South Korea

Screenshot 2020-04-03 at 12.16.28 PMBy Mi-Jeong Oh, Dentons Lee

 

The National Assembly of South Korea recently passed a bill to amend the so-called “Three Data Laws” of Korea — the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilisation and Information Protection, Etc. (hereinafter Information and Communications Network Act) and the Credit Information Use and Protection Act (hereinafter Credit Information Protection Act) — in January 2020. This amendment will take effect beginning August 5, 2020. Revisions to any related enforcement decrees and enforcement rules, which will elaborate on the amended provisions of these acts, will be prepared by March and then will be pre-announced in March or April.

More data use with the introduction of “pseudonym information”

The recently amended Personal Information Protection Act introduced the idea of “pseudonym information”. It refers to information which was processed to prevent certain individuals from being identified by using a pseudonym (or “de-identification”) such as deleting any part of personal information or replacing any identifiable information fields with pseudonyms.

Pseudonym information may be processed (such as through collection, creation, interlocking, provision, disclosure, etc) without the consent of the information object in any scientific research, including for statistical and industrial purposes. Any pseudonym information retained within a company can be combined autonomously but combining pseudonym information held by more than one company can be done only by the Personal Information Protection Commission or other designated specialised agencies. In addition, the amended Credit Information Protection Act also allows the use of pseudonym personal credit information without obtaining consent when producing statistics for commercial purposes and for industrial research.

Screenshot 2020-04-03 at 12.19.15 PM

Moreover, when pseudonym information is provided to a third party, it must not include any information which can help identify the individuals involved. If pseudonym information is processed for the purpose of identifying an individual, a company engaging in that conduct can be fined up to 3 percent of the company’s annual sales.

The allowance of pseudonym information systems is intended to help nurture research needed for new technology development and to help promote new industries such as smart cities, fintech, etc. The prevailing forecast is that the introduction of such pseudonym information will contribute to revitalisation of data economy and AI development. However, standards and guidelines related to such pseudonym personal information have not yet been developed and much concern has been voiced about the importance of creating further safeguards for pseudonym information. Companies and research institutes are also showing keen interest in follow-up measures for this newly introduced system by the Personal Information Protection Commission.

Unification of the personal information protection system

Currently, the protection of personal information in Korea is being regulated by several agencies such as the Ministry of the Interior and Safety, the Korea Communications Commission, the Personal Information Protection Commission and others. But the amended Personal Information Protection Act will unify these scattered personal information protection services to be solely handled by the Personal Information Protection Commission, while elevating the status of such agency to become a central administrative organisation. Provisions on personal information protection stipulated in the Information and Communications Network Act will all be deleted, and such deleted provisions will be incorporated into the Personal Information Protection Act. This is to ensure the independence and extensiveness of the regulatory authority for personal information protection, and it is also relevant to the current effort to obtain the EU’s recognition of South Korea’s compliance with GDPR goals.

Strengthened rights of credit information objects

The amended Credit Information Protection Act is also granting individuals, as the subjects of credit information, a new right to demand that any financial company transfer their own credit information to other companies or agencies. Such measure is interpreted to be based on the information subjects’ right to data portability recognised by the EU’s GDPR. This will in turn boost the so-called “my data” industry that provides various services, such as integrated inquiry of personal credit information, credit and asset management, etc.

 

 

Screenshot 2020-03-04 at 3.13.38 PM

W: www.dentonslee.com

E: mijeong.oh@dentons.com

T: (82) 2 2262 6229

F: (82) 2 2279 5020

Related Articles
Covering Ears to Steal Bells: Ignoring insolvency at risk of liquidation
The closest Chinese equivalent to the English idiom of ‘sticking one’s head in the sand’ is ‘covering one’s ears to steal bells’ ...
JV Compliance Issues during the Transition Period under the new FIL
On 1 January 2020, the Foreign Investment Law of the People’s Republic of China came into force ...
Related Articles by Jurisdiction
Dispute Resolution
Our latest Disputes Special Report features contributions from K&L Gates, King & Wood Mallesons, the Hong Kong Arbitration Centre, Lee International and the Singapore International Arbitration Centre, – from funding to resolution, bringing the pieces ...
The value of a citizen’s participation trial
Since February 2008, pursuant to the Act on Citizen Participation in Criminal Trials, defendants in many types of criminal cases in Korea have had the right to a “citizen’s participation” trial, where a group of five to nine jurors acts ...
To list or not to list? ... The Asian IPO question
Our Special Report on Initial Public Offerings discusses where remaining investor sentiment is heading in the region, and why some industries are likely to forge ahead with listings this year despite market uncertainties. With supplemental reports on the trends and ...
Latest Articles
Watch again: “Is Covid-19 taking women lawyers’ careers back to the 1950s?”
A second chance to watch….. the opening Women In Law Dialogue Series Webinars: Asia and North America time-friendly (first aired ‘live’ in August 2020) ...
Covering Ears to Steal Bells: Ignoring insolvency at risk of liquidation
The closest Chinese equivalent to the English idiom of ‘sticking one’s head in the sand’ is ‘covering one’s ears to steal bells’ ...