Attendees examine a display of Saros Z70 robot vacuums with OmniGrip mechanical arm technology that can move objects out of the way, at the Roborock booth during this year's CES in Las Vegas, Jan. 8. Reuters-Yonhap

The government should introduce tougher regulatory measures on Chinese firms operating in Korea by requiring them to host their server here or use data centers within Korean territory amid unceasing concerns over personal data leaks, experts and industry officials said Friday.

The rapid expansion of major Chinese companies — such as Roborock, Temu and BYD — has raised concerns. Security experts advise the Korean government to come up with strong countermeasures to prevent local customers from falling victim to potential data outflows to China or other countries.

"Korean authorities are advised to compel Chinese firms to set up their servers in Korea by strengthening relevant regulations," said Kim Ki-hyung, a professor of information and computer engineering at Ajou University.

He underscored the importance of introducing such rules, as an increasing number of Chinese firms expand their presence in Korea.

"Korea's regulatory levels are not as strict as those in Europe," Kim said. "The government should particularly strengthen monitoring on possible data leakage from the public sector and financial institutions."

The latest pressing issue has been triggered by Temu, a Chinese e-commerce platform which has decided to allow 27 third-party companies in six countries — Korea, the United States, Singapore, Japan, Australia and Indonesia — to process its Korean customers' personal information including addresses, phone numbers and customs codes under its new policy.

However, users who refuse to accept the policy will be unable to access the service. Previously, Temu required users to agree to providing data only for overseas payments.

The company explained the decision was aimed at "offering efficient services," but concerns over possible data leaks are showing no signs of abating here.

The policy of Roborock, the leader in the Korean robot cleaner market, is also raising concerns over personal data leaks. Under the firm's data policy, the Chinese intelligent robot vacuum cleaner maker is capable of sharing Korean customers' personal information to Tuya, a Chinese smart home platform operator.

In response to escalating concerns, Roborock Asia-Pacific General Manager Dan Cham acknowledged during Thursday's press conference in Seoul that there may be different interpretations of the wording in the policy. He added that the company is reviewing possible revisions to improve various terms and expressions.

People use their phones in front of the BYD Seagull that is displayed at the Auto Shanghai show in Shanghai, April 19, 2023. Reuters-Yonhap

BYD, the world's largest electric vehicle (EV) maker, also caused similar woes with its recent announcement of its plan to integrate DeepSeek software into its vehicles. BYD Korea said the vehicles with the software will only be available for sale in China for the time being.

However, as government authorities and companies in Korea have blocked access to DeepSeek's artificial intelligence (AI) chatbot service, the partnership between BYD and DeepSeek, in itself, raises security concerns here.

Other security experts also urged the government to take institutional steps promptly.

"Chinese firms will be reluctant to establish servers in Korea, so one realistic regulation is to mandate them to use data centers in Korea, such as those operated by Amazon Web Services," said Lee Ha-cheol, a professor of information technology at Yuhan University.

Local authorities are investigating a group of Chinese e-commerce players — such as AliExpress and Temu — to look into whether they have violated any rules on personal data collection here. According to the Personal Information Protection Committee, it will soon release results on its investigation into Temu.

Officials from the local IT industry urged the government to step up regulatory measures against Chinese firms on an equal footing with their Korean counterparts.

"Authorities in the United States and Europe take the issue much more seriously than their Korean counterparts," an industry official said.

"Korea should also take similar steps to prevent local customers from not being exposed to any risks of data leaks or hacking threats."