As we all know, we are now fully immersed in an information society, where we can obtain more and more information, in order to discover new business and social opportunities which in turn relies on the large amount of data which has been created from our usage. However, during the collection of data for your convenience, your personal data security may have been infringed upon.

Recently, a Face-Swapping APP, which allows users to replace the face of a celebrity with that of their own, called ZAO, is extremely popular in China. Based on AI technology, after users upload images of their own faces, they can swap it with the face of a celebrity in films, TV series’ or other recorded videos and can then share the face swapped videos with their friends.

Early this year, a person also used the technology to swap the face of Yang Mi, an actress born in 1986, with another actress born in 1971, Zhu Yin, in the classic TV series The Legend of the Condor Heroes filmed in 1994.

There are two kinds of security concerns arising from this technology, how ZAO will use the information obtained and what if the technology is used for illegal purposes?


  • ZAO’s Terms of Service

From the moment ZAO first appeared, its original terms of service mentioned that before the user uploads and posts his/her facial data, he/she grants ZAO and its related companies the right to use the facial data for free globally.

The users of the APP, upon making the face-swapping videos, need to undergo several procedures for the authorization of the facial data, much like the facial verification procedures requested by banks and Alipay. Users should follow certain instructions such as lifting their heads up and down, side to side and opening their mouths.

As a result, since ZAO had recorded the faces of users and also had similar facial verification procedures in order to complete authorization, there were possibilities that they may abuse the use of the data obtained and infringe upon the legal rights and interests of users

Challenged by a flood of accusations online, ZAO changed its user agreement. According to the updated agreement, the facial data uploaded by the user will be limited to solely being used on the platform, and the relevant content will be saved on the platform in accordance with laws and regulations.


  • Risks of the Technology

In fact, AI face-swapping technology is not new. The technology that is used to produce the so-called deep fake videos involving the images of celebrities have already caused concern in China with many becoming increasingly worried that this deep fake technology could be used maliciously.

For example, criminals may use this technology to commit fraud, pretending to be the relatives of unbeknownst victims and claim money through video calls. In cases where criminals can be armed with a digitally swapped face, it is difficult for victims to figure out who they are really talking to.

In particular reference to the rapid adoption of facial scan payments in China, should criminals utilize this technology, they may be able to steal money as long as they have the person’s Alipay account and photo.

Alipay, one of China’s biggest digital payment platforms, responded to ZAO’s appearance by reassuring users that its security checks for facial recognition payment couldn’t be fooled by current face-swapping apps and even if there is a very minor probability that an incident of identity theft occurs, such a loss will be fully covered by insurance.


  • How is Your Data Security Protected?

According to Chinese Criminal Law, whoever, in violation of the relevant provisions of the State, sells or provides others with the personal information of a citizen with serious circumstances shall be sentenced to a fixed-term imprisonment of not more than three years or criminal detention and concurrently or separately sentenced to a fine; if the circumstances are especially serious, the person shall be sentenced to a fixed-term imprisonment of not less than three years but not more than seven years and concurrently sentenced to a fine.

Since the facial data of the users can be classed as personal information, if companies like ZAO sell or provide the facial data to other companies or organizations without legal permission, they may assume criminal liability.

According to Chinese Cyber Security Law, if network operators wanted to collect and use personal information, they shall follow the principles of legitimacy, rightfulness and necessity, disclose their rules of data collection and use, clearly express the purposes, means and scope of collecting and using the information, and obtain the consent of the persons whose data is gathered.

Where individuals discover that network operators gather or use their personal information in violation of the provisions of laws and administrative regulations or the agreements arrived at, they have the right to request the network operators to delete their personal information.


  • What Can We Do?
  1. Although few people actually do this, it is still necessary to read the Terms and Conditions before clicking “Agree”.
  2. Do not upload personal information on a relatively public platform.


In our information based society, it is unavoidable that our information will be known by strangers from different companies. When we are enjoying the convenience our society brings, we are also taking the risk of being harmed by the leakage of our sensitive information. In order to be savvy during the technology revolution, be aware, but don’t be scared.


*This article was published on the Nanjinger magazine on October 2019.