Recently, all over the world, including Korea, there seems to be a craze for artificial intelligence (AI), the internet of things (IoT) and big data. These new technologies use comprehensive data including personal information. Because of this, Korean companies – especially communications, healthcare and finance enterprises – are demanding deregulation of personal information protection for activating big data industry.
To meet the needs of the companies, the administration of former president Park Geun-hye announced the Guidelines for De-Identification of Personal Information in 2016. According to the guidelines, if personal information is processed as unidentifiable in a certain way defined in the guidelines, it is not considered personal information and so companies can use it freely. In addition, the guidelines designated public agencies such as the Korea Internet and Security Agency as “a specialised agency for de-identification”, which combines personal information from different corporations and provides linked data to those corporations.
Civil society organisations including Jinbonet protested that the guidelines violated the Personal Information Protection Act (PIPA). This is because even though de-identification in accordance with the guidelines does not guarantee sufficient anonymisation, companies can use personal information without the consent of the data subjects. The CSOs filed charges with the public prosecutor against the specialised agencies and 20 companies for providing and combining personal information without the consent of the data subjects. The organisations also demanded improvements to the PIPA and strengthening of the authority of the Personal Information Protection Commission (PIPC), a data protection body.
Image source: Jinbonet. Civil society groups including Jinbonet held a press conference to announce charges filed against specialised agencies and 20 companies with the public prosecutor on 19 November 2017.