All Things Newz
Law \ Legal

Summary Of Korean Data Protection Developments – Privacy Protection



To print this article, all you need is to be registered or login on Mondaq.com.

South Korean Data Protection Outlook:

The Yoon Government’s New Approach to South Korea’s
Data Regulations for Digital Services and Technology

President Yoon’s victory in South Korea’s presidential
election on 9 March 2022 meant sweeping changes to the direction
that the Korean government would follow across a number of sectors
and industries. The technology, media and telecommunications sector
is no exception and within the ambit of this ever evolving sector,
data protection and the regulations surrounding this section of the
tech industry are also to be amended and tweaked to be in line with
the policy statements of President Yoon.

Policy Statements

President Yoon’s policy statements highlighted the need to
support and bolster innovation and R&D in the sectors of AI,
digital infrastructure, cyber security, robotics and mobility. One
of the key differences of the Yoon government from its predecessor
is receptiveness to free market-orientated proposals and arguments
for new directions in regulation, policy and enforcement. This
opened up the potential for a shift in the regulatory framework for
the ever changing digital services, data regulation and technology
sectors. This is in line with one of the campaign promises from
President Yoon which included a push for deregulation to ease the
way for cutting edge technology and business models.

Recent Developments

The Ministry of Science, ICT and Future Planning stated in June
this year that the government will establish a task force comprised
of government officials and private companies to draw up strategies
to beef up the digital platform industry and create self-regulation
guidelines related to emerging technologies such as data management
and artificial intelligence. The Minister of Science, ICT and
Future Planning stated, “We will form a pan-government
policy consultative body, implement a self-regulation policy and
help companies improve their innovation
capabilities
.”

On the crypto exchanges front, the leading crypto exchanges have
created plans that could see them form a self-regulating body that
could be empowered to take cross-platform decisions on matters like
delisting and the suspension of transactions. Although this is
still in discussion stage, which includes governmental ministers
and regulators from the Financial Services Commission and the
Financial Supervisory Service, it does indicate that the government
is following through on its policy statements and moving in the
direction of self-regulation.

In addition, The Personal Information Protection Commission
(“PIPC”) announced on 13 July 2022, that ten online
shopping platforms have signed public-private partnership
agreements for the safe use of personal information. In particular,
the PIPC highlighted that it is the first case of self-regulation
of public-private cooperation by online platforms, with the
relevant platforms representing around 80% of the domestic online
shopping market share.

More specifically, the PIPC outlined that the agreements include
a requirement by platforms to have a secure authentication method
for access by users. Further, the PIPC provided that the agreements
include data retention rules, namely that the personal information
of users will be masked immediately and, after up to 90 days, the
seller will not be able to download purchasers’ personal
information. In addition, the PIPC noted that the agreements detail
that platforms must provide a function to disclose sellers’
personal information processing policy, including an obligation to
notify users of the duty to destroy and ensure separate storage of
personal information of users.

Finally, the PIPC stated that the self-regulatory agreements are
effective from the notification of the Korea Online Shopping
Association by the PIPC’s decision, and apply for two
years.

First Session for “Public-Private Cooperated
Self-Regulation”

On 29 June 2022, PIPC held the first meeting in regards to its
proposal to adopt “Public-Private Cooperated
Self-Regulation” for 7 online platform industries, including
the following online platforms: open market, delivery, mobility,
job searching, hospital appointment, real estate and hotels.

The adoption of this new regulatory scheme is to put a
precautionary regulation in place as the existing laws are not able
to keep up with the fast-changing and diverse business models of
online platforms and business. The direction and intention that
PIPC appears to be working towards is that current laws and
regulations will still apply, and, added to this, the
self-regulation of the businesses taking part in this proposed
project will reflect the needs of the participants of the private
working group. As this new proposed scheme is at a very early
stage, this space will need to be observed to see how this proposal
progresses. A summary with regard to this new proposed scheme and
the initial take away points from the introductory meeting were as
follows:

  1. According to PIPC, all companies are welcome to join the
    private working group. The working group will be able to set the
    detailed self-regulation that will apply to themselves in addition
    to the existing laws. The self-regulation will be effective after
    PIPC approval.

  2. Although participation is voluntary, PIPC may reach out to the
    bigger players in the market and ask if they want to participate
    (although this seems to be a request for voluntary participation
    this could also be interpreted as a directive as it would not be
    easy for Korean companies to reject such request).

  3. All the participants are expected to cooperate with PIPC and
    let them know how their private information is processed and
    managed internally and what other parties may engage/have access to
    the information in their business processes.

  4. For the promotion of this new scheme, as an incentive, PIPC
    said (1) it will not penalize the participants for any breaches of
    privacy laws even if they were to find any violation of privacy
    laws while learning about and collecting information about their
    business models. In addition, (2) as the participants can reflect
    their opinions on the self-regulation, it will reduce the risk of
    ambiguity in applying the privacy law to the participants’
    business models.

  5. However, there were concerns expressed that, (1) providing
    relevant information to PIPC may be demanding and costly; (2)
    although self-regulation is intended, it may just be an additional
    regulation, and (3) considering that PIPC is looking forward to
    applying this new scheme in the second quarter of 2023, the
    timeline might be pressing and not realistic.

Other areas that we are seeing similar proposals and early
indicators of change and a move in the direction of more
self-regulation would be in the area of rating requirements for
gaming, music videos and movies.

Current Difficulties That Would be Eased with Self-Regulation
– Using Rating Requirements as an Example:

With regard to the provision of music video services, for
example, by online music service providers, the Music Industry
Promotion Act applies, mutatis mutandis, several provisions of the
Promotion of the Motion Pictures and Video Products Act
(“Movie and Video Act”) (Music Industry Promotion Act
Article 17(2)) to music videos. According to Article 50(1) of the
Movie and Video Act, music videos provided by online music service
providers are subject to rating by the Korea Media Rating Board
(“KMRB”). Also, Article 53(1), subparagraph 1 of the
Movie and Video Act stipulates that no one should provide videos
that have not been rated for the viewers. Therefore, by statute,
online music providers are obligated to have the music videos rated
when it provides those videos to the users, including its rest of
world labels.As is blatantly obvious, in practice, it is almost
impossible to have every music video rated by the KMRB, not to
mention the huge amount of time and resource this would place on
the KMRB. In short, this is a prime example of how self-regulation
would be a win-win for all involved.

Positive Outlook:

As the current government appears to be backing up its
“words” with “actions” and, from the current
developments, seems to support the theme of “less
regulation”, this trend is very encouraging in the digital
services, data regulation and technology sectors. As highlighted in
the example above, music video rating is a good example and a
representative case of unnecessary regulation that cannot keep up
with the speed of technological trends, and thus, the Ministry of
Culture, Sports and Tourism (“MCST”) considerations to
change and follow a more self-regulated approach in these sectors
is very promising.

Although there is still a long way to go to see exactly how
these proposals by the government will be implemented and effected,
it is a step in the right direction to breach the gap between
regulation that is not in tune or in line with the developments
that occur particularly in the sectors where there are constant
advancements and technology jumps. For now, however, it is
excellent news and a feather in the cap of the new government to be
approaching issues in a practical and reasonable manner.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.



Source link

Related posts

Are Family Law Courts And Associated Bodies Working To Their Limits? – Family Law

Horace Hayward

Next of kin and their responsibilities when a loved one dies – Wills/ Intestacy/ Estate Planning

Horace Hayward

The MeitY’s Guidelines On Data Anonymisation: A Sign Of The Road Ahead? – Privacy Protection

Horace Hayward