315 Investigation|Members to register for meals: controversy over excessive collection of information behind scanning codes and ordering meals
"Enter the store and scan the code to order."
During the peak dining period, Su Ping greeted the customers entering the store like this.
She runs a Thai-style restaurant and installed a code-scanning ordering system six months ago. When ordering food, she also pays attention to the WeChat public account in the store. In just six months, she has accumulated a large number of fans.
Su Ping feels that a "win-win" has been achieved, the restaurant has saved manpower, has accumulated fans, and customers can quickly place orders.
However, the rapidly spreading "scan code ordering" is also triggering discussions about over-collecting information and whether there is a risk of information leakage.
At the beginning of March 2021, The Paper (www.thepaper.cn) randomly visited 100 restaurants in 5 different business districts in a city, and found that 72 restaurants had launched the scan code ordering function. After scanning the code, 35 of them requested You can order only after paying attention to the WeChat official account, which accounts for about half.
In addition, 20 restaurants are required to log in with their mobile phone number after scanning the code before ordering.
In addition, the restaurant’s ordering system requires customers to enter their mobile phone number, birthday, name, gender and other personal information to register as a member.
Most restaurants do not display the "Privacy Policy" or "User Agreement" when collecting customer information by scanning code ordering systems.
The technology company that develops scanning code ordering software claims that by collecting customer information, it can "portrait" customers and help restaurants with precise marketing.
Some companies even claim that the software they develop allows restaurants to independently set the information that customers must fill in.
However, there are no clear rules in the industry for what information is necessary and where the boundaries are.
In an interview with The Paper, many experts and lawyers believed that the main problems of "scanning code ordering" are excessive collection of information, user information protection, and user choice rights. Information security legislation is needed to improve the information security of businesses and customers. Consciousness to solve.
Compulsory follow or registration accounted for half, and the collection of customer information rarely showed the "Privacy Policy"
Customers use their mobile phones to scan the QR code to enter the self-service ordering system, and order self-service in a single or multi-person collaborative manner. The system directly connects to the merchant's cash register to place orders in real time.
At present, smart ordering systems such as scanning code ordering have been widely used in various restaurants, large and small, and customers enjoy convenience while leaving their own consumption data and personal information in the "system".
Recently, The Paper journalists randomly selected five business centers in a city and visited 100 restaurants (including coffee shops, tea shops, dessert shops, etc.).
Among them, 72 restaurants provide scanning code ordering services, and manual ordering is also possible; the other 28 restaurants that cannot scan code ordering are mostly in the form of self-service meal collection, such as spicy tang, self-service conveyor belt sushi, and seafood buffet.
In these 72 restaurants, scanning the QR code of 37 restaurants will directly enter the order page; scanning the QR code of 35 restaurants, you need to pay attention to the WeChat official account first, and then enter according to the webpage or mini program that pops up on the official account Ordering page.
These official accounts that need to be followed are all "service accounts", most of which need to be "manually followed", and a few will be automatically followed.
And the 37 restaurants that do not need to follow the official account, their order page will also prompt the customer to provide nickname, gender, avatar, region, geographic location and other information.
In addition, scan codes to order meals at 20 of these restaurants, before ordering or when submitting an order, you need to be authorized to log in with your WeChat-bound mobile phone number or other mobile phone number, otherwise you cannot order.
There are a small number of merchants who are prompted to log in, but they can still order without authorization.
In addition, the ordering system of 12 restaurants requires customers to enter their mobile phone number, birthday, name, gender and other personal information to register as a member, or automatically become a member after scanning the ordering QR code.
For example, if you scan the QR code for ordering at a restaurant of the hot pot brand "Laowang", you need to enter your phone number, name and other information on the ordering page to register as a member, otherwise you will not be able to order; scan the ordering QR code for "Pacific Coffee" , You need to log in with your WeChat mobile phone number or other mobile phone number. After logging in, you will automatically become a member of "China Resources Pass" and notify customers in the form of SMS.
When collecting customer information, most of the above-mentioned restaurants that can scan code to order meals did not show customers the "Privacy Policy" or "User Agreement" to explain the purpose of collecting information, storage path, and protection method.
