Alipay added a new privacy protection feature to its app last week. The addition comes a week after China’s Personal Information Protection Law (PIPL) went into effect, as well as growing concern among the general public regarding data privacy.
Like many other apps in China, Alipay requires real-name registration and verifies each user’s personal ID and phone number. Its facial scan payment function, which is widely integrated in a range of transaction scenarios, from vending machines to airport check-ins, collects biometric information and geodata.
Although convenient, the process of verifying transactions through facial scans has led to widespread consternation, as the public worries that it may lead to identity theft. Alipay’s User Protection Center provides a way to manage permissions related to location tracking and camera access.
PIPL took effect on November 1 and prohibits the unnecessary collection of personal information, abuse of personal privacy, and data exchanges with overseas entities.
As China’s internet giants dominate the country’s social media, e-commerce, and payments sectors, they have amassed a vast trove of data from their many millions of users. Many have adjusted their data privacy policies to fall in line with recent laws as well as public concern over data protection.
Some companies are making significant changes to ensure they do not breach the PIPL. For example, Tencent is forming an oversight board. Last week, 38 apps, including popular platforms like Xiaohongshu, Douban, and Tantan, were ordered to rectify their practices and stop their “excessive collection of personal information.”
Alipay’s User Protection Center was created with the PIPL in mind. The Ministry of Industry and Information Technology (MIIT) said on Monday that mobile apps must use concise and easy language in their privacy policies. The MIIT also ordered 39 major tech companies, including Alibaba, Tencent, and ByteDance, to inform users about data that is gathered through interactions with their platforms and demonstrate how that data is shared. The deadline for the publication of this information is the end of 2021.