When medical student Wang Peng ordered a KFC family meal online last November, he received a nasty surprise. After waiting an hour with not a chicken drumstick in sight, the 20-year-old from eastern China’s Anhui province realized he’d been duped — the food-delivery website where he had placed the order was fake, and the operators had just swindled him out of 100 yuan (just over $14).
To make matters worse, three days later, Wang received a call from a man asking him to transfer 10,000 yuan to a bank account. “When I ordered KFC on the fake food-delivery website, I entered my name and telephone number,” said Wang. “I think that’s when my information was leaked.”
Du Jun, a 32-year-old employee at a digital game development company in Shanghai, was somewhat luckier. Shortly after he bought a cellphone from an online retailer on Alibaba Group’s e-commerce platform, Taobao, a man claiming to be a service provider for the vendor gave him a call. The man explained that the cellphone Du had purchased was no longer in stock and that the company wanted to refund the purchase amount. He then asked Du for his bank account details. Remembering the warnings about fraudulent calls he had seen on Taobao, Du hung up immediately.
Wang and Du are just two of the many victims of online retail scams that a new law currently under discussion hopes to protect. On Dec. 19, China’s legislator, the National People’s Congress (NPC), began reviewing the country’s first law designed to protect online consumers in an effort to regulate the country’s rapidly growing e-commerce industry.
If enacted, the e-commerce law would require online businesses to strengthen security to safeguard Chinese netizens’ personal information. It also addresses issues such as online-payment security, dispute-resolution mechanisms to protect consumers, and regulation of international e-commerce.
China’s online retail industry grew by an average of 30 percent per year from 2011 to 2015, according to a report by Sixth Tone’s sister publication, The Paper. With this boom has come a rise in incidents of online fraud and deceit.
More than half of Chinese online shoppers believe that their personal information has been stolen in the past, and 84 percent complained they had been harassed or were cheated out of money by phone scams, reported the Internet Society of China, a nongovernmental regulatory organization. It estimated that information leakage resulted in an economic loss of around 91 billion yuan last year.
To date, China’s e-commerce sector has been managed by a mishmash of several laws and official documents, including the Electronic Signature Law of 2004 and a 2014 revision of the Consumer Protection Law, which contain clauses meant to address disputes in the industry. In addition, the NPC Standing Committee has released stipulations governing acceptable e-commerce practices.
Yet for all these laws and documents, China lacks a specific and enforceable law on online commerce. “Many government departments deal only with problems related to their specific fields and rarely take the initiative to investigate and punish offenders,” Zhao Zhanling, a legal advisor to the Internet Society of China, told Sixth Tone.
As a result, Chinese web users continue to suffer at the hands of scammers who try to swindle online shoppers out of their money or leak users’ information. In one case, Vipshop, an online shopping platform with nearly 100 million registered users, reported that between May 2015 and March 2016, 21 of its users were cheated out of around 290,000 yuan in total. After these customers made purchases on Vipshop, criminals tapped into their account information and used it to pull off successful phone scams.
In 2013, the Financial and Economic Affairs Committee under the NPC began drafting the new e-commerce law to address these issues, calling for the establishment of a top-level mechanism under the State Council, China’s cabinet, to enforce the law.
The draft law has been hailed as more comprehensive than previous legislation and documents addressing e-commerce. If enacted, the law would — for the first time — place individual and corporate online vendors, third-party platforms such as Alibaba’s Tmall, and express delivery companies under the same set of regulations, allowing for more effective oversight of the e-commerce industry.
Under the proposed law, third-party platforms and e-commerce retailers of all sizes are required to obtain customers’ permission before collecting personal information and to strengthen their information security systems. Those who fail to do so could lose their licenses and face fines of up to 500,000 yuan. In addition, the draft law defines in greater detail what constitutes personal information — including such items as a user’s name, national identification number, address, telephone number, and transaction history.
Li Tiejun, an internet-security expert at Cheetah Mobile, a major internet-security software company in China, said that from a technical perspective, the new law shouldn’t prove too onerous for larger e-commerce companies to implement. Li said that the series of leaks that hit large e-commerce websites in 2013 prepared most major players to handle the information-protection provisions of the law. For smaller operators, including small- and medium-sized sellers on Taobao, compliance with the law could prove more challenging, Li said, pointing to obstacles like technological constraints and limited employee-monitoring capabilities.
Some online retailers, including JD.com, have already voiced their support for the draft law. Zhou Weiwei, public relations manager for JD, believes the legislation will facilitate the healthy development of the e-commerce sector. “JD will be the first to implement the law when it goes public,” Zhou told Sixth Tone. Alibaba’s public relations department declined to comment.
Legal advisor Zhao said that even though the new law restates points covered under previous legislation, it is still meaningful. “Regulations on information protection are necessary to clarify core questions concerning the area of e-commerce,” he said.
(Header image: VCG)