By Hong Mi-Ok, Lee International
E: mohong@leeinternational.com
On October 16, 2017, the US Supreme Court decided to hear a case in which Microsoft refused to submit requested data to US law enforcement authorities for a criminal investigation. The Court’s decision will likely centre on who owns the data and what rights can be claimed relating to the data. Whether the Court grants priority rights to data providers or to companies using and analysing big data will have a significant global impact on competitiveness and data sovereignty.
As we enter the fourth industrial revolution, we are witnessing a data technology revolution where companies utilise and analyse big data and use that analysis to provide services customised to each customer. Big data enables companies to extract valuable information and to respond to or predict future changes based on the extracted information. Big data is the foundation for a digital market platform that helps companies better understand customers and provide customised content. If a company develops such a platform using big data and succeeds in offering more accurate and targeted services for customers, it will have an increased opportunity to dominate a digital market. Knowing this, many companies around the world fiercely compete against each other to stay ahead of their competitors.
The Korean government traditionally has adhered to a policy of protecting privacy. Personal information can be collected to the minimum extent necessary and collection of sensitive information generally is limited.
Additionally, personal information handlers must perform security measures (access rights management, access control system operation, encryption of personal information, prevention of malicious programs, destruction of personal information) to prevent personal information from being lost, stolen or damaged. In the event of an unauthorised disclosure in violation of these obligations, criminal penalties may be imposed on the personal information handler.
Revisions to the existing data protection acts pending in the National Assembly are focused on further protecting personal information by dealing with, among other things, preventing misuse of personal information and active engagement by the Personal Information Dispute Mediation Committee.
Additionally, the Korean “Act on Promotion of Information and Communications Network Utilisation and Information Protection, Etc” (Information Communications Network Act) aims to prevent damage from a massive leak of personal information while maximising efficiency in data distribution. The act imposes on providers of information communication services additional obligations such as data communication security and control of harmful information. Revisions to this act, pending in the National Assembly, also address improving de-identification, personal information protection and control of harmful information.
Recently the Korean government published “Guidelines on Personal Information De-identification,” and it is requiring such measures to be used. These guidelines impose an obligation to explore methods for de-identification (a way of eliminating any possibility of determining one’s identity from certain data) and anonymisation. Companies should note that once big data becomes de-identified, it cannot be transformed back into identifiable data.
Notwithstanding this trend toward greater regulation by the Korean government, the Korean big data market still grew to W262.3 billion in 2015, an increase of more than 30 percent over the previous year. Given that the market is in its infancy in Korea, such growth is quite noticeable.
Because the data market continues to rise rapidly due to the data technology revolution, companies will need to be vigilant in monitoring the direction in which each country’s big data regulations will go. For those operating in Korea, they should take note of the Korean government’s strengthening stance on personal information protection and companies should find ways to protect personal information in compliance with the government’s requirements.
E: mohong@leeinternational.com
T: 82 2 2262 6288
F: 82 2 2279 5020
Recent examples of consent decrees in Korea and their implications