special Law Enforcement Action", according to reports and investigations by netizens, many catering and consumption venues in Shanghai have found illegal and irregular behaviors such as excessive collection, frequent inducement, and even forced solicitation of unnecessary personal information from consumers during the process of scanning QR codes and ordering.
In response to this common issue, the Shanghai Municipal Cyberspace Administration, together with the Municipal Market Supervision Bureau, the Municipal Commission of Commerce and other departments, has recently carried out legal education and administrative guidance on personal information protection in the catering industry in batches. Through various methods such as legal education, supervision and rectification, compliance guidance, law enforcement deterrence, and media supervision, efforts have been made to promote catering enterprises to continuously enhance their awareness of personal information protection and actively fulfill their obligations to protect personal information.
This afternoon, more than 80 chain catering enterprises under the Shanghai Catering and Culinary Association, including Hai Di Lao, Gui Man Long, Da Mei Le, Dian Du De, and Xi Cha, participated in the first phase of personal information protection legal education training class, involving more than 16000 catering stores. Based on the problem clues and typical cases discovered in the preliminary investigation, the Shanghai Cyberspace Administration analyzes the common illegal and irregular behaviors of catering enterprises in the process of personal information collection through case interpretation, and provides guidance for enterprises to carry out self inspection and rectification.
The Municipal Market Supervision Bureau, Municipal Commission of Commerce and other departments are required to conscientiously implement laws and regulations such as the Personal Information Protection Law and the Consumer Rights and Interests Protection Law, and require catering enterprises to follow the principles of legality, legitimacy, necessity, and integrity. The collection of personal information must be limited to the minimum scope of catering business and excessive collection is not allowed.
The Shanghai Municipal Cyberspace Administration emphasized that catering enterprises should conduct self inspection and rectification in the personal information collection process based on the "Self inspection Checklist for Common Personal Information Protection Issues in the Catering Industry by Scanning QR Code Orders", comparing the following 8 types of problems, and effectively fulfill their personal information protection obligations.
1. When consumers first use the QR code ordering service, they scan the QR code and then jump to the mini program page to order, but the mini program does not inform consumers of their privacy policy through prominent means such as pop ups.
2. Although the mini program informs consumers of privacy policies through pop ups and other means, it only has the option to agree and no options to reject or disagree; Alternatively, privacy policies can be selected by default on ordering, logging in, and other pages, allowing consumers to provide personal information to catering enterprises by default.
3. During the process of ordering at the store or on the checkout page, the mini program requires or induces consumers to fill in personal information unrelated to catering services, and no obvious prompts are non mandatory items.
4. After the consumer scans the code to place an order, the mini program will display pop-up prompts such as "One click login on WeChat" to obtain a nickname and profile picture, "One click login on WeChat phone number" to obtain a phone number, or request the consumer to provide a phone number when making an order. If the consumer refuses the above authorization, they will not be able to place an order.
5. After the consumer scans the code and places an order, the mini program applies for location permission to obtain accurate location information on the grounds of facilitating the consumer's selection of nearby stores. If the consumer refuses, they will not be able to select a store to complete the order.
6. After the consumer scans the code and places an order, the mini program applies for accurate location information. However, after the consumer refuses, they still frequently pop up windows to apply for location information, and the consumer cannot use the store search function normally.
7. After the consumer scanned the code and ordered the order, the applet induced the consumer to authorize personal information such as accurate location information or mobile phone number in the name of optimizing the service experience, providing member discounts, or induced the consumer to pay attention to the enterprise official account. After the consumer refused, pop-up applications still appeared repeatedly on the page, affecting the normal use of consumers.
8. Without consumer consent or anonymization, businesses provide consumer personal information to third parties for use, and consumers frequently receive targeted advertising and marketing messages; Or qualitatively push advertising and marketing information to consumers, but do not provide options for unsubscribing or rejecting.