my timesThe Korea Times
  1. Business
  2. Tech & Science

Kakao hit for mishandling customer data

Listen
By Kim Bo-eun
  • Published KST
  • Updated KST

By Kim Bo-eun

The latest series of scandals surrounding tech firms' mishandling of personal data is pointing to the need for proper regulations to be set up and for businesses to raise their awareness of the importance of protecting private information.

AI chatbot developer Scatter Lab recently came under scrutiny for a number of issues with its AI chatbot Lee Luda. One of the main issues was that the startup took data from another dating consultancy service it operated to develop the AI chatbot.

This became known after the AI chatbot began providing names, addresses and bank account numbers of app users in its answers.

The dating consultancy app provides advice to users after they submit excerpts of Kakaotalk conversations. The app has had 2.3 million downloads in Korea.

Scatter Lab earlier promoted the app as having collected 10 billion Kakaotalk conversations to power its AI technology.

Users of the app, however, were unaware of the fact that the Kakaotalk messages they submitted were being used to develop AI services.

Scatter Lab's AI chatbot Lee Luda / Captured from Scatter Lab's website

Scatter Lab stated that it did receive the consent of users. But this was done in a way that users were not fully aware of, as the startup only notified them that their data would be utilized and did not provide them a choice. In addition, Scatter Lab did not receive the consent of the other individual the user messaged in utilizing their conversations.

Shortly after Scatter Lab fiasco erupted, Kakao was also hit for poor handling of users' data. In Kakao's case, it failed to recognize location inputs on its map service as personal data.

This was discovered as a user of Kakaomap looked up IDs of people who posted restaurant reviews. Users were able to check the name, address and most visited key locations of other users. The data included the address of homes, offices, children's schools and restaurants.

Even after the revelation drew a strong backlash, Kakao stated that location data was "open information for any other user to view." It initially denied that location information could be used to identify individuals.

However, as the controversy grew, a governmental committee on personal data protection launched an inspection into the case. It advised Kakao to change its policy so that the location information would not be disclosed to other users. Kakao implemented the changes.

"It does not seem that the tech firms intended to mishandle the data," civic group Korean Progressive Network's policy activist Hyiu said. The organization is dedicated to protecting the rights to personal data.

"Basically, the cases appear to have occurred due to the absence of related regulations and guidelines and lack of awareness of the companies in protecting personal data. It goes to show how regulations have failed to keep up with the speed of technological development."

The government has pledged to come up with measures to prevent such cases from recurring, but appears to be concerned about possibilities of quashing the growth of the data industry, which it has named one of the key industries of growth.

But the civic activist said the issue should not be approached with a dichotomous view.

"People are ultimately the entities behind data and this is why this cannot only be regarded as a product to build an industry on. Tech companies will need to earn the trust of people for them to provide consent to using their data, which can then be used for technological development," she said.