Welcome to WebmasterWorld Guest from 54.224.83.221

Forum Moderators: bill

QQ Ceases operation for EU residents

     
8:50 pm on Apr 12, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


QQ (in 2017 861M users) is a very popular messaging app in China. Wechat (in 2017 938M users) is the other popular messaging and app ecosystem in China. Both are from Tencent, Shenzhen, Guangdong province, China. QQ will cease operations 2018 May 20 for EU residents. There is no reason specified. There is no mention about the effects on Wechat.

Coincidentally EU's General Data Protection Regulation GDPR will come into full effect 2018 May 25. Both QQ and WeChat have been used in the past as evidence to charge and convict people in China. I cannot find any other reference concerning QQ or Wechat and GDPR.

[sqimg.qq.com...]
We are sorry to announce that for operational needs from 20 May 2018 QQi will no longer be available in Europe.

If you have any questions, please contact us through [Settings->About->Feedback]. Leave your E-mail for reply.

Spanish
Lamentamos informar que debido a necesidades operacionales, QQi no estará disponible en Europa desde el 20 de mayo de 2018.

Si tiene alguna pregunta, por favor contáctenos a través de [Configuración-> Acerca de-> Comentarios]. Deje su correo electrónico para responderle.

German
Wir müssen leider mitteilen, dass QQi ab 20 Mai 2018 zu betrieblichen Zwecken in Europa nicht mehr zur Verfügung stehen wird.

Wenn Sie irgendwelche Fragen haben, wenden Sie sich bitte an uns durch [Settings->About->Feedback]. Lassen Sie Ihre E-Mail-Adresse für eine Rückmeldung.

French
Nous regrettons de vous informer que QQi ne sera plus disponible à des fins opérationnelles en Europe à partir de 20 mai 2018.

Si vous avez des questions, veuillez nous contacter via [Settings->About->Feedback]. Veuillez laisser votre adresse e-mail pour recevoir une réponse.


GDPR [en.wikipedia.org...]
The regulation applies if the data controller, an organisation that collects data from EU residents, or processor, an organisation that processes data on behalf of a data controller like cloud service providers or the data subject (person) is based in the EU. The regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU. According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address

There are two possible options for those in the EU who would like to talk with people in China:
1. EU resident use VPN to North America/Other and use QQ: Would this be illegal?
2. Chinese resident use VPN to anywhere and use Facebook/other app: This is illegal in China.

Can anyone suggest any other options?

[edited by: TorontoBoy at 8:57 pm (utc) on Apr 12, 2018]

8:53 pm on Apr 12, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


This is a confession that they are doing unmentionable things :)
11:30 pm on Apr 12, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14905
votes: 649


Coincidentally
Insert ROFLMAO emoticon here.
4:07 am on Apr 13, 2018 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts: 15088
votes: 146


Can anyone suggest any other options?

Not sure how many of these might operate in China as they're fairly secure and end-to-end encrypted
  • Signal
  • Riot (Matrix)
  • Wire
  • Threema
  • Semaphor
  • Keybase
6:40 pm on Apr 14, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


Tencent may have had a change of heart, putting out a message yesterday on QQ that the current version of QQi 4.3 iOS and 5.3 Android will no longer work on 2018 May 20, but European users could upgrade to QQi 5.0 iOS/6.0 Android, when it becomes available.

I think this means that Tencent will upgrade QQi for Europe, but this upgrade is not yet released. The current versions of QQi are 4.8.7 iOS/ 5.3.1 Android. Let's hope they put out the new version before the 2018 May 20 deadline.

How Tencent will comply with Europe's GDPR I do not know.
7:14 pm on Apr 14, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


What I find strange, is that major companies are not yet ready for the GDPR. The GDPR has been decided in 2012 (6 years ago), the final text is from 2016 (2 years ago). So it left plenty of time, for companies to progressively adapt to these requirements.
8:55 pm on Apr 14, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


What is interesting is that my Chinese contact, who is in daily contact with her Euro friends, did not even know that GDPR existed nor what it did. She thought that this was new and that there might be some negotiation involved to stop QQ stoppage, though the decision was made in 2016. A search on Baidu did not initially reveal much info.

Tencent Holding has a 2017 revenue of $39.6BUS, similar to Facebook's 2017 revenue of $40.7BUS. Tencent, however, need not explain their privacy policy to their government or any other.
2:00 am on Apr 16, 2018 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts: 15088
votes: 146


I knew about GDPR, but had to tell lawyers on Japan what to look for. Some of them had no clue either as late as last year. There just isn't enough information available about how non-European companies are supposed to handle these sorts of rules and regulations. A lot of companies are looking to see how other companies will comply, and then plan to take action. There is a lot of confusion still.
7:39 am on Apr 16, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


There just isn't enough information available about how non-European companies are supposed to handle these sorts of rules and regulations

Non-EU companies have to be compliant with the EU GDPR rules, exactly as if they were EU companies. Now, how the EU can sue and fine a company which is not represented in the EU, that is another question. Some non EU companies can feel safe because of it, but I wouldn't count on it.
2:43 pm on Apr 16, 2018 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 25, 2003
posts:1143
votes: 284


It's my opinion only :) taken from various official and semi-official comments that the EU will phase the GDPR in with a two-fold initial emphasis: one, on companies with an actual physical EU presence and, second, with written warnings pointing out concerns.
Note: I have no idea what quiet back channel warnings have already been issued to the biggest most egregious web players.

However, by this time next year we all should have had example warnings and initial (minimal, non-max) penalties to reinforce whatever methodologies have been found to work that I expect (1) EU present sites will be expected to be compliant and enforcement will become harsher, especially for egregious 'example' sites, and (2) sites and apps frequented by EU citizens hosted with physical prensence only outside the EU will begin to see warnings.