Only a small number of businesses will state that the information collected is to "provide better services" and provide terms or agreements.
For example, scanning the QR code of a self-service order of a tea brand "Hi Tea" and scanning the code with Alipay requires the customer to authorize the use of mobile phone number, nickname, avatar, gender, region and other information; scanning the code with WeChat is required Use WeChat mobile phone number one-key binding or other mobile phone number binding, otherwise the order cannot be placed.
The "Hey Tea User Privacy Policy" provided by the restaurant stated that when the user is authorized to log in with a third-party account, Hey Tea will obtain the user’s shared avatar, nickname, region, gender and other information from the third party, and bind it to the Hey Tea account for use Quick login and information collection is to improve network identification.
The mobile phone number is personal sensitive information, and it is collected to meet the network real-name system requirements of relevant laws and regulations.
If the customer does not provide such information, it may not be possible to use the service of Hey Tea normally.
It stated that it will ensure that irrelevant personal information is not collected, and will use security measures that meet industry standards to protect customer personal information.
Scan the QR code of a restaurant called "Camellia Korean Home Cuisine" and you will be asked to enter your mobile phone number to register as a member.
Its "User Enrollment Agreement" states that customers need to provide at least name, gender, address, contact phone number and other information. The collection, storage, editing and statistics of user personal information is to provide customers with better and more personalized services, as well as for businesses. Make better business judgments in operations and customer management.
It promises that a variety of security measures will be used to ensure user information security.
When The Paper reporter experienced the scan code ordering function, he was forced or automatically followed the WeChat official account of 35 restaurants. Within 3 days, WeChat reminded a total of 13 restaurants to push pictures including discounts on new meals, Goddess’s Day, and Women’s Day. Wen information, one of the restaurants pushed the information twice in two days.
Many customers worry about privacy leakage, and some people will pick it up after they have finished their meal.
The Paper noted that almost all of the 35 restaurants that need to pay attention to the official account are brand chain stores.
Compared with a single store, a chain store is easier to obtain a large amount of customer information and carry out big data marketing.
In an interview with The Paper, Professor Hong Tao, director of the Institute of Business Economics of Beijing Technology and Business University, believes that information technology such as "scanning code and ordering food" can reduce the waiting time for customers, increase precise digital positioning and customer insights, and provide consumers with precision Service.
In interviews, the staff of many businesses believed that scanning code ordering saves labor costs and improves management efficiency. After customers pay attention to the official account or register as a member, the restaurant will use promotional methods to wake up "sleeping customers" and take advantage of the opportunity to market.
In some restaurants, scanning code ordering has become the main way of ordering.
The person in charge of a western restaurant surnamed Zhang told reporters that customers often scan codes to order during lunch and dinner peak hours, and only a small number of customers order according to the paper menu.
If you encounter elderly customers or customers who are unskilled in using the ordering system, the waiter will help with ordering.
Another Chinese restaurant surnamed Lin, who needs to follow the official account and register as a member to order food, told reporters that they set up a follower official account to facilitate customers to receive new meals and promotions in the store in a timely manner, but under normal circumstances they will not take the initiative." Harassing customers, sending too many messages.
However, customers have a different feeling about the experience of ordering by scanning codes.
The Paper randomly interviewed more than 20 customers of different ages, genders, and occupations about their views on ordering by scanning codes. All of them used the scanning code ordering service when dining.
Most people approve of the convenience of ordering by scanning codes, but they think that the network stalls and complicated ordering process when ordering make people feel "anxious".
Regarding additional conditions such as compulsory or automatic attention to the official account, registration or automatic membership, and filling in mobile phone numbers and names when ordering food, most interviewees believe that privacy is infringed, and they are worried about the risk of information leakage. Customers should not let them Crossing personal information in exchange for convenience.
Consumer Li Wen told The Paper that sometimes it is more convenient to order meals and add dishes in coordination with the ordering system when dining with friends.
However, the merchant will scan the QR code to follow the "service account" in the official account, which will occupy her attention when pushing messages.
