A major company has been looking into pushing forward data distribution business for long time. Although the intent of South Korean Government and the ruling party is solid, revision of relevant laws still has long way to go. Based on current relevant laws that seem stricter than EU’s GDPR (General Data Protection Regulation), there is a high chance that companies may face significant blows to their images and sales or be involved in a major lawsuit for compensation for damages if data including personal information is misused.
A startup company has not been able to carry forward its business for long time due to unclear regulations on data. Although it recently received legal and institutional basis for its business due to designation of a regulatory sandbox, it is almost impossible to obtain usable data as major companies that have data refuse to distribute their data due to personal information issue. Even if it tries to secure data by processing data, there is a chance that such process may violate a law.
To solve such issues, revised bills of Personal Information Protection Act, Information and Communication Network Act, and Credit Information Act were issued on the 15th of November of last year. As it becomes almost a year since these revised bills were issued, Korea Data Industry Association (KODIA) and the Electronic Times had carried out a joint survey of 209 members of KODIA. They had received responses through Google Docs between the 25th and the 31st of last month. 126 members out of 209 members gave their responses to the survey.
◊Korea Data Industry Association’s agree on information under pseudonym and unified governance
Based on their survey regarding the need to pass Personal Information Protection Act, Information and Communication Network Act, and Credit Information Act, 123 members (97.6%) out of 126 members agree that these three acts need to be passed in order to implement data economy.
Members also acknowledge the need for key information of Personal Information Protection Act, Information and Communication Network Act, and Credit Information Act. They agree on elevating Personal Information Protection Commission (PIPC) to an independent commission, unifying governance related to utilization and protection of personal information, and introducing the concept of information under pseudonym. 95.2% and 90.5% of 126 members agree on introducing the concept of information under pseudonym and making PIPC independent and unifying governance respectively.
Revised bill of Personal Information Protection Act conceptualizes legal concepts of personal information. Information is deemed as ‘personal information’ if the subject of information can be confirmed and it is deemed as ‘information under a pseudonym’ if the subject cannot be confirmed without using additional information. Information is also deemed as ‘information under anonymity’ if the subject cannot be confirmed even with additional information and if the information has low value to be used as part of big data.
92.9% of 126 members also agree on allowing data to be processed in order to use and distribute data. Distribution of data in South Korea is still in a toddler stage. According to analysis data from Song Hee-kyung, who is a member of Liberty Korea Party, the volume of data that has been accumulated for the past 5 years by Korea Data Agency’s data distribution channel called ‘Data Store’ is worth just $944,000 (1.1 billion KRW). On the other hand, the volume of data that has been accumulated for the past 4 years by China’s Big Data Expo is worth $17.6 million (20.5 billion KRW). Majority of 126 members agree on the need to process data safely in order to secure usable data.
73.8% of 126 members answered that current systems and laws are not enough to implement data economy and to develop South Korea’s data industry. To reduce a possibility of personal information being leaked and concerns from the private sector, 80.2% agree on levying a fine that can bring a significant blow to a company’s management if a company purposely leaks personal information.
◊South Korea’s data industry concerned about the gap between itself and data industries of advanced countries
South Korea’s data industry believes that the difference between South Korea’s data industry and data industries of advanced countries such as the U.S. and China is now more than 5 years. 62.7% and 30.2% of responders believe that the difference is more than 5 years and between 3 and 4 years respectively. This indicates that 9 companies out 10 companies believe that the difference is at least 3 years.
Actually, foreign countries have been very active on data processing and data analysis industries. Traditional companies that provide services by converting big data into a database as well as data-based startup companies have been growing very rapidly. The U.S. has been the most active on data transaction and data distribution. Its data industry has become vitalized by implementing regulations on personal information that are more generous than South Korea’s regulations.
CoreLogic, which is an American real estate data analysis company, makes $1.46 billion (1.7 trillion KRW) in sales annually. Acxiom, which is a data processing company, makes $773 million (900 billion KRW) in sales annually. On the other hand, South Korean companies face a difficulty even with basic work such data collection and data processing due to strict or inadequate laws and systems.
Data-based companies that participated in the survey gave various opinions such as creation of a virtual data special zone, allowance of data distribution, simplification of authentication and verification procedures and diversification of authentication agencies, creation of an ecosystem that allows data to be used as assets, and limited government interference in order to implement data economy.
Responders also requested for strict sanctions and punishment in order to prevent personal information from being misused.
◊Personal Information Protection Act, Information and Communication Network Act, and Credit Information Act set up to prepare legal basis
Revised bill of Personal Information Protect Act clearly divides the concept of personal information into personal information, information under pseudonym, and information under anonymity. Information under anonymity is used for statistics and research. Revised bill will elevate PIPC as a central administrative agency under prime minister and it will unify governance by transferring relevant functions of Ministry of Interior and Safety to PIPC.
Information and Communication Network Act transfers details on personal information protection to Personal Information Protection Act in order to resolve issues such as controversy that arises from scattered legal systems and existence of multiple supervisory agencies. It changes the subject that supervises regulations related to personal information protection on online from Korea Communications Commission to PIPC.
Credit Information Act has prepared a legal basis for big data to be analyzed and used within financial fields. It maintains similar and overlapping provisions as Personal Information Protection Act. It strengthens PIPC’s law enforcement functions in order to protect personal credit information of commercial companies and corporates. It also includes information that creates more advanced regulatory system for industries related to credit information.
Staff Reporter Park, Jongjin | truth@etnews.com