17 Juil 2023 Cyber Security: Three restaurants including Starbucks were investigated for “excessive collection of personal information”
1. Cyber Security: Three restaurants including Starbucks were investigated for “excessive collection of personal information”
In response to the widespread personal information violations in the catering industry, such as compulsory collection of users’ mobile phone numbers, inducing consumers to provide accurate location information and forcing consumers to subscribe their WeChat official accounts, the Shanghai Cyberspace Administration (SCA) and the Shanghai Municipal Administration for Market Regulation (SMAMR) carry out a special enforcement action to protect the rights and interests of personal information in the consumer sector under the supervision of the State Administration for Market Regulation (SAMR) for a period of six months, starting from June 16, 2023.
SCA and SMAMR have then interviewed the people in charge of Starbucks, burger joint Shake Shack and simply thai Tiantai restaurant for “excessive collection of personal information” and asked them to carry out self-examination and rectification. Otherwise, in case of violation, the data processor may face termination of service or fines, and may also be subject to tort law.
SCA drew attention that several behaviors are suspected of illegal and unlawful collection and use of personal information, such as request for sensitive personal information irrelated to catering services (name, birthdate, sex, personal address etc.).
2. CBDT: First Standard Contract record-filing passed in Beijing
On June 25, 2023, the Standard Contract signed between Beijing Deyixin Data Co., Ltd., the data provider, and Nova Credit Limited (a Hongkong company), the receiver, has been successfully recorded by Beijing CAC. It is the first registered case of Standard Contract after it came into effect on June 1st.
The provider Deyixin and the receiver Nova Credit are associated companies where Deyixin is wholly owned by Nansha Nova (a Guangzhou company) in which Nova Credit has a 15% shareholding.
Standard Contract is one of the three legal ways to send data abroad from China. Please click here to find more details about Standard Contract.
3. CBDT: Alipay “Cross-border Operation” became the first WeChat Mini Program who has passed the CBDT Data Security assessment of CAC
According to the report of Zhejiang CAC on June 19th, the “Cross-border Operation” of Alipay (Hangzhou) Information Technology Co., Ltd. has passed the CBDT Data Security assessment of CAC. It is the third case of CBDT who has successfully passed the assessment in Zhejiang.
Notably, it is the first time that a WeChat Mini Program that has passed the CAC CBDT Data Security assessment.
Based on publicly available information, the following table summarizes the 13 successful cases:
Beijing
230118
https://mp.weixin.qq.com/s/mCS7dZIuqs7LCevDUnd58g
- Beijing Friendship Hospital-Capital Medical University: collaborative research project with Academic Medical Center (Amsterdam)
- Air China
230525
https://mp.weixin.qq.com/s/oS36Al4UjykATuFg1Rx4FQ
- Beijing Hyundai Motor Co., Ltd.
Shanghai
230505
https://mp.weixin.qq.com/s/wsTpDrGBhwlux2fd9Zq5rw
- Mazda Motor (China) Co., Ltd.
- Sephora (Shanghai) Cosmetics Co., Ltd.
Jiangsu
230509
https://mp.weixin.qq.com/s/gQ6HcHb4d2eKcSIkITkXWg
- “made-in-china.com” operated by Jiangsu Focus Technology Co., Ltd.
Zhejiang
230524
https://mp.weixin.qq.com/s/41GorMq_MhAA9sn7MhMXEw
- Hangzhou Hikvision Digital Technology Co., Ltd.
- Hangzhou EZVIZ Network Co., Ltd.
230619
https://mp.weixin.qq.com/s/qgF5a8AktSnXniV9s1vTwA
- “Cross-border Operation” WeChat Mini Program of Alipay (Hangzhou) Information Technology Co., Ltd.
Shandong
230609
https://mp.weixin.qq.com/s/a5KPPVZ38JFhgp5wubqlcA
- Jabil (Weihai) Co., Ltd.
Guangdong
230619
https://mp.weixin.qq.com/s/LaF9KvMmCxj3lOKiRiED-g
- Green Point (Shenzhen) Technology Co., Ltd.
- Amway (China) Co., Ltd.
- Jabil (Guangzhou) Co., Ltd.