In June 2023, LVMH disclosed that a 2019-2020 cyberattack on its Tag Heuer brand compromised nearly 2,900 South Korean customers’ personal data. This breach, which also impacted global customers, highlights ongoing concerns about the security of personal information managed by international companies. The delayed notification underscores the difficulties South Korean consumers face when their data is handled by foreign entities lacking a domestic presence.
The breach has intensified worries about data privacy as more South Koreans engage with international online retailers. These concerns are compounded by the challenges of verifying compliance with security standards and ensuring adherence to domestic laws when data is stored overseas. For example, Temu’s privacy policy mentions the transfer of personal data to multiple countries, including the U.S. and the Netherlands, raising further privacy issues.
Previous issues, such as Alibaba’s data-sharing practices with numerous vendors, have also fueled calls for stronger data protection measures. Despite the introduction of an “Overseas Transfer Suspension Order” by South Korea’s Personal Information Protection Commission, there has been little enforcement of this measure. The commission’s “Overseas Transfer Expert Committee” has yet to make significant progress, leading to criticism of its effectiveness.
Experts suggest that South Korea should adopt stricter regulations similar to those in the European Union, which require permits for storing citizens’ data abroad. This could include mandating that foreign companies operating in South Korea store at least a portion of data on local servers to better protect consumer privacy.
Reference: