The Public Administration and Security Committee of the National Assembly holds a subcommittee meeting on Aug. 29 to deliberate on an amendment to the Personal Information Protection Act. The amendment bill is to allow the utilization of de-identified personal data for more purposes.
Article 39 of the Personal Information Protection Act, which requires an individual prior consent for personal information provision, is likely to affect almost all information technology-based industries. Experts point out that the local cloud computing industry will take a direct hit with an increasing number of companies using cloud computing to promote big data and artificial intelligence services.
According to the OECD, South Korea ranks 27th among 33 member countries when it comes to enterprise cloud usage. Specifically, South Korea’s usage stands at 12.9 percent, much lower than Finland’s 56.9 percent and Japan’s 44.6 percent. South Korean enterprises and public and financial institutions are currently in their first stage of cloud computing utilization, just starting to recognize its importance for big data utilization.
The use of cloud computing can be almost blocked if an individual consent must be obtained each time a company develops a new service after information transfer to a cloud storage or each time there is a change in the data center storing the information. According to the amendment bill, the individual consent is not required when user convenience improvement is intended. However, the intention must be proved with a law firm, which can take months. The time and cost are burdensome even for large corporations