Chinese e-commerce giant Alibaba has come under fire over its handling of user data. AFP reported that the company’s affiliate Ant Financial was forced to apologise last week after users said that its Alipay service was sharing data with Ant’s credit-scoring arm and other third-party services without their informed consent.

The Jack Ma-controlled Alibaba group is Ant Financial’s parent organisation. Ant provides mobile payments, lending and credit services to millions of Chinese consumers. The AFP report added that the issue saw prominent coverage on China’s state-controlled media.

Last week Ant Financial, the financial arm of Alibaba Group, launched its Alipay Annual User Footprint Report within its Alipay mobile wallet app, allowing users to look up how often they had used Alipay over the last year and for what purposes.

The South China Morning Post reported that the landing page of the user report had a box that was checked by default, consenting to the “Zhima Credit Service Agreement” that is required to use Ant Financial’s third-party credit scoring system. Users who did not notice the checked box would have agreed by default to opt into the Zhima Credit scoring service, known as Sesame Credit outside China.

Ant Financial has been accused of trying to expand its Sesame Credit user base by misleading users. The company issued a statement last week, saying it “erroneously left the box checked by default”.

“We are sorry for any potential confusion or misinformation as a result of this incident,” the company said.

The company also said that users who had previously opted to join Zhima Credit, by accidentally checking the box on the landing page of the Report will not be added to the Zhima Credit user database. The opt-in feature has been removed entirely from the report page.

(The lack of) Privacy in China

The Chinese government’s large-scale usage of video surveillance and collection of personal data pertaining to an individual’s finances, education and others, has led citizens to expect a lack of privacy.

“Because lots of information is already out there, everyone thinks there is no way to protect our personal information,” Yue Shenshan, the lawyer whose online posts helped highlight the Ant Financial issue told AFP. “But if we don’t focus on protecting our private information right now, the situation will only worsen.”

Similar concerns in India

Despite the Supreme Court ruling from late last year that Privacy was a fundamental right, major concerns still remain. The recent report of a serious breach in the Aadhaar data that allegedly made access available for a puny Rs 500 has raised a giant red flag.

But unlike the Ant Financial issue, your credit score isn’t accessible, right?

In October last year, the Reserve Bank of India appointed a task for developing a Public Credit Registry. The public credit registry will have unique identifiers for borrowers: Aadhaar for individuals, and Corporate Identification Number for companies. The new PCR is also looking to build credit profiles using “reputation collateral” for first-time borrowers by keeping a track of their digital transactions.

The nature of any breach of Aadhaar data may be further compounded if this gets linked to a credit registry. It has only been a few months since American credit rating agency Equifax had its data leaked. The leak comprises millions of Americans’ Social Security Numbers (SSNs), driving license numbers, and a couple hundred thousand credit card numbers, among other documents.