She confessed that after eating, she would unfollow the official account or fill in a false mobile phone number, name and birthday when registering for a member, "this is for self-protection."
In addition, Li Wen often took her 50-year-old parents with presbyopia to dinner. When scanning the code to order, the parents often needed her to read and listen because the font of the order page was too small.
Li Wen said that once I took my parents to a pizza restaurant to order. Although I could read the menu or scan the code to order at the same time, the latest dishes and set meals can only be seen when scanning the code and ordering. She thinks this is for the elderly." Very unfriendly".
The Paper noted that Caijing.com once launched a poll on Weibo "Why don't you want to scan the code to order?" 38,000 netizens participated in the vote. Among them, more than 19,000 people were unwilling to scan the code to order because the reason was "to pay attention. "Official account", the number of people ranked first, followed by "unfriendly to the elderly/no mobile phone group, worried about privacy leakage" two items.
Where is the customer information collected by the restaurant stored, how is it used, and is it safe?
The sales staff of Gong Xing, a smart cash register system supplier with a certain market share, told reporters that they provide small program ordering and official account web page ordering technology, which can set mandatory or guide customers to follow the official account voluntarily when ordering food, but It is generally not recommended to follow the official account forcibly, which will arouse customer disgust.
The sales staff named Gong said that if customers are allowed to register as members when ordering, the filled-in mobile phone number, name, birthday and other information are stored in the Alibaba Cloud server, and there is no risk of leakage.
A salesperson surnamed Chen from another company told reporters that they also provide technology to pay attention to the official account or leave a mobile phone number before ordering. The customer data obtained by the merchant is also stored in the Alibaba Cloud server.
Due to the low technical threshold for development, there are still a large number of small technology companies on the market that develop small programs for scanning codes and ordering meals.
The Paper Journalists searched on an e-commerce platform using "scan code to order food" as the key word, and there were many businesses claiming to be able to set up scan code ordering applets.
A website called "Weibing" claims to be able to quickly build a QR code ordering system including apps, mini programs, and official accounts.
According to its staff, customers often scan the QR code to directly enter the Mini Program to order food, and they can also scan the QR code to jump to the service account in the WeChat official account, and then enter the order page within the service account.
They can set the customer to fill in the name, mobile phone number and other information when ordering, and they can also register the customer as a member of the store, or issue coupons after the user pays attention to the service number to induce them to spend again.
The staff member sent a QR code to The Paper journalist. After scanning it, it automatically jumped to a WeChat service account. The "Scan code to place an order" link appeared. When randomly selecting meals for settlement, the number of people who need to fill in the number of meals, customer names, Personal information such as contact information can be used to place an order.
"You can leave any information you need, and you can customize the information you need to fill in, and you can see it in the background." However, the staff member did not specify where the customer information is stored.
The technology providers behind the scanning code ordering system often claim that they can provide various value-added services for restaurants, analyze user consumption behavior data, form accurate user portraits, and target marketing programs such as discounts, full reductions, coupons, and points. Push to customers to improve the efficiency of business acquisition and retention.
For example, the official website of an intelligent ordering system supplier stated that "all-round data collection provides a data basis for merchants' precision marketing."
A salesperson with the surname Jiang of the company said that the specific functions of scanning code and ordering meals are customized according to customer requirements. They can be compulsory to follow the official account, or they can be forced to register as a member, but because the latter is often reported by customers and the official account is blocked, they We now recommend the forms of "Members' Menu Price" and "Restore Value to Become a Member" for customers to leave messages.
Of course, if the business must request to register as a member when ordering, it can also be technically debugged.
According to the salesperson surnamed Jiang, the mobile phone number, birthday, name, registration time and other information filled in by customers can be seen in the "Member Pool" in the background. The information is stored in the company's "cloud" and will not be leaked.
The back-end management page of the ordering system he showed to The Paper journalists showed that the "customer information" list includes name, gender, mobile phone number, birthday type (lunar calendar), birthday date, etc.
A salesperson surnamed Jiang said that when the customer's personal information and consumption data are left behind, the company classifies members to achieve member screening and precise marketing.
