Companies Using Servers in Hong Kong Exposed to Data Leakage
The Hong Kong national security law which came into effect on July 1 has unexpectedly raised concerns about leakage of Korean internet users’ personal data to China.
Naver, Korea's largest portal, has been embroiled in controversy over its handling of personal information. Naver transferred some of its Korean user information to a Hong Kong-based server through NBP Pacific Asia, an overseas affiliate of its subsidiary Naver Business Platform (NBP), in preparation for disasters or accidents. A lawmaker expressed concerns on July 20 that the transferred data could be leaked to China due to the implementation of the Hong Kong national security law.
“I have confirmed that Naver has transferred personal information of 32 million Korean users to Hong Kong without their consent since October 2016," said Kim Young-bae, a lawmaker of the ruling Democratic Party of Korea. "As the Hong Kong national security law has taken effect, the personal information of Korean users is in danger of being leaked to China."
Naver immediately refuted the claim, saying, "Naver has changed the country of data backup from Hong Kong to Singapore so that user data can be stored and managed more safely. All previously stored backup data in Hong Kong was deleted in early July and the server was completely formatted."
The problem is that in addition to Naver, which has already completed the server transfer, a number of Korean companies manage some of their data, including users’ personal information, through servers or entrusted companies in Hong Kong. For example, Kakao manages some data (mobile phone numbers) used for authentication when signing up for Kakao Talk services through a company in Hong Kong.
However, Kakao said that there is no problem with its handling of such information. "Kakao does not have a separate server in other countries including Hong Kong," a Kakao official said. "Only mobile phone numbers of some users, including overseas users, are handled by entrusted companies abroad."
Companies transferring data overseas through foreign companies such as Microsoft Azure and Amazon Web Services (AWS) which have servers in Hong Kong may be exposed to data leakage to China under the Hong Kong national security law. For example, a large Korean company manages its data using AWS servers in Japan, Singapore, Hong Kong, Sydney and the United States through virtual private networks (VPNs).