What I have been waiting on, and am still waiting to see, is discussion (public) between the EU and non-EU countries - while the GDPR is at heart a personal privacy initiative it also has international trade rammifications. Which is the primary reason I expect the EU to start internally and then look outside. What I do not expect is some sudden compliance wall with business ending no warning to come crashing down upon our heads, not even within the EU.

That said, my compliance methodology, explanations, opt-ins is now live and I'm watching metrics with great interest.

Added:
I'm especially interested in how the new GDPR compliance methodologies will be received in regards to my Chinese hosted sites. Both by visitors and government organisations.
Note: I did run things by the CNNIC (China Internet Network Information Centre) within the MIIT (Ministry of Industry and Information Technology) prior to going live, however, 'things' are always subject to change...
3:38 pm on Apr 16, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


Tencent is based in Shenzhen, and listed in HK and Frankfurt. Their family of apps are global. They should be compliant, particularly because they collect personal information about every user.
2:18 pm on Apr 17, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


news from China:
QQ forced to escape from Europe at night, Ma Huateng: I can't afford so many fines [c.m.163.com...]

Google Translate:
On April 13, Tencent suddenly announced that it would stop QQ's service in Europe starting May 20, 2018. It is necessary to know that Ma Huateng made his fortune by relying on the instant messaging software QQ. He sat on the domestic hundreds of millions of users and dug into his own bucket of gold. Since then, he has also established Tencent's dominance in the social field. There is no doubt that Ma Huateng's service to shut down Europe is tantamount to taking a break. He was forced to do so, most likely because of the impact of European data protection and privacy policies (GDPR). (Source: Keller Ring Looks at the World)
2:30 pm on Apr 17, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


The thing is, stopping to operate in the EU is not enough. The GDPR applies to all data collected before May 25th too. The use, processing and storage of data collected before, also have to be compliant with the GDPR. Which means, for example that in fact, you shouldn't have the right to exploit data collected before this date, since you didn't obtained the explicit consent of users.
2:37 pm on Apr 17, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


Tencent operates outside of Europe. How will the EU enforce this? The data is now with the Chinese government, so now what? Even if Tencent destroys its data, there is no guarantee that all the EU data is gone.
4:21 pm on Apr 17, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


Tencent operates outside of Europe. How will the EU enforce this?

If the company owns assets in Europe (this can be anything, from a bank account, shares of another company, building, lands, or any other investments), the EU can block these assets or take them over to cover the fine, this can certainly be extended to the European assets of the owner(s). Of-course, this is extreme examples, which would be set up in extreme situations.
5:50 pm on Apr 18, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


I knew about GDPR, but had to tell lawyers on Japan what to look for. Some of them had no clue either as late as last year.


"Singapore, Japan, Korea among least prepared for new EU data laws" : [zdnet.com...]
11:05 pm on Apr 18, 2018 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts: 15088
votes: 146


Singapore has a lot more historical ties to the EU via Britain, and the international nature of their economy would have lead me to believe that they might have been better prepared. However, like Japan , and possibly Korea, they share an island mentality. They're isolated in terms of borders, and in the case of Japan and Korea they are also unique in their languages. There's often one way of doing things inside the country and the outside world often isn't considered, and if it is, it's distinctly separate.

Unlike China, Japan and Korea don't have quite as large a globally dispersed population who want to use a home grown system that deals with personal data in the way that QQ does. The possible exception in Japan is the LINE service that was made by a Korean company subsidiary in Japan.

I think that once we see some GDPR enforcement against companies outside the EU, then more of these companies will begin to realize what needs to be done. They need examples to follow. There are still companies here that think putting up one of those cookie warning notifications on their English website is sufficient for GDPR compliance.

However, the EU is going to have to be fairly careful about enforcement of GDPR outside their borders. It's easy to see how it could backfire on them and result in retaliatory measures.
11:59 pm on Apr 18, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


Hopefully GDPR compliance will not be what Tencent might do: completely disable their app for the EU. If Tencent cuts off access to QQ for the EU, what happens to all the data they have already accumulated and stored in China?

If an EU resident uses a VPN through North America and then use QQ, is Tencent no longer liable?
7:30 am on Apr 19, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


If an EU resident uses a VPN through North America and then use QQ, is Tencent no longer liable?

This is not the IP location which matters, but the citizenship of the user. So, yes, you are liable, if a EU citizen uses a VPN outside of the EU (same if a EU citizen travels, or lives outside the EU). However, remember that it concerns only personal data, so if the personal data collected are not giving enough information about the citizenship of the user (address, etc...), and the IP is ("was", because IP ranges can be bought and sold) not linked to a EU location, you can reasonably argue that you didn't know it was a EU citizen. But if this user, wants his data deleted, and prove he is EU citizen, you have to do it. (This is why at the end, it's easier to offer the same privacy coverage to all users, and not only EU citizens, finally, it will be more convenient for companies, than running different privacy levels, and risking to mess up).

(The GDPR applies to EU citizens, no matter where they live or travel, and I guess it also applies to non European citizens, who are living within the EU too)
2:56 pm on May 11, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


So far no news on Tencent releasing a new version of QQ International version specifically for GDPR.
6:33 pm on May 25, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


So 2018 May 20 and May 25 has passed and there is no change to QQ, but service has not stopped for the at least some Europeans. I do not know what this means for compliance. I'm pretty sure that the regular QQ is not compliant.
11:20 am on May 30, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


I confirmed that yesterday QQ and Wechat clients in Europe have had their access cut off from the rest of the QQ/Wechat community.
11:44 pm on June 2, 2018 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 397
votes: 33


solution: redownload QQ/Wechat, state a non-EU country! Probably not the intended effect of GDPR