[heroic]

We first contact the user if they don't pay despite calls/emails/push notification/sms for 45 days. Then we warn them for 15 days that their contacts will be asked to remind them of the bill, as per the terms. Finally we contact the contacts.

We do this to prevent having to file legal cases against the users as those can drag on for very long in India and are a pain for both parties

[La1n]

So it's basically blackmail? If you don't pay we will let your family and friends know? Cause the whole reminder thing sounds like a thin veil covering that, seeing as you remind them already. It's not about the reminder.

[toyg]

Social pressure is actually a big part of the success of microcredit initiatives. In many ways it mirrors arrangements that were common in the now-developed world at the time of the industrial revolution (i.e. your social circle would likely know about your outstanding debts, because anyone’s entire world was very restricted).

I wonder if this is a case of “internet friction”: Indian people would see no problem with such a behaviour, but one “western” person would be horrified (because this part of the world has largely moved on from those practices).

[Pedrit0]

In France for example, such a practice is totally illegal and you would have serious issues with justice if you tried to apply this policy. But most of all, and more broaldly, in Europe your app would be shamed publicly in media and no one would use it.

[BrandoElFollito]

I am not sure this is illegal in France. The fact that you share someone's contact means that you checked with them that this is ok. It is your (the one who shares) duty to do the check.

So it may not fall into the unsolicited mail clause.

This is of course independent on the fact that this is a despicable practice.

[marsokod]

When you collect contacts, shouldn't you state the purpose of the communication? If so, I would assume most of the contacts in the address book never consented to being contacted about the non-payment of the bill. So European citizens can't use the app legally.

[BrandoElFollito]

Yes, but you can always get back to them and ask for permission.

The point I am trying to make is that the person who is sharing the information takes the responsibility, not the application (which uses it as advertized, at least according to the quotes here as I did not read the tos myself).

[Pedrit0]

I am almost sure (I must admit I am a bit too lazy to search more deeply :-) ) that the new European regulation about data privacy makes it impossible. I have a cousin who his lawyer. I ll ask him tomorrow and get back here to tell you (just for curiosity... this is an interesting question)

[BrandoElFollito]

Thank you, I would be very interested. I will also ask our DPO when back from "vacation".

I mildly participated in the preparations for GDPR in my (large) company and the sharing of third party personal data was one of the points. It was a few years back so my memory may be at fault here.

[Pedrit0]

T'es Français ?

[BrandoElFollito]

Oué :)

[JeanMarcS]

Something sure is that when they (OP app) starts sending mail or SMS to user contact to shame him/her, it will definitely be unsolicited mail/sms.

Imagine you have a friend in debt and start receiving such notices ? They’re collecting private information on you (your name, your phone number or your email) without your consent.

IANAL but I’m pretty confident it falls under GDPR.

(Sans parler du fait que les mecs qui font ça sont quand même une belle bande d’enfoirés)

[BrandoElFollito]

Except if the app user went to their contacts to ask them for authorization, as they should do under EU law.

If they do not, they are to blame because they willingly shared the contacts. The app used them per their tos.

(et oui, je suis d'accord que c'est un vrai dick move, aparamment c'est une pratique courante en Inde pour ce genre d'apps)

[timwaagh]

Whatsapp surely doesn't contact anyones contacts to collect bills or harass people in other ways. The contacts have not agreed to be spammed for these purposes. Therefore it is understandable Google doesn't want you in their store, since these contacts are quite likely to be other google Android users and Google has an interest in protecting their user experience. I would suggest you remove this 'feature' and use a debt collecting agency instead. The reason they give is i think irrelevant. They keep using the same reason which means they don't want to spend anymore time on you. Maybe you could pay for a google consultant to have your app become compliant again.

[Pedrit0]

I can understand that the specificity of the Indian market can prompt this kind of policy. We, Westerners, would not like it for cultural reasons but we do not have to deal with the Indian reality... However your issue inspires me 2 thoughts:

- On strict business perspective, if your business model and your economic success rely on the ability to apply this policy, your business model has a problem.

- Google and Apple cannot cope with national specificities and their own policies are driven by western ethics and business logic. Do not expect it changes soon...

Maybe you should instead contract with; - a bank that accepts to insure your income even if your are not paid. - and a third party company in charge of recovery

[jamil7]

> Limit your collection and use of this data to purposes directly related to providing and improving the features of the app (e.g. user anticipated functionality that is documented and promoted in the app's description).

This is section seems relevant. It could be argued that whatsapp's use of a user's contacts is related to directly improving the user experience and functionality of the application itself by adding those of your contacts that have whatsapp installed. Your usecase is not directly related to the functionality of the application.

[heroic]

When giving loans, we have something called references, who are people the lender can request to get the loans repaid. We are using the user's contacts in the same way.

[jamil7]

A reference without their prior consent though, apart from the obvious unethical issues with doing something like this I can't see how it can possibly be legally binding if the referee had no say in the matter or signed any contracts?

[jeltz]

Well, this is obviously a different use case for what Whatsapp uses the contact list for. I really do not like Whatsapp's harvesting, but I can easily see why Google can make different calls on your app and Whatsapp. Especially since what you do could be construed as blackmail.

[heroic]

Google isn't citing the use case as issue:

This is what they told us as the reason:

Your app is uploading users' [Contact] information to [URL] without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use.

[lm2s]

See there's the problem. Harassing other people that are not responsible for your client debt.