WeChat issues new rules for user privacy

May 29, 2018

China’s most popular social platform is implementing new rules to protect user privacy and optimize the external link experience. The move is a part of WeChat’s wider privacy overhaul which comes amid increasing scrutiny around data privacy. Just four days ago, EU’s new data regulation law GDPR came into effect. However, the new rules introduced by WeChat are limited in scope and focus on data leaks and IP rights for content producers.

IP is a pain point for content producers on WeChat’s platform. This week, Tencent landed itself in hot water after investing in a WeChat self-media account that’s been accused of plagiarism. The account called Chaping (差评), literally Bad Reviews, announced it will return the RMB 30 million ($4.7 million) funding.

The new rules also aim to further regulate external link sharing in the platform which already has quite strict rules. The new rules (our translation below) come into effect May 29:

To avoid harassment of users caused by excessive marketing, the publication and transmission of special identification codes and password information in WeChat Moments (a function similar to Facebook’s newsfeed) is not allowed
External links, including audio-visual content, should not be transmitted in any form without obtaining proper licenses. External links will not be able to change the return path for users. Previously, when users would tap on an external link and then tap the back button, sometimes they would end up on a new page instead of the page they previously visited.
Pop-up widgets and floating layers will not be able to contain private user data. The use of pop-up widgets in external links may lead to information leaks, including users’ nicknames and profile photos.
Punishments will be given in steps: if an external link is blocked, the operators can send an email to unblock it. The second strike blocks the link for 12 hours, third for 24 hours, and the fourth indefinitely. In cases that are discovered to be malicious, the account, domain name, IP address or sharing interface will all be blocked.

Tencent is the fastest among Chinese companies to react to the GDPR, according to 21Jingji (in Chinese). The company updated the privacy policy of its other popular social platform QQ to meet GDPR requirements on May 23.

In addition, WeChat updated the international version of privacy terms a week ago. The terms specify the rules of usage, the location of storage, and applicable laws and regulations. It is worth noting that the retention time of information in the WeChat international privacy policy is also clear: the account information will be deleted after 180 days of inactivity, and chat records will be stored for 72 hours and then permanently deleted. However, these changes are not reflected in the WeChat version of China.

Last week, Sengyee Lau, Senior Executive Vice President and Chairman of Market and Global Branding of Tencent revealed at a conference Paris that the company is working on containing rumors on the “national-level social platform” WeChat. Lau also said that the industry needs to tackle user privacy concerns.