Are There Any Differences between WPS and Apple in Scanning Users’ Cloud Data?

(By You Yunting and Wang Ting) According to media reports[1] , the office software WPS recently got involved in a privacy case where one of its users alleged that WPS blocked his local and cloud files without any reasons and caused him unable to use them with the system showing that “they may contain something prohibited and are no longer accessible”. WPS replied that actually, it is the shared link of certain online files that is suspected of violating rules and WPS correspondingly invalidated the access to such link pursuant to laws. However, WPS was still criticized for its scanning users’ data.

It reminded me of a similar case involving Apple Inc. Last year, Apple announced it would scan, examine and report to law enforcement authorities pornographic information for children among users’ iCloud pictures outside China. This announcement aroused strong public opposition from a large number of groups and individuals that believed Apple committed privacy infringement. Months later Apple removed the plan[2] from its website and has not brought it back yet.

By referring to these two cases in different countries, we’d like to discuss about the various situations in which such scan towards users’ cloud data is legal, illegal or controversial, and the issues relating to relevant provisions in WPS User Agreement[3].

WPS is an office software that provides cloud storage services. Files created by users using WPS software are private, whether stored on their own computers or cell phones or WPS’s cloud server, unless they are available to the public. Also, users’ files and documents stored on their personal devices and Apple’s iCloud are private, so neither WPS nor Apple is entitled to scan without users’ prior consents or other legal causes.

In Civil Code of China, privacy is the peace of a natural person’s personal life and their private space, activities and information that they are reluctant to let others know. Every natural person has privacy that no person may infringe by spying, intervention, divulgence, disclosure, etc. In brief, local memories and clouds are private space, in which scanning means spying it.

The case of WPS blocking files differed from the Apple’s iCloud scanning plan in scanning triggered system. According to the statement by WPS, the scanning was triggered by users’ sharing files. However, the Apple’s iCloud scanning plan was to actively scan users’ photos in search of pornographic contents for children and report them to law enforcement authorities. Therefore, the scanning by WPS operator was triggered passively and that by Apple proactively.

The passively triggered scanning by WPS met the compliance requirements. As stated by Article 47 of Cyber Security Law of China, network operators should strengthen the management towards the information released by users and shall, upon discovery of any information being transmitted or published that violates any law or administrative regulation, immediately stop transmitting such information, take action to deal with this issue by removing the information, etc., prevent the spread of the information, retain relevant records and report to the authority concerned. Accordingly, WPS operator should scan users’ files being spread externally and is responsible for locking files in question to prevent them from being spread.

The proactive scanning by Apple is aimed to fight against children sex crimes. Considering Article 6 of the General Data Protection Regulation of the European Union, users’ iCloud data may be scanned in public interests. Article 41 of the Cyber Security Law of China provides that network operators should collect and use personal information by following the principles of legality, justification and rationality. Users’ data stored on iCloud are private, so it is not completely justifiable and reasonable to scan and report illegal contents. If the proactive scanning is allowed, the first target is children pornographic information, the second one may be pirated information and the third one may be information against political activities. This the reason why so many organizations and people in Europe and America oppose to that.

Regardless of the legality of the scanning by WPS, I would like to criticize their user agreement that grants it rights far beyond the extent permitted by law. As stated in subclause 2.2 of Article 5 (Users’ Acts) of Kingsoft Office Online Service Agreement, “For the contents uploaded, submitted, published, stored, sent, received, disseminated or shared by you while using the service, we shall only view, review, analyze and discuss by our own or entrust a third party under the premise of relevant laws, regulations, national policies and other provisions or the requirements of relevant government authorities, and shall have the right to provide such contents to relevant government organs for their review and use for their purposes .”

What is the problem? As stipulated by Article 47 of Cyber Security Law, network operators are obligated to examine content published or spread and prevent transmission of information banned by law or administrative regulation. The purport of this provision is that network operators can examine what has been “published” or “spread” or in other words, documents that other people have access to.

WPS User Agreement explicitly states that WPS is entitled to review and deal with “content uploaded, submitted, published, stored, sent, received, spread or shared”. The Cyber Security Law grants WPS rights to review content published or spread, but in addition to which WPS surpassingly claims rights to review content uploaded, stored or submitted. This is a violation of the principle of legality, justification and rationality in the Cyber Security Law because this is not completely justifiable or necessary.

With the internet growing more mature, privacy protection is becoming a more important concern of both eastern and western people. For internet companies that relies on privacy transfer in exchange for free services, how to respond to the change and use personal information and data legally, appropriately and reasonably is a challenge for years onwards.






Lawyer Contacts

You Yunting


Comments are closed.