Amid controversy over Chinese telecoms collecting personal data of domestic users..

Regulations Consent to “transfer of information to third parties abroad” “The government should investigate personal data.”

AliExpress Advertising
An advertisement for Alibaba’s e-commerce platform “Ali Express” appears on a billboard on a subway platform in Seoul.

Amid controversy over the collection of personal data of domestic users by Chinese e-commerce company AliExpress (Ali), there are 190,000 sellers in Korea who collect and share personal data.

According to the Consumer Sovereignty Citizens’ Conference on January 10, it was confirmed that Ali transferred the consent-collected personal data of domestic users to 188,432 Chinese sellers.

Ali obtains your consent to share your personal data with a third party and with a third party abroad in accordance with its own terms and conditions, the “Personal Data Processing Policy”. If you do not agree, you cannot use the service.

The government and civic groups point out that the scope of personal data collection provided for in these regulations is too broad and comprehensive.

Even in the same e-commerce industry, consent to provide personal data is sometimes required, but it differs in that it is limited to the extent necessary.

In the Regulations, the type of personal data provided to the seller (third party) is defined as “bank account details or similar payment information used for the purchase, mobile phone number used for payment, number of the foreign card used for payment with a foreign card, information about the cash receipt, place of delivery , detailed access information (common door access number) and a photo of the product delivery completion (user’s home photo).”

Another problem is that it is difficult to determine which companies are sellers in China and receive this type of personal information.

There are high concerns about a personal data breach because the seller information in China, where Ali receives personal data, only includes a name and email address and does not include a link to a website that could identify the seller.

“The government should disclose clear information about the 188,432 Chinese companies that seized users’ personal data from Ali and carefully review their status and capabilities in managing personal data,” the Citizens’ Association for Consumer Sovereignty said.