Stories with Tag Privacy Violation

• South Korean regulator accuses DeepSeek of sharing user data with ByteDance

  permalink

  Posted: 2025-02-18 20:29:16

  Verbose tl;dr

  South Korea's Personal Information Protection Commission has accused DeepSeek, a South Korean AI firm specializing in personalized content recommendations, of illegally sharing user data with its Chinese investor, ByteDance. The regulator alleges DeepSeek sent personal information, including browsing histories, to ByteDance servers without proper user consent, violating South Korean privacy laws. This data sharing reportedly occurred between July 2021 and December 2022 and affected users of several popular South Korean apps using DeepSeek's technology. DeepSeek now faces a potential fine and a corrective order.

  The South Korean Personal Information Protection Commission (PIPC) has leveled accusations against DeepSeek, a Seoul-based artificial intelligence firm specializing in personalized fashion recommendations, alleging that the company illicitly transferred personal data belonging to South Korean users to ByteDance, the Chinese parent company of the popular social media platform TikTok. The PIPC's investigation, culminating in a public announcement on July 12, 2024, asserts that DeepSeek transmitted sensitive user information, including shopping history, preferences, and even precise location data, to ByteDance without securing explicit and informed consent from the affected individuals. This alleged data transfer commenced in November 2021 and continued until June 2022, impacting an estimated 3.9 million South Korean users of DeepSeek's fashion recommendation app.

  The PIPC's contention is that DeepSeek violated South Korea's Personal Information Protection Act by failing to adequately inform users about the international transfer of their personal data and by neglecting to obtain their explicit consent for such a transfer. The regulator emphasizes the sensitivity of the collected data, which included highly personalized information about users' shopping habits, preferences, and real-time locations, potentially exposing individuals to privacy risks. Furthermore, the PIPC expressed concern about the potential misuse of this data, particularly given ByteDance's Chinese ownership and the complexities surrounding data governance and access under Chinese law.

  As a result of these alleged infractions, the PIPC has imposed a corrective order on DeepSeek, mandating the company to rectify its data handling practices and enhance user privacy protections. Additionally, the regulator has levied a financial penalty of 113 million Korean won (approximately US$87,000) against the company. DeepSeek, however, disputes the PIPC's findings and maintains that its data practices were in compliance with relevant regulations. The company claims to have anonymized the transmitted data, thereby rendering it non-personal and outside the purview of the Personal Information Protection Act. DeepSeek has indicated its intention to challenge the PIPC's decision and pursue legal recourse to defend its position. The case underscores growing concerns globally regarding data privacy, particularly in the context of cross-border data transfers and the potential implications for individual user rights and security.

  • South Korea
  • Data Privacy
  • deepseek
  • ByteDance
  • TikTok
  • User Data
  • data sharing
  • Regulation
  • personal information
  • Technology
  • Privacy Violation
  • Data Security
  • International Data Transfer
  • artificial intelligence
  • AI

  Summary of Comments ( 125 )
  https://news.ycombinator.com/item?id=43094651

  Verbose tl;dr

  Several Hacker News commenters express skepticism about the accusations against DeepSeek, pointing out the lack of concrete evidence presented and questioning the South Korean regulator's motives. Some speculate this could be politically motivated, related to broader US-China tensions and a desire to protect domestic companies like Kakao. Others discuss the difficulty of proving data sharing, particularly with the complexity of modern AI models and training data. A few commenters raise concerns about the potential implications for open-source AI models, wondering if they could be inadvertently trained on improperly obtained data. There's also discussion about the broader issue of data privacy and the challenges of regulating international data flows, particularly involving large tech companies.

  The Hacker News post titled "South Korean regulator accuses DeepSeek of sharing user data with ByteDance" has several comments discussing the implications of the accusation and the broader context of data privacy concerns surrounding TikTok and its parent company, ByteDance.

  Several commenters express skepticism about DeepSeek's claim of anonymizing data, pointing out the difficulty of truly anonymizing data, especially given the potential for re-identification through various means. One commenter specifically mentions differential privacy as a potential solution, but also acknowledges its limitations and the expertise required to implement it correctly.

  The discussion also touches upon the regulatory landscape, with commenters noting the increasing scrutiny faced by companies like ByteDance regarding data collection and usage practices. Some comments highlight the perceived double standard applied to Chinese companies compared to Western companies, while others argue that such concerns are valid given the Chinese government's potential influence over its companies.

  A few commenters delve into the technical aspects of data collection, discussing the types of data collected by apps like TikTok and the potential uses of such data. One commenter mentions the collection of sensor data and its potential use for inferring sensitive information about users.

  Some of the more compelling comments include those that analyze the geopolitical implications of these data sharing accusations, suggesting that these issues are not solely about privacy but are also intertwined with international relations and economic competition. They raise concerns about potential data exploitation for purposes beyond targeted advertising, such as surveillance and national security.

  There's also a discussion regarding the responsibility of app developers and platforms in ensuring data privacy. Commenters debate the effectiveness of current regulations and the need for stronger enforcement to protect user data.

  Overall, the comments reflect a general concern about the increasing collection and potential misuse of user data by tech companies, particularly those with ties to foreign governments. The DeepSeek case is viewed by many commenters as another example of the challenges in balancing data-driven innovation with individual privacy rights and national security concerns.

