[Column] Roborock Targeting Korea, Start by Managing Data Properly

"We acknowledge that there can be different interpretations of the policy (terms and conditions)."

On the 20th, at the launch event for a new product by Chinese robot vacuum cleaner company Roborock, executives responded this way to reporters' questions regarding concerns about consumer personal information collection and third-party transmission. Roborock explained that products released until 2020 send personal information to the US IoT company 'Tuya,' while products released afterward manage personal information by transmitting it to their own servers within the US, so information is not collected by the Chinese headquarters.

Considering the significant consumer anxiety about personal information protection, the response from the leading company in the domestic robot vacuum cleaner market was somewhat insufficient. According to Roborock’s publicly available ‘Privacy Policy,’ customer personal information may be shared with affiliates or other service providers. It does not specify exactly which companies this information is shared with. The particularly problematic part is that this sharing can occur without customer consent. No consumer would feel comfortable knowing their information is being sent to unknown companies without their agreement. Rather than a vague excuse that multiple interpretations are possible, practical measures to protect consumers by establishing multiple barriers for personal information protection are necessary.

Domestic companies clearly define customer consent procedures. They store data on domestic servers and implement multi-layered security measures such as encryption and local storage methods. They also clearly specify which companies personal information is shared with.

In China, under the Data Security Law, companies must provide data to the government if requested for national security reasons. This is why Chinese companies need to demonstrate greater cost, effort, and sincerity to alleviate overseas consumers’ concerns. For Chinese companies to advance further in the global market, they must first resolve the obstacle of consumer concerns about information leaks. No matter how innovative the product technology is, if there is a risk of arbitrary collection of customers’ personal information, consumers will inevitably hesitate to purchase. Recently, DeepSeek added an additional clause stating that ‘personal data will only be used within the scope permitted by law’ after controversies over personal information leaks in major countries such as Korea, the US, and Europe. However, the clause allowing transmission of collected information to affiliates and third parties still remains.

Our government also needs to strengthen management and supervision of personal information protection for both domestic and foreign companies. While many countries including the US, Europe, and China mandate government certification for AI and electronic products, the Korean government only issues recommendations. Amid growing consumer anxiety domestically, the government must also improve the national security certification system and strengthen the management framework to apply it to companies selling products domestically. The most important thing is consumer safety.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.