The Korea Herald

지나쌤

[Lee Jae-min] Striking a balance between data and privacy: A second try

By Lee Jae-min

Published : Sept. 4, 2018 - 16:59

    • Link copied

Global trading norms have traditionally adopted a bifurcated approach: goods trade and services trade. These still constitute the two main pillars of trade agreements.

Now, a fundamental change is in the offing. The arrival of artificial intelligence and the internet of things is now blurring the conventional line between goods and services. The two are now often combined, converged and integrated in one medium or product. Goods provide services, and services in turn put more goods for sale. Consider driverless cars, smart home appliances and medical-staff-connected medical equipment. They are goods, outwardly speaking, but they provide services that used to be provided only by human beings. Goods and services now come in the same package to give us consumers integrated benefits.

What enables this very convergence is data. Big data, as it is called. Products (or mediums) and their handlers collect data and process it for further commercial or industrial utilization. Data so processed then forms a new platform for the sale of more goods and services. So, data is the neurons and blood of the new integrated network of services and goods. No wonder the question of who stores and controls data has become critically important in terms of business.

President Moon’s mention last Friday that data is to the digital economy what oil is to conventional industry is very timely and to the point. Rolling out a new data-driven economic policy, he said the government plans to invest 1 trillion won ($897 billion) in the data industry next year, and intends to build a “data expressway.”

A constant concern here, though, is privacy. Hence, what is needed is a balance between the broader utilization of data and the protection of personal information.

As always, “balancing” is a tricky subject. Different countries have different approaches. Their respective balancing points slide along the scale in one direction or the other by a couple of notches. The United States favors more liberal data utilization, while the European Union is more cautious. China and Russia take even more cautious approaches, basically banning the transfer of data out of their jurisdictions.

Against this backdrop, the Aug. 31 announcement reflects Korea’s efforts to strike a new balance here, a second try since the adoption of the Personal Information Protection Act in 2011. Importantly, the president’s pledge signals that Korea is changing gears -- adopting a new system in which personal information can be gathered and processed for commercial purposes, within the constraints of regulatory guidelines. As a counterweight, harsher penalties will be imposed for violations.

Critically, the new scheme purports to define the term “personal information” in a more detailed manner. It now features a three-layered definition: firstly, personal information; then, information organized into certain categories with no personal identities attached to it; thirdly, anonymous information. The third group is not a concern as it is fully anonymous, thus protected. The first continues to be subject to full protection unless express consent is given. So, it is covered as well. The question lies with the second group. Though the person’s identity is supposed to remain private, critics suggest that “identity silhouettes” may gradually appear when dozens of categories are collected and juxtaposed.

Thus, the remaining question is how to handle the information in the second group. For now, the government vows to impose harsh penalties on those who try to assemble the pieces of a puzzle based on information in this group. Interested groups and watchers will demand clearer answers when a bill to materialize the new plan is introduced at the National Assembly in the fall.

Addressing the privacy concern may also require considering the role and function of the agency in charge: the Personal Information Protection Commission. Since its establishment in 2011 to oversee the protection of personal information, the commission has made significant progress over the past seven years. But its role has been marginalized due to the lack of any clear statutory authority as a guardian or watchdog. Any prospective amendments should address this structural problem as well.


Lee Jae-min
Lee Jae-min is a professor of law at Seoul National University. He can be reached at jaemin@snu.ac.kr. -- Ed.