Online purchase of condoms harassed by delivery personnel: How does the law uphold your "privacy shield"?
In April 2025, a Ms. Wang in Chengdu purchased condoms through an e-commerce platform but received a harassing text from the delivery driver saying, "12 pieces, take care of your health." The incident sparked widespread public concern over privacy protection in online shopping. When privacy breaches and harassment intertwine, how can consumers use legal tools to defend their rights?
I. Legal Characterization: The "Triple Illegality" of the Delivery Driver's Harassment
1. Criminal Risk of Violating Citizens' Personal Information Law
According to Article 253 of the Criminal Law, if a delivery person illegally obtains user order information (including product names, addresses, phone numbers, etc.) through system vulnerabilities in the platform, they may be suspected of the crime of infringing on citizens' personal information. In the Chengdu case, although the platform used virtual numbers, the delivery person still obtained real numbers through some means, exposing flaws in system permission management.
2. Administrative penalties under the Public Security Administration Punishments Law
According to Article 42 of the Public Security Administration Punishments Law, sending harassing messages that interfere with others' normal lives is punishable by up to five days of detention or a fine of up to 500 yuan; for more serious cases, detention of five to ten days is imposed. In the Fucheng You case, a food delivery rider was administratively detained for five days for repeatedly sending sexually suggestive text messages.
3. Compensation obligations under civil tort liability
According to Article 1165 of the Civil Code, harassing behavior constitutes an infringement on personality rights, and victims may claim compensation for mental damages. If Ms. Wang from Chengdu files a civil lawsuit, she can demand compensation from the delivery person for medical expenses (such as psychological counseling fees), lost wages, and mental distress damages.
II. Path to Rights Protection: A "Four-Step" Process from Evidence Collection to Judicial Remedy
1. Evidence Fixation: Building an "Electronic Evidence Chain"
Instant Screenshots: Save harassing messages and call records (must show caller ID and timestamps), such as the "12" SMS screenshots retained by Ms. Wang in the Chengdu case.
Platform Data Retrieval: Request e-commerce platforms to provide order encryption records, delivery personnel identity information, and system operation logs.
Third-Party Evidence Collection: Use "trusted timestamp" services to solidify electronic evidence, preventing platform data tampering.
2. Platform Complaints: Activating the "Internal Accountability Mechanism"
Dual-Pronged Approach: Simultaneously file complaints with shopping platforms (e.g., Taobao) and delivery platforms (e.g., Ele.me), requesting an explanation of the implementation of the "Privacy Protection Agreement."
Time-limited accountability: According to Article 77 of the E-Commerce Law, the platform must initiate an investigation within 48 hours, otherwise it may face administrative penalties.
3. Administrative complaints: Leveraging the "regulatory lever"
Appeal to the Postal Administration: Submit evidence through the "Postal Consumer Complaints" WeChat platform to request an investigation into the delivery company. Historical cases show that an apology from the company's executives can be obtained within three days.
Market supervision department intervention: According to Article 56 of the Consumer Protection Law, file a complaint against the platform for failing to fulfill its legal obligation to "adopt technical measures to protect consumer privacy."
4. Judicial relief: Choosing the "optimal dispute resolution path"
Private criminal prosecution: If the harassment is accompanied by threats or extortion, a private criminal prosecution can be filed in court to seek accountability under Article 293 of the Criminal Law for the crime of picking quarrels and provoking trouble.
Civil public interest litigation: In response to systematic platform data leaks, individuals can jointly apply to the procuratorate for personal information protection public interest litigation, as seen in the "first data leak case" heard by the Hangzhou Internet Court in 2023.
III. Liability Determination: Unraveling the Privacy Protection Dilemma of "Cross-Platform Collaboration"
1. The "Source Liability" of Shopping Platforms
According to Article 9 of the Personal Information Protection Law, platforms, as data processors, must conduct compliance audits on the data usage of their partners. In the Chengdu case, although Taobao provided privacy-protected shipping labels, it failed to implement tiered access control for the data access rights of partner delivery platforms, making it difficult to evade responsibility.
2. The "End Liability" of Delivery Platforms
If a delivery app has technical flaws such as "unencrypted order caches," it must bear liability for violations under Article 42 of the Cybersecurity Law. Ele.me customer service once responded that "delivery slips for contraceptive products never display product details," but information leaks still occurred in practice, exposing technical vulnerabilities.
3. Rider's "Direct Responsibility"
For those who maliciously obtain information, the platform should terminate the labor contract in accordance with Article 39 of the Labor Contract Law and include them in the industry blacklist. In the Chengdu case, the convenience store involved has added the rider to the system blacklist, prohibiting them from accepting any orders.
IV. Prevention Mechanism: Three Pillars for Building a "Privacy Protection Net"
1. Upgraded Technical Protection
Dynamic Virtual Numbers: Adopt a "one order, one number" mechanism that automatically expires after delivery, such as Meituan's "Privacy Protection 2.0" system.
Biometric Pickup: Pilot facial recognition combined with order number dual verification at community self-service lockers to block delivery personnel's access to user information.
2. Industry Standards Improvement
Establish delivery personnel credit files: Include harassment behavior in personal credit records, such as the "Red, Yellow, Blue" credit rating system implemented by SF Express.
Promote privacy insurance: Platforms can insure high-risk orders (such as contraceptive products), with insurance companies providing compensation first in case of leaks.
3. Consumer Education Enhancement
Privacy settings self-check: Enable a "Privacy Protection Level" query entry within the app, prompting users to disable permissions such as "Allow third parties to read order information."
Emergency response training: Collaborate with the Women's Federation and the 12355 hotline to conduct "Anti-harassment Self-rescue Courses," teaching users how to deter harassers through methods like "recording evidence" and "virtual alarm."
Conclusion: The leap from "passive rights protection" to "active defense"
The Chengdu case exposes not only the moral misconduct of a single delivery worker, but also the privacy governance shortcomings of the entire online shopping ecosystem. Consumers must remember: in the face of harassment, silence is not golden—evidence is the shield. From saving every harassing text message to questioning the platform's technical vulnerabilities, every act of insistence drives the evolution of industry rules. When law, technology, and civic awareness join forces, the "last 100 meters" of online shopping can truly become a safe zone.