The "Marketing Box" list on the back-end management page shows that the marketing forms include new membership, fan interaction, repurchase promotion, and member care. The specific marketing methods include sharing fission, group joining, expanding gift packages, and time-limited spikes.
"Customers who haven't come to the store for one or two months to consume, the backstage can screen out'sleeping customers' and wake them up through promotional methods." said the salesperson surnamed Jiang.
Mandatory registration, excessive collection of information, how to regulate scanning code ordering?
Catering, as one of the most basic consumption, covers almost all consumers. Scanning codes and ordering meals becomes a window for merchants to understand and guide customers and precision marketing.
So, when facing consumers, can "scan code ordering" compulsorily follow the official account or register members, and where is the boundary of obtaining personal information?
Wang Xinrui, a lawyer who has been concerned about information security protection for a long time, analyzed that the main problem with "scanning code ordering" is the problem of excessive collection of information.
In fact, there is no need to collect so much information in the context of ordering food, and at the same time, be wary of misuse of this information by businesses.
The Paper News reporter noted that the "Network Security Law", "Telecommunication Regulations", "Provisions on the Protection of Personal Information of Telecommunications and Internet Users", and "Approval Methods for the Collection and Use of Personal Information in Violations of Laws and Regulations by APP" have already implemented systems for personal information security. Design and arrangement.
The latest news from the Ministry of Industry and Information Technology shows that a total of 22 "Interim Provisions on the Management of Personal Information Protection for Mobile Internet Applications" will be issued soon.
The regulations are based on the two basic principles of personal information protection: “informed consent” and “minimal necessity”. Anyone who requires personal information processing activities in App shall inform users of the personal information processing rules in clear and easy-to-understand language. Make a voluntary and clear expression of intent under the premise of support; engaging in App personal information processing activities should have clear and reasonable control, and follow the minimum necessary principle, and must not engage in personal information processing activities beyond the scope of user consent or irrelevant to the service scenario .
Liu Junhai, a professor at the School of Law of Renmin University of China, believes that scanning code ordering essentially involves two aspects of the customer's "right to choose" and "right to privacy."
If the business requires customers to scan the code to order, it violates the customer's right to choose. The restaurant should provide consumers with alternatives to the scan code to order. Free choice can win the respect and trust of customers.
Some technology companies claim that customer information is stored in the "cloud", but is it like locking money in a cabinet, can it be ultimately safe? What if someone with the key opens it with the key?
He believes that after obtaining customer information, merchants frequently send advertisements and information to customers, which is called "precise push and marketing."
However, precision marketing cannot be at the cost of infringement. Only legal precision marketing is protected, and legality or illegality depends on whether the customer is willing.
If it is voluntary, the merchant should provide it in accordance with the customer's request after the request, instead of forcing the customer to provide information before ordering, and then pushing the advertisement forcibly after ordering.
Liu Junhai believes that we must adhere to the principle of "scanning code voluntarily", insist on putting customer privacy and security first, and adhere to the basic principles of "legal, necessary, legitimate, confidential and safe".
Bai Wenxi, vice chairman of the China Enterprise Capital Alliance and chief economist of IPG China, believes that the current "scan code ordering" system has information security problems in the application process, on the one hand, there are a large number of forced or induced installations, Mandatory promotion issues have brought a bad experience to customers' information security and software applications.
In addition, some elderly people do not use smart phones. The "digital divide" in the application scenario of "scanning code and ordering" will also cause problems for this part of the population. How to solve the application needs of this part of consumer groups is also a current concern. problem.
He believes that the former may be solved by information security legislation and the promotion of information security awareness of businesses and customers, while the latter also needs to be resolved by strengthening manual assistance or improving the level of intelligence of related software.
Professor Hong Tao, director of the Institute of Business Economics of Beijing Technology and Business University, believes that the risks of "scanning code ordering" are mainly user information leakage and digital familiarization. In addition to industry self-regulation to solve this problem, technology is also a means to consider.
(In order to protect the privacy of the parties, both Su Ping and Li Wen in the text are pseudonyms)
Reporter Zhao Siwei and intern Duan Jingwen