Recently, an incident involving an app that deleted users’ photos has sparked widespread concern. Not only did users lose a significant amount of data, but more importantly, this has led people to realize a deeper issue: In a digital time, do users truly have control over their own privacy?
What happened?
Meituan, a Chinese e-commerce company specializing in lifestyle services, deleted photos from users’ phones. The event happened between March 17 and 20, 2026, during which numerous Android users reported that the Meituan app had deleted large numbers of stored photos and videos from their phones without authorization, including even secured files. System intercept logs clearly show that the deletion operations originated from Meituan, and the incident affects many mainstream Android models such as Huawei, Xiaomi, Honor, and iQOO. Users suffered significant losses. One user had 1,314 photos deleted, and she permanently lost 504 GB of family photos accumulated over more than six years. What’s more, another user’s important documents, such as ID cards and contracts stored in secure folders were damaged and could not be recovered. Even when some users attempted to restore files from the recycle bin, the files have already damaged.
Picture source: Rednote
Meituan’s official response stated that on certain Android versions of cell phones, a conflict with third-party plugins caused an anomaly during the clearing of the app’s internal cache data, and that did not involve the reading, storage, or leakage of personal information. They claimed the issue was fixed immediately, and that deleted files could be retrieved from the phone’s recycle bin. However, as the event spread online, some tech bloggers pointed out that this explanation did not hold water, as normal cache clearing should not involve the user’s photo album. Following the incident, Meituan promised to provide one-on-one technical support, cover data recovery costs, and compensate for losses.
Privacy is not merely a data issue; it is a right.
In traditional theory, privacy is regarded as a fundamental human right (Flew, 2021, p. 101). Alexandra Rengel argued that it can variously refer to the right to be left alone, the ability to protect oneself from unwanted access by others… (Rengel, 2013), which means it is a right to be free from interference by others. At the same time, it encompasses the control over personal information, the protection of private space, and the preservation of personal dignity and identity. Which means that deleting a user’s photos is not merely a technical issue, but a violation of the user’s right to control their privacy. In the internet environment, the privacy right has undergone a fundamental shift. It is no longer merely a matter of whether an individual is under surveillance, but about how data is collected, used, and even manipulated. Users increasingly felt a decline in their sense of their own freedom and right to privacy (Chen & Cheung, 2018, p. 279). This is precisely the root cause of the panic sparked by this event, users suddenly realized that they do not truly control their own data. The fact that the app can delete users’ photos on their phones makes users feel unsafe. Even if this time it was a technical issue, what about next time? Once privacy permissions are given away, users have no idea what platforms can do with their privacy data. And Android’s file management permissions have always been more open than iOS, which means application in phone can read and write storage space and may even start deleting personal files. Maybe this time it was just a “cache cleaning” issue, but who can guarantee that next time won’t delete something else by mistake or leak out something?
Why do users continue to use apps even though they are aware of the risks?
There is a classic concept: the Privacy Paradox, which means that although people say they care very much about privacy, they behave as if they did not (Francis and Francis, 2017, p. 46). Users may have kind of thought that although they are worried about privacy leaks, they cannot leave the platform because they cannot give up the convenience it provides. This explains why even when the photo deletion incident occurred, Chinese users still have not stopped using applications like Meituan that improve the quality of life. Meituan offers such a high level of convenience for daily life. For many people, the ability to have medications, household goods, and food delivered around 30 minutes without leaving home is the thing they are willing to risk their privacy for. Over the past decade, as the internet has become increasingly integrated with the real world, these types of apps have become an essential part of people’s daily lives, which means the user treating these platforms as basic infrastructure. As a result, users unconsciously develop a dependency on these platforms. For those users, they perceive the risk of privacy information leak as abstract, while the convenience for life is immediate. Moreover, some users believe that the cost of switching to an alternative platform is too high, they may feel it is more cost-effective to continue using a stable platform backed by a big company rather than switching to a completely unfamiliar one. And in terms of using online platforms, this paradox does not exist in isolation, research on social media has also shown that although users often have concerns about social media privacy, they generally maintain a positive attitude toward using social media (Chen & Cheung, 2018, p. 281). Take Facebook as an example: although Facebook was once exposed for leaking user privacy, when a user’s family and friends are all using Facebook to stay in touch, that user has no choice but to use it as well. Just as the telephone replaced letters as a means of communication, the emergence of such platforms has replaced older methods. In this context, the concept of “choice” becomes increasingly limited. From a market perspective, users may be able to find alternatives among current apps, and they have the right to stop using a particular platform. However, as mentioned earlier, the resulting economic and practical costs are often prohibitively high. This means that the use of these platforms may not be entirely voluntary, but rather driven by necessity. As a result, privacy risks not only are tolerated but also are forced into the norm, viewed as an integral part of daily digital life and even of reality itself. Over time, this mindset may further erode users’ expectations of privacy control, thereby reinforcing the vicious cycle of this paradox.
