[Fact Check] Did Naver Really Leak Personal Information Overseas?

"Double Backup Is a Must to Prevent Data Loss"
Stored in Hong Kong, Recently Moved to Singapore

[Asia Economy Reporter Buaeri] Naver has been accused of risking the leakage of domestic users' personal information to the Chinese government by storing data on overseas servers located in Hong Kong. In response, Naver denied the allegations, stating that "there is absolutely no possibility of leakage."

Naver, Leakage of Users' Personal Information to the Chinese Government?

On the 20th, Kim Young-bae, a member of the Democratic Party of Korea, issued a press release confirming that "Naver has transferred the personal information of 32 million users to Hong Kong since October 2016." Kim expressed concerns that the Chinese government could censor or obtain the personal information of domestic users.

According to Kim, Naver collects sensitive information including essential personal data and size information of Naver Shopping users, and has been storing this data at the overseas branch of Naver Business Platform located in Hong Kong. However, with the enforcement of the Hong Kong National Security Law, Kim claims that the personal information of Korean users is at risk of being leaked.

The Hong Kong National Security Law, enacted by the National People's Congress of China and effective since the 1st of this month, stipulates in Articles 9 and 10 that the Hong Kong government must supervise and manage schools, social organizations, media, and the internet as necessary for national security. Accordingly, if information on portal articles or social networking services (SNS) is deemed harmful to national security, authorities can intervene and legally punish those involved with the posts. Authorities may also demand user information from SNS companies under the pretext of enforcing these provisions.

Kim stated, "It is unacceptable that the Chinese government can take our citizens' personal information without a warrant under the Hong Kong National Security Law," and urged, "An immediate investigation into Naver's collection and overseas transfer of personal information must be conducted."

"Zero Possibility of Leakage... Data Transferred to Singapore"

In response, Naver strongly denied the claims, calling them "completely untrue." Regarding the background of storing user data in Hong Kong, Naver explained, "Global IT companies back up data overseas as well to prevent data loss," adding, "Naver also performed multiple backups of user data." They stated that storing data on overseas servers as well as domestic servers to prepare for emergencies such as disasters is an industry practice.

Naver further emphasized that the possibility of data leakage is nonexistent. A Naver representative explained, "Personal information data among the backups stored domestically and abroad is strongly encrypted, so there is absolutely no chance for external third parties to access it," and added, "We have never received any requests from the Hong Kong government regarding information submission."

Regarding the Hong Kong National Security Law concerns raised by Kim, Naver said, "Considering various circumstances, we have changed the data backup location to Singapore," and added, "All backup data stored in Hong Kong was deleted earlier this month, and the servers have been formatted." As a result, Naver explained that no data remains in the problematic Hong Kong location, and since personal information data is encrypted and security is strictly maintained, Kim's claims are unfounded.