# Weixin Mini Program Privacy Protocol Development Guide

# I. Function introduction

Developers involved in the processing of users' personal information shall prompt users to read the privacy policy and other collection and use rules through obvious means such as pop-up windows.

WeChat requires developers to actively synchronize with the privacy policies of Weixin Mini Program that the current users of WeChat have read and agreed to the privacy policies of Weixin Mini Program before invoking the privacy interface provided by WeChat in order to regulate the personal information processing activities of developers and protect the legitimate rights and interests of users.

Particular note:

2023.08.22 Updated:

What are covered in the following guidelinesgetPrivacySetting、onNeedPrivacyAuthorization、requirePrivacyAuthorizeThe interface is currently able to access debugging normally. Debugging instructions:

1. Before September 15, 2023, configure__usePrivacyCheck__: truein apagejsonPrivacy-related features are enabled, and will not be enabled if not configured or configured to false.

2. After September 15, 2023, whether or not there is a configuration in apagejson__usePrivacyCheck__,Privacy-related features are enabled.

The interface usage can be seen below Full sample demo

2023.09.14 Update:

1. Privacy-related features are extended until 17 October 2023.Configure__usePrivacyCheck__: truein apagejson before October 17, 2023Privacy-related features are enabled, and will not be enabled if not configured or configured to false.After October 17, 2023, whether or not there is a configuration in apagejson__usePrivacyCheck__,Privacy-related features are enabled.

2. New official privacy authorization pop-up function, related functions refer to the following official privacy pop-up function explaination .

# II. Access Procedure

# 1. Configure < Weixin Mini Program User Privacy Protection Guidelines >

Developers need to configure the User Privacy Guidelines for Small Programs in the Weixin Mini Program Administration background. Detailed guidelines can be found in the User Privacy guidelines fill out the explaination .

It is important to note that the corresponding interface or component provided by the platform can only be invoked if the user information processed is declared in the guidelines. If not declared, the corresponding interface or component will be disabled directly.The relationship between the privacy interface and the corresponding processing information can be seen in: Weixin Mini Program Introduction to the user privacy guidelines .

Once configured, for each user using Weixin Mini Program, the developer needs to synchronize that the current user has read and agreed to collect usage rules such as the privacy policy of the Mini Program before calling the declared interface or component.The synchronized development approach is described below.

For users who have already synced, if a subsequent developer updates the configuration, there is no need to sync the older version with interfaces or components. For new interfaces or components created after an update, it needs to be resynchronized. For example, the version updated on July 11 included "collecting location information of your choice,"The user consent status was synchronized on July 12, and the "collect your WeChat steps" was added after the July 13 update, so the wx.chooseLocation interface can be called without synchronizing again, but the wx getWeRunData interface cannot be called.

# 2. Actively query the privacy authorization sync status and display the privacy protocol

Support from the base library 2.32.3

Developers can query the privacy policy information recorded on the WeChat side of the wx.getPrivacySetting interface to see if the user has yet to consent to the privacy policy.This information is available by returning the needAuthorization field in the result res.

At the same time, the [wx.getPrivacySetting]]]((wx.getPrivacySetting)) interface returns the developer's name information for the Mini Program user privacy guidelines configured in the Weixin Mini Program administration background, which the developer can call wx.openPrivacyContract Interface opens the page.

If there is privacy policy information that is subject to user consent, developers need to proactively prompt users to read the privacy policy and other collection rules. For prompting methods, Weixin Mini Program developers can design themselves and need to use it in the relevant interface.< button open-type = "agreePrivacyAuthorization" > component. When a user touches the < button > component, indicating that the user has read and agreed to the cookie's privacy policy and other collected usage rules, WeChat receives this synchronization information, and the developer can then use the component's [[]]bindagreeprivacyauthorizationevent callback calls the declared privacy interface.