The platform’s “absolute” power
The platform’s “terms of service” are essentially a contract, not democratic rules. Additionally, platforms possess “virtually absolute authority to set rules.” This means that users are not “citizens” but rather “consumers” in the eyes of these platforms. (Suzor, 2019, pp.10-11). This kind of misalignment also leads to a key contradiction: users feel that the platform provides a private space in a public place, it often feels like we are in control, but in fact, it is a privately controlled system (Suzor, 2019, pp. 12–13). Which creates a core issue: our online lives actually take place in a privatized public space. These platforms control the flow of information, control who can see content, manage users’ private data, and even have access to users’ specific locations. Returning to this incident, it was not simply an event caused by technology, but an exposure of the platform’s excessively strong data control capabilities. Rachels (1975) identified two key concepts of privacy: accessibility and control. Accessibility is the ease of access by others to individual personal information, whereas control is the ability to set and maintain boundaries for such information and is a mechanism for deciding to whom and to what extent it is accessible (Chen & Cheung, 2018, p. 280). The key to these two dimensions is whether users can decide who can do what with their privacy. And the problem in this incident is that users have completely lost control. This also highlights the current issues surrounding online privacy, where users cannot know what platforms are doing with their private information or who can see it. And in this case, the most frightening aspect of the platform’s power is not just what it can deliberately do, but what it technically can do. Once an application has the ability to read, change, or even delete users’ local files, the relationship between the users and the platform is no longer just that kind of service provider and consumer, which means it becomes a highly asymmetric control relationship. In other words, the risk comes not only from malice but also from the permission system of those platforms themselves. If the platform continues to gain deeper access to users’ privacy data, users will gradually come to view handing over their private data to the platform for access, analysis, and intervention as a norm. If this trend continues, the issue will no longer be merely a loss of individual privacy but a shift in the norm of privacy. In other words, for users, the real danger is not a single accidental deletion caused by a technical error, but the fact that the public is slowly accepting this intrusion and subconsciously beginning to believe that the platform should be able to deeply manage their digital lives normally. It is the shift in mindset that truly undermines future privacy governance on the platform.
Why has there been such a strong reaction to this incident?
The incident touches on three levels of issues. First is the emotional level. This incident involves photos, which differ from ordinary stored data because they possess both informational and emotional value. They are both personal data and a vessel for memories. Therefore, the harm caused by the platform’s accidental deletion of photos goes beyond mere functional loss; it represents a disruption of individuals’ life pathways. This means that privacy is not merely data, but the users’ lives themselves. Second is the technical level. The losses caused to some users by this incident are irreversible. In digital time, people no longer keep physical backups of their digital files or photos. Mobile devices have already become personal databases, and irreversible data loss consequently implies the erasure of personal information. And there is an issue of excessive platform power. The incident reflects that such platforms can manipulate users’ data, which means the platforms can not only see users’ data, but can even delete or move it. The traditional problem in privacy used to be that private data was stolen, but now a new problem has emerged. Data is being sold to platforms without users’ knowledge or consent, leaving them at the mercy of those platforms. This marks a significant shift: the focus of privacy concerns has shifted from “protecting information” to “limiting power.” The most thought-provoking question raised by this incident is that, if an app is technically able to delete all your data, should it be allowed to do so? Taking it a step further, in a platform-dominated digital society, have we already ceded our “self-determination” to technological systems? Given these concerns, the question of accountability becomes unavoidable. A meaningful response to such incidents should go beyond technical fixes and compensation, which also requires a critical examination of why applications are granted such extensive permissions to manipulate users’ privacy data in the first place, and whether those permissions are justified. From a governance perspective, people’s concerns may suggest the need for stricter limitations on privacy data access and a clearer transparency standard about how permissions are used, and stronger safeguards against unintended consequences. Ultimately, the Meituan incident highlights a widespread contradiction that is gradually emerging in our platform-driven society: the tension between convenience and personal privacy. Nowadays, as digital services become increasingly integrated into our daily lives, users are constantly being asked to trade their control over their privacy for the convenience of a lower-cost lifestyle. This shifts the crucial question of the issue from whether users are willing to make this trade-off to whether they are fully aware that they are doing so, trading their privacy for convenience. Although many users have expressed their concerns about the boundaries of user privacy and the incident has garnered widespread attention, no satisfactory solution has been found to date. It is often said that the internet has no memory, if incidents like this are not addressed promptly, they may well continue to recur in the future.
Reference
Chen, Z. T., & Cheung, M. (2018). ‘Privacy perception and protection on Chinese social media: A case study of WeChat.’ Ethics and Information Technology, 20(4), 279–289
Flew, Terry (2021). ‘Privacy and Security.’ In Regulating Platforms. Cambridge: Polity. pp. 101-103
Rachels, J. (1975). Why privacy is important. Philosophy & Public Affairs, 4(4), 323–333.
Rengel, A. (2013). Privacy in the 21st Century. The Hague: Martinus Nijhoff Publishers.
Suzor, Nicolas P. (2019). ‘Who Makes the Rules?’ In Lawless: The Secret Rules That Govern Our Lives. Cambridge, UK: Cambridge University Press. pp. 10-24.
Be the first to comment