• DA, sheriff, who shared woman's nude photos on phone are covered by QI

  permalink

  Posted: 2025-02-14 15:16:56

  Verbose tl;dr

  An Oregon woman discovered her private nude photos had been widely shared in her small town, tracing the source back to the local district attorney, Marco Bocci, and a sheriff's deputy. The photos were taken from her phone while it was in police custody as evidence. Despite the woman's distress and the clear breach of privacy, both Bocci and the deputy are shielded from liability by qualified immunity (QI), preventing her from pursuing legal action against them. The woman, who had reported a stalking incident, now feels further victimized by law enforcement. An independent investigation confirmed the photo sharing but resulted in no disciplinary action.

  In a deeply unsettling incident unfolding in Polk County, Oregon, a woman's private nude photographs were disseminated without her consent, becoming the subject of local gossip and speculation. The subsequent investigation revealed a tangled web of inappropriate conduct involving individuals entrusted with upholding the law. The source of the leak was traced back to the District Attorney, Aaron Felton, and the Polk County Sheriff, Mark Garton. These officials, it appears, obtained the images from the woman's impounded cellphone, which had been seized as evidence in a separate criminal case against her. Disturbingly, instead of treating the sensitive material with the discretion and professionalism their positions demand, Felton and Garton are alleged to have shared the photographs with others, leading to their widespread circulation within the community.

  The Oregon Department of Justice, recognizing the gravity of the situation and the potential violation of public trust, launched an investigation into the matter. Their findings, however, offer a measure of legal protection to the accused officials. Due to the specific circumstances under which the photographs were obtained – namely, during the execution of a legally authorized search and seizure – Felton and Garton are shielded from criminal prosecution by qualified immunity, a legal doctrine that shields government officials from liability in civil lawsuits unless their conduct violates clearly established statutory or constitutional rights, and there is no question about their conduct violating a clearly established law. While the DOJ's investigation confirmed the sharing of the intimate images, it concluded that this act did not constitute a clear violation of established law, thereby triggering the qualified immunity protection.

  This conclusion leaves the woman, whose privacy was so egregiously violated, without a clear legal recourse against the officials who allegedly perpetuated the dissemination of her personal photos. The case highlights the complex interplay between privacy rights, law enforcement procedures, and the scope of qualified immunity, raising questions about the adequacy of existing legal frameworks to address such breaches of trust, particularly when perpetrated by those sworn to uphold the law. The fact that the photos were obtained legally during a seizure does not excuse the subsequent misuse and sharing of highly personal and sensitive material, raising ethical concerns alongside the legal ones. The situation underscores the potential for abuse of power even within the confines of legally obtained evidence and further highlights the vulnerability of individuals whose personal information comes into the possession of law enforcement.

  • Oregon
  • crime
  • District Attorney
  • Sheriff
  • Nude Photos
  • Privacy Violation
  • Cell Phone
  • Data Privacy
  • Misconduct
  • law enforcement
  • accountability
  • Qualified Immunity

  Summary of Comments ( 77 )
  https://news.ycombinator.com/item?id=43049174

  Verbose tl;dr

  HN commenters largely discuss qualified immunity (QI), expressing frustration with the legal doctrine that shields government officials from liability. Some argue that QI protects bad actors and prevents accountability for misconduct, particularly in cases like this where the alleged actions seem clearly inappropriate. A few commenters question the factual accuracy of the article or suggest alternative explanations for how the photos were disseminated, but the dominant sentiment is critical of QI and its potential to obstruct justice in this specific instance and more broadly. Several also highlight the power imbalance between citizens and law enforcement, noting the difficulty individuals face when challenging authority.

  The Hacker News post, titled "DA, sheriff, who shared woman's nude photos on phone are covered by QI," linking to an article about an Oregon woman whose nude photos were shared by law enforcement, has generated a moderate amount of discussion. Several commenters focus on the legal concept of qualified immunity (QI) mentioned in the title.

  Some express frustration and disbelief that qualified immunity protects the officials involved. They argue that such protection shields government officials from accountability for clearly inappropriate and potentially illegal actions. One commenter highlights the perceived absurdity of the situation, noting that the officials' behavior seems like a blatant violation of privacy and trust, yet they are shielded by QI.

  The discussion also delves into the specifics of the case and how qualified immunity applies. Commenters dissect the legal arguments, explaining the criteria for qualified immunity and debating whether the officials' actions meet those criteria. Some question whether a "clearly established right" was violated, a key component of overcoming qualified immunity. There's a back-and-forth about the nuances of legal precedent and how it applies to this specific scenario.

  Another thread of conversation centers on the implications of this case for digital privacy and the handling of personal data by law enforcement. Commenters express concern about the potential for abuse and the lack of adequate safeguards to protect individuals' sensitive information.

  Finally, some commenters offer practical advice, suggesting potential legal avenues for the woman involved, such as pursuing a civil suit against the county. They also discuss the political dimensions of qualified immunity, with some advocating for reform or abolition of the doctrine.

  Overall, the comments reflect a mix of outrage, legal analysis, and practical considerations. While some commenters delve into the complexities of qualified immunity, others express a more general sense of injustice and concern about the implications for privacy and accountability.