 |
| The risk of personal data leakage in cyberspace is increasingly serious. Illustrative photo. (Source: Internet) |
AI-generated avatars are becoming a trend across social networks, from Facebook to Zalo. Recently, on October 20, Zalo AI Avatar is a new feature introduced, helping users create “unimaginably” beautiful portraits with many different styles.
“Many AI-edited photos are a bit… excessive, but I still like it because it allows me to see myself in surreal, “sparklingly beautiful” versions without having to spend time on makeup, hair, or posing,” said Tran Thuy Nga, 26, an employee at a company in Hanoi.
It is worth mentioning that before using the application, Ms. Nga quickly clicked on the “Agree to Zalo Service Agreement” section without reading the terms. In fact, the habit of using the application before reading the instructions is quite common, and this brings a lot of trouble when disputes arise between users and service providers.
The user's action of uploading the original photo and receiving a new photo is an active act of providing information, after agreeing to the service usage agreement, making the use of this application potentially risky in terms of data security. Because the uploaded photo is not used once and then deleted, but the photo is still stored on the service provider's server system.
Risk of information leakage
Security expert Vu Ngoc Son, CTO of NCS Cyber Security Company, warned that gathering images in one place will put them at risk of being leaked and attacked by hackers. This photo generator has many potential risks of leaking personal data. Photos taken with mobile phones will often save information about the time, type of phone being used and the location where the photo was taken.
“With this information, we can synthesize the habits, travel schedules, and activities of users. If the photo archive falls into the wrong hands, they can use deepfake technology to create fake photos and videos for various purposes, including fraud and property appropriation. Therefore, users need to be careful when using it to ensure information security,” Mr. Son emphasized.
Not only the trend of creating avatars, but also for applications that help users edit photos using AI technology provided for free on social networks, experts always warn about the risk of personal data leakage.
In the world, the issue of personal data protection is currently highly valued by many countries. According to statistics, more than 80 countries have issued legal documents on personal data protection.
Japan enacted the Personal Information Protection Law (APPI) in May 2017, which applies to all companies doing business in Japan and foreign companies doing business in Japan, established the Personal Information Protection Commission, and strengthened management of foreign technology companies such as Google, Facebook, Amazon, etc.
In May 2018, the European Union enacted the European General Data Protection Regulation (GDPR), requiring businesses to comply with specific regulations on how personal information is collected, where it is stored, and what types of data can be shared. Businesses that violate the law risk being fined up to 20 million euros or 4% of their annual global revenue.
In late 2018, Ireland's Data Protection Commission (DPC) - the body that oversees companies under the European General Data Protection Regulation (GDPR) - opened more than 10 investigations into major tech companies, including Google, Facebook, Apple and Twitter.
DPC communications officer Graham Doyle said the DPC was examining whether Facebook's WhatsApp was providing information transparently to users.
The US information security system is considered the oldest, strongest and most effective in the world. In addition to state laws, such as the California Online Privacy Protection Act, recent federal laws have been enacted with a number of new regulations on personal data protection, ensuring tighter security.
The US government has stepped up its crackdown on Google and Facebook’s illegal collection of user data. In July 2019, Facebook was fined $5 billion by the US Federal Trade Commission (FTC) for exposing the data of more than 50 million users. In September 2019, the FTC fined Google $150 million for illegally collecting children’s data through the Youtube app.
TikTok, a product of ByteDance, has been investigated by regulators in the US, the European Union and the Netherlands for suspected violations of privacy laws. US officials are concerned that TikTok could pose a security risk to the personal data the company holds.
In June 2022, the European Data Protection Authority (EDPB) announced the creation of a special investigation team to assess TikTok’s operations in the continent, following a request from an EU MEP due to concerns over the app’s data collection practices and security and privacy risks. A month before the EDPB investigation, Dutch authorities also announced an investigation into TikTok’s handling of data from millions of young users.
Responsibility for protecting personal data
In Southeast Asia, Indonesia is the fifth country in the region to have specific laws on personal data protection, after Singapore, Malaysia, the Philippines and Thailand.
According to the Bangkok Post, Thailand's Personal Data Protection Act, which will take effect on June 1, 2022, includes regulations that both the public and private sectors must comply with when collecting and using personal data.
Vietnam currently has 72.1 million Internet users (over 73.2% of the population) and is one of the countries with the highest Internet development and application rates in the world. Personal data of more than 2/3 of Vietnam's population is being stored, collected, and shared on cyberspace in many different forms.
According to Mr. Nguyen Duc Tuan, Director of the Cyber Emergency Response Center, Department of Information Security (Ministry of Information and Communications), the disclosure and leakage of personal information is a common situation even in well-secured organizations and companies in the world, such as Facebook in April 2021, which leaked data of more than 500 million users.
Therefore, the need to protect personal data is increasingly urgent, especially in the context of complex cybercrime developments with increasing numbers and severity of personal data theft and trading cases.
Based on legal experience and the experience of other countries in the field of protecting personal data rights, over the years Vietnam has built a legal corridor on this issue, on the basis of suitability with the country's legal system, socio-economic situation, and ensuring compliance with international law.
From July 1, 2023, the Decree on Personal Data Protection issued by the Government of Vietnam regulating the protection of personal data and the responsibility to protect personal data of relevant agencies, organizations and individuals officially takes effect.
This is one of the efforts to promote and protect citizens' privacy, including preventing the theft of personal data. Protecting personal data in cyberspace is a contribution to ensuring human rights in the context of digital transformation.
Source
Comment (0)