On the 7th, Asia Economy conducted a comprehensive review of the privacy policies of nine Chinese home appliance and electronics companies operating in the Korean market, including TCL, Hisense, Xiaomi, Hikvision, Dahua, Uniview, Roborock, Ecovacs, and Dreame. The results showed that, in addition to Roborock, both TCL and Dahua may provide personal information to affiliates and third parties without customer consent.

TCL TV product, Photo by TCL

원본보기 아이콘

According to TCL's privacy policy, the company may disclose personal information to affiliates, subsidiaries, and third parties without separate consent under specific conditions, such as: ▲assisting in providing company materials, ▲selling company products and services, ▲compliance with laws, or ▲processing personal information according to privacy guidelines.

The most problematic clause is the "overseas transfer of personal information" section. TCL also states that it may transfer information to companies located in other countries for the purpose of managing personal data. It explicitly states that "you may be subject to laws other than those enforced in your country (i.e., laws of other countries)" in this process.

Previously, Roborock stated that it could collect and use personal information without customer consent within the scope permitted by the data protection laws of the respective country, which sparked controversy. Roborock later issued a statement clarifying that it "strictly complies with Korean laws and regulations" and subsequently revised its website guidelines.

TCL has gone a step further than Roborock by leaving open the possibility of overseas transfer of personal data and the application of foreign laws. In response, we attempted to contact TCL Korea multiple times for comment, but were unable to reach them.

An official from the Personal Information Protection Commission explained, "It is highly likely that customer consent was obtained when first signing up for the service, and even if consent was not obtained, there are cases where information can be collected if necessary to fulfill legal obligations," adding, "Companies may sometimes have no choice but to use information to provide their services."

TCL may transfer personal information to affiliated companies if necessary
CCTV company Dahua also has the possibility of transferring to other countries
Five companies did not disclose information providers

Photo by Getty Images Bank

However, experts warn that there is a risk of information leakage. Park Chunsik, a professor of information security at Seoul Women's University, said, "Products from other Chinese companies, including Deepseek, also have the potential for information leakage according to their privacy policies," and added, "Since laws differ by country, foreign companies may not consider domestic laws." He further stated regarding overseas transfer guidelines, "Global companies often allow information to be sent to their headquarters, so this requires more thorough review."

TCL is rapidly increasing its market share in the global TV market alongside Hisense and Xiaomi. According to market research firm Omdia, last year, the combined market share of three Chinese companies (TCL, Hisense, Xiaomi) in the large-size TV segment was 31.3%, surpassing for the first time the combined share of Samsung Electronics and LG Electronics (28.4%). As Chinese companies narrow the technology and market share gap with Korean firms, the importance of security is being further emphasized.

Screenshot of the 'Privacy Policy' posted on the TCL Global website, Screenshot of the TCL Global website

원본보기 아이콘

The range of products from companies with potential for personal information sharing according to their privacy policies extends beyond smart TVs to include refrigerators with Internet of Things (IoT) features, robot vacuum cleaners, and CCTVs.

Chinese CCTV company Dahua also stipulates that it may transmit and store customers' personal information on servers located in other countries. It states that information may be transferred to other countries and that applicable laws and levels of protection may differ by country.

Dahua allows personal information to be shared with third parties if there is explicit customer consent. However, in the case of "certain trusted third parties (subsidiaries and affiliates)," information can be shared without customer consent.

Of the nine companies surveyed, five did not clearly specify the third-party service providers to whom customer information is transferred, except for three companies (Xiaomi, Dahua, Ecovacs). Roborock recently added a detailed list of service providers to its website after updating its policy.

원본보기 아이콘

Most companies have separate servers for storing and managing personal information. Especially for global IoT companies and startups expanding their markets worldwide, it is common to use other companies' cloud servers to store personal information by country.

For Korean users, Xiaomi stores personal information in a data center located in Singapore. Dahua also stipulates that data is stored on servers in China, the United States, Germany, and Singapore.

The problem is that, in this process, there is concern that Chinese companies may transfer customers' personal information to their headquarters in China or to third-party companies. Some companies try to alleviate concerns by moving servers overseas rather than in China, but since information can still be transferred to headquarters and affiliates, the possibility of transferring personal information to the Chinese headquarters remains.

Yeom Heungyeol, professor emeritus of information security at Soonchunhyang University, explained, "Under domestic law, even affiliates are considered separate legal entities from the headquarters in terms of personal information processing," adding, "If the companies are different, the privacy policy must be clearly stated." Regarding overseas data transfer regulations, he emphasized, "If services are being provided using the personal information of Korean customers, it is only natural to comply with Korean law."