SHANGHAI (Reuters) - China’s cyber watchdog has scolded Ant Financial, Alibaba’s payment affiliate, for compromising user privacy after many users of its Alipay service were automatically enrolled in its credit scoring system.
The Cyberspace Administration of China (CAC) said in a statement it had summoned Ant Financial representatives to a meeting last Saturday and told them they had failed to meet the country’s personal information security standards.
The rap over the knuckles adds to a tough start to the year for Ant Financial which was recently blocked by U.S. regulators from acquiring MoneyGram International Inc.
It is also grappling with new regulations, requiring mobile payment firms to sharply increase the amount of client funds in interest-free reserve accounts, which will likely reduce profits.
Alipay has a popular end-of-year feature that allows its customers to analyse how they have spent their money over the year. At the end of 2017, the feature began enrolling users who wanted to look at their bills into the credit scoring system, Sesame Credit.
That allowed Sesame Credit to collect their data and share the analysis with its partners. Users could only opt out if they unchecked a button on the feature’s landing page.
Sesame Credit apologised last week and cancelled the default option.
“We immediately initiated a comprehensive review of our privacy protection policy across the business,” Ant Financial chief privacy officer Nie Zhengjun said in a statement on Thursday.
Ant Financial’s board of directors will be responsible for overseeing all privacy-related matters going forward, Nie said.
CAC said the company should “step up efforts to conduct a comprehensive investigation of the Alipay platform, carry out special rectifications and take effective measures to prevent similar incidents from recurring.”
It quoted Alipay and Sesame Credit as saying that they had learned a “profound lesson” from the incident.
Reporting by Brenda Goh; Editing by Edwina Gibbs and Richard Pullin