Code examples

<!-- page.wxml -->
<view wx:if="{{showPrivacy}}">
  <view>隐私弹窗内容....</view>
  <button bindtap="handleOpenPrivacyContract">查看隐私协议</button>
  <button id="agree-btn" open-type="agreePrivacyAuthorization" bindagreeprivacyauthorization="handleAgreePrivacyAuthorization">同意</button>
</view>

// page.js
Page({
  data: {
    showPrivacy: false
  },
  onLoad() {
    wx.getPrivacySetting({
      success: res => {
        console.log(res) // 返回结果为: res = { needAuthorization: true/false, privacyContractName: '《xxx隐私保护指引》' }
        if (res.needAuthorization) {
          // 需要弹出隐私协议
          this.setData({
            showPrivacy: true
          })
        } else {
          // 用户已经同意过隐私协议，所以不需要再弹出隐私协议，也能调用已声明过的隐私接口
          // wx.getUserProfile()
          // wx.chooseMedia()
          // wx.getClipboardData()
          // wx.startRecord()
        }
      },
      fail: () => {},
      complete: () => {}
    })
  },
  handleAgreePrivacyAuthorization() {
    // 用户同意隐私协议事件回调
    // 用户点击了同意，之后所有已声明过的隐私接口和组件都可以调用了
    // wx.getUserProfile()
    // wx.chooseMedia()
    // wx.getClipboardData()
    // wx.startRecord()
  },
  handleOpenPrivacyContract() {
    // 打开隐私协议页面
    wx.openPrivacyContract({
      success: () => {}, // 打开成功
      fail: () => {}, // 打开失败
      complete: () => {}
    })
  }
})

From the base library 2.3.3 versions, privacy consent button support and mobile phone number rapid verification component , Mobile phone number real-time verification component is used in conjunction with ']] or [[]] `。

Support is also provided for the privacy consent button to be used in tandem with the user information component to call as ']] '

sample code

<!-- page.wxml -->
<button id="agree-btn1" open-type="getPhoneNumber|agreePrivacyAuthorization" bindgetphonenumber="handleGetPhoneNumber" bindagreeprivacyauthorization="handleAgreePrivacyAuthorization">同意隐私协议并授权手机号</button>

<button id="agree-btn2" open-type="getRealtimePhoneNumber|agreePrivacyAuthorization" bindgetrealtimephonenumber="handleGetRealtimePhoneNumber" bindagreeprivacyauthorization="handleAgreePrivacyAuthorization">同意隐私协议并授权手机号</button>

<button id="agree-btn3" open-type="getUserInfo|agreePrivacyAuthorization" bindgetuserinfo="handleGetUserInfo" bindagreeprivacyauthorization="handleAgreePrivacyAuthorization">同意隐私协议并获取头像昵称信息</button>

// page.js
Page({
  handleAgreePrivacyAuthorization() {
    // 用户同意隐私协议事件回调
    // 用户点击了同意，之后所有已声明过的隐私接口和组件都可以调用了
    // wx.getUserProfile()
    // wx.chooseMedia()
    // wx.getClipboardData()
    // wx.startRecord()
  },
  handleGetPhoneNumber(e) {
    // 获取手机号成功
    console.log(e)
  },
  handleGetRealtimePhoneNumber(e) {
    // 获取实时手机号成功
    console.log(e)
  },
  handleGetUserInfo(e) {
    // 获取头像昵称成功
    console.log(e)
  }
})

# 3. Passive listening privacy interfaces require user authorization events

Support from the base library 2.32.3

Weixin Mini Program developers in addition to their own judgment of the timing, prompting users to read the privacy policy and other collection and use rules, but also through Weixin Mini Program wx.onNeedPrivacyAuthorization interface to listen when you need to prompt the user to read the privacy policy.This event is triggered when the user triggers a privacy interface call that the WeChat side does not record consent to.Developers can prompt users to read the privacy policy when the event is triggered.

It is important to note that for the < input type = nickname > component, due to the peculiarities of < input >, if the user does not agree to the privacy agreement, the ' 'focuses without triggering an onNeedPrivacyAuthorization event, but instead is downgraded to < input type > text >.

In addition, WeChat provides the wx.requirePrivacyAuthorize interface that can be used to simulate privacy interface calls.

Code examples

// page.wxml
<view wx:if="{{showPrivacy}}">
  <view>隐私弹窗内容....</view>
  <button id="agree-btn" open-type="agreePrivacyAuthorization" bindagreeprivacyauthorization="handleAgreePrivacyAuthorization">同意</button>
</view>

// page.js
Page({
  data: {
    showPrivacy: false
  },
  onLoad() {
    wx.onNeedPrivacyAuthorization((resolve, eventInfo) => {
      console.log('触发本次事件的接口是：' + eventInfo.referrer)
      // 需要用户同意隐私授权时
      // 弹出开发者自定义的隐私授权弹窗
      this.setData({
        showPrivacy: true
      })
      this.resolvePrivacyAuthorization = resolve
    })

    wx.getUserProfile({
      success: console.log,
      fail: console.error
    })
  },
  handleAgreePrivacyAuthorization() {
    // 用户点击同意按钮后
    this.resolvePrivacyAuthorization({ buttonId: 'agree-btn', event: 'agree' })
    // 用户点击同意后，开发者调用 resolve({ buttonId: 'agree-btn', event: 'agree' })  告知平台用户已经同意，参数传同意按钮的id
    // 用户点击拒绝后，开发者调用 resolve({ event:'disagree' }) 告知平台用户已经拒绝
  }
})

# 4. Empty the historical synchronization state

When the user removes the Mini Program from the "WeChat drop-down - Recent - Recently Used Weixin Mini Program," the history synchronization state is emptied. The next time you visit the Mini Program, you need to re-sync the current WeChat user who has read and agreed to the Mini Program's privacy policy and other collected usage rules.

Developers can debug this way, or they can empty the historical synchronization state in the Developer Tools by Clearing Emulator Cache - Clearing Authorized Data.

# III. Additional Notes

• Base libraries below 2.3.3 do not integrate privacy-related features and do not intercept privacy interface calls.

# IV. Full sample demo

Demo 1: Demo usingwx.getPrivacySettingand ' ' to handle privacy pop-up logic on the home page https://developers.weixin.qq.com/s/gi71sGm67hK0

Demo2: Demo usingwx.onNeedPrivacyAuthorizationAnd ' ' handle privacy pop-up logic on multiple pages, while demonstrating how to handle multiple privacy interface calls simultaneously. https://developers.weixin.qq.com/s/hndZUOmA7gKn

Demo3: Demowx.onNeedPrivacyAuthorization、wx.requirePrivacyAuthorize、<button open-type="agreePrivacyAuthorization">And` 'How components can be combined https://developers.weixin.qq.com/s/jX7xWGmA7UKa

Demo 4: Demonstrates usingwx.onNeedPrivacyAuthorizationand ' ' to handle privacy pop-up logic across multiple tabBar pages https://developers.weixin.qq.com/s/g6BWZGmt7XK9

# V. Common Error Handling

• { "errMsg": "A:fail api scope is not declared in the privacy agreement", "errno": 112 }The A privacy interface is used, but the developer does not declare the privacy type corresponding to the A interface in the "MP background - settings - service content declaration - user privacy protection guidelines." The supplementary Privacy Type Statement will take effect in 5 minutes.

• { "errMsg": "A:fail AppID privacy api banned" }The A privacy interface was used, but the developer ticked "no privacy" during the mp arraignment, or did not declare the privacy agreement, and the interface calling permission was recovered by the platform.

# VI. Instructions for the official privacy window function

In order to make it easier for developers to complete the Weixin Mini Program privacy compliance requirements, in addition to the above guidelines for privacy protocol development, the platform also provides an official privacy authorization pop-up.This popup will be available after privacy-related features are enabled (after October 17, 2023 or after the developer has configured__usePrivacyCheck__: true, no need for developers to adapt development, automatically show to C-end users.The logic is as follows:

When a developer calls a privacy-related interface, WeChat determines whether the call needs to trigger the wx.onNeedPrivacyAuthorization event, and if the developer does not respond after the trigger, WeChat will actively pop up an official pop-up window.If the user agrees, the interface will perform the next call logic normally; If the user refuses, an error will be reported.

It is important to note that users may refuse the official privacy authorization pop-up, In order to avoid excessive pop-ups disturbing users, when the developer calls the privacy interface again, if less than 10 seconds after the previous user's rejection, the pop-up will no longer be triggered, and the developer will directly give the user the error of refusing the privacy authorization pop-up.

The official privacy pop-up will come in two styles:

1. Coupled style with authorization window: Under this window, the user needs to tick the privacy protocol to allow permission, and if the user refuses in the window, the error message is user refuse (error code 103).

2. Direct pop-up style: The user side directly addresses the authorization of the privacy protocol. If the user refuses in the pop-up, the error message is that the user did not agree to the privacy protocol (error code 104).

Coupled styles with authorized panes will be supported in subsequent versions of the base library (supported versions will be updated later), and all panes will have a direct pane style in the low version base library.