Data Privacy Risks in Foreign State-Owned Media

Why PII and Sovereign Data may not be suitable to keep in foreign owned Data Centres? Even if foreign-owned data centers are hosted within a country's geographical boundaries, storing Personally Identifiable Information (PII) and sovereign data in them can still pose significant risks: Legal Jurisdiction: Foreign-owned data centers may still be subject to the laws and regulations of the country where the parent company is based. This can lead to conflicts and complications in legal matters, as the data might be accessible to foreign governments under their jurisdiction. Data Sovereignty: Sovereign data, such as government or defense information, requires strict control and protection. Foreign ownership can compromise data sovereignty, as the parent company might be obligated to comply with foreign regulations, potentially exposing sensitive data. Security Concerns: Foreign-owned data centers might follow different security standards and practices. This can increase the risk of data breaches or unauthorized access, especially if the foreign entity has different priorities or less stringent security measures. Geopolitical Risks: Political instability or changes in foreign policies can impact the accessibility and security of data stored in foreign-owned centers. This can lead to disruptions or loss of control over critical data. These factors highlight the importance of carefully considering where PII and sovereign data are stored to ensure compliance, security, and sovereignty.

#Chinese state-owned company #CiticTelecom CPC revealed as owner of three data cables in the Baltic Sea, can access data A subsidiary of a Chinese state-owned company owns three data cables in the Baltic Sea, reports Helsingin Sanomat . Citic Telecom CPC owns and operates, through its subsidiaries, telecommunications cables that run between #Finland and #Estonia, Finland and #Sweden, and Estonia and Sweden. Citic Group, the owner of Citic Telecom CPC, headquartered in Hong Kong, is a Chinese state-owned company, where the decision-making power is exercised by the Communist Party. The data cables were acquired by Citic Telecom CPC from Dutch company Linx in 2019, a deal that did not attract much attention. Now, Western countries have become more skeptical about China and its role in the internet cable network. United Statesbanned one of the Citic Group's telecommunications companies from operating in its territory in 2022. The reason was that there was reason to believe that the company would have to operate according to China's requirements and objectives because it was a company controlled by the Chinese state. The customers of the data cable owner are typically telecommunications operators, and the cables carry data from private individuals, companies, and authorities. Anssi Kärkkäinen, Director General of the Cybersecurity Center at the Finnish Transport and Communications Agency Traficom, tells HS that ownership of data cables involves risks of misuse, such as the fact that the cable owner can adjust the network system to redirect traffic elsewhere. The owner also has access to equipment facilities located on land, where it is possible to install additional equipment, for example for data storage. https://lnkd.in/gyBh2N8j

The launch of #DeepSeek, a Chinese app that surfaced recently, raises various security (like one reported recently, referred below) concerns, especially given its rapid expansion and the nature of its technology. Below are key points to consider: 1. Data Privacy Risks • Sensitive Data Exposure: Given the app’s purpose (likely involving data searches or analytics), it will process vast amounts of personal or sensitive data. There’s a risk that this data could be mishandled or exposed due to insufficient security measures. • Data Storage: the user data will be stored in Chinese servers(as reported in article below) or data centers, concerns arise regarding data access by the Chinese government under local laws such as the Cybersecurity Law or the National Intelligence Law. 2. Lack of Transparency • Unclear Data Handling: Many Chinese apps do not clearly disclose how they handle or share user data, making it hard for users to know where their data ends up and who can access it. • Model Transparency: The deep learning or search algorithms powering DeepSeek may be opaque, making it difficult to assess potential biases or unintended security vulnerabilities. 3. Potential for Surveillance • Government Access: Chinese applications can be subject to the country’s surveillance policies. Data collected by DeepSeek could be made accessible to government agencies, raising concerns about user privacy. • Tracking and Profiling: The app will track user behavior and potentially profile individuals for political, commercial, or other purposes. 4. Cybersecurity Risks • Weak Security Features: As a new app, DeepSeek will not have fully implemented the necessary security infrastructure to protect user data. Vulnerabilities in encryption, authentication, and data access control will make the app a target for hackers. • Risk of Data Breaches: A lack of robust incident response and data protection practices may make the app more susceptible to data breaches or cyberattacks. 5. Compliance with Global Standards • Regulatory Concerns: DeepSeek will struggle to meet data protection standards like the DPDP, GDPR or CCPA, which could create legal issues for users outside China who expect these protections. Mitigation Measures: • Use strong encryption for data at rest and in transit. • Clearly define and disclose data retention, sharing policies, and user rights. • Regularly update the app with security patches and fixes. #Cybersecurity #DataPrivacy #DeepSeek #ChineseApps #DataProtection #TechSecurity #PrivacyConcerns #AppSecurity #Surveillance #GDPR #CCPA #DigitalPrivacy #DODP #RiskManagement #DataBreach #AI #MachineLearning #RegulatoryCompliance #TechEthics #InformationSecurity #SecurityRisks