The Consumer Protection Committee, Executive Yuan ("CPC") approved the draftMandatory and Prohibited Provisions of Standard Contracts for Instant Messaging Service. The aim of the draft regulations is to reduce consumer disputes in relation to accounts being hacked or suspended, or in-app purchases (e.g., stickers) disappearing. The draft regulationswill come into effect in August 2017 at the earliest and the main points are as follows. 

1)     Specifically defining the term "instant messaging service"

To clearly establish the difference between instant messaging services and other online services (e.g., online games, social networking and video sharing), the draft regulations define the term instant messaging service as a closed communications service that users can transmit voice notes, images, text, data, computer files or other messages to other user(s) by using computers, smart devices or other electronic devices and through the Internet.  Based on the foregoing, all popular instant messaging apps in Taiwan such as LINE, WhatsApp, WeChat, Facebook Messenger, Skype, Yahoo! Messenger and Juiker will be subject to the draft regulations. 

2)     Disclosure of consumer information

Business operators have to disclose the following items to users: (a) their corporate names and contact details; (b) the content of contracts and services; (c) the ground(s) on which business operators may terminate the contract and suspend offering services; and (4) the consumer dispute resolution mechanism(s).

3)     Account management

In the event that a consumer's account is hacked, the business operator must notify theconsumer and discontinue his/her account, and then re-open the account after the consumer has changed his/her password.  In the event that a consumer removes the account on his/her own initiative, the business operator shall provide the consumer with an alert notification mechanism.  Moreover, if a consumer's account is deleted due to the consumer changing his/her terminal device or the account being hacked, the business operator has to aid theconsumer in recovering his/her account, prepaid amount and in-app purchases (e.g., stickers).

4)  Information security management

Business operators have to maintain system security.  In the event that the system is hacked or destroyed, business operators must adopt reasonable recovery measures.  If business operators are planning to suspend services for software/hardware maintenance, business operators shall inform customers thereof through bulletin posted on their official website, text messages, e-mails or push notification 7 days prior to the suspension of system, unless there is a force majeure event or an emergency situation.

5)     Ensuring the fairness of standard contracts.

Business operators shall not unilaterally amend the contract or change the services, and shall not terminate/rescind the contract at will.  Moreover, business operators shall not preclude their liabilities for damages in advance, and shall not ask consumers to waive the period for contract review or the right to terminate/rescind the contract. 

6)     Personal Data Protection

Business operators shall not ask consumers to waive the rights in respect of his/her personal data in advance or restrict them in exercising the foregoing rights.  Furthermore, business operators shall not stipulate that they may use consumers' personal data beyond the purpose(s) for which the data is collected. 

After the draft regulations are enacted, instant messaging service providers have to amend their terms of use so as to comply with the requirements mentioned above; otherwise, according to Paragraphs 4 and 5, Article 17 of the CPA, mandatory provisions will become a part of the standard contracts automatically, and provisions prohibited by the draft regulations will be held null and void.  If you have any questions, please do not hesitate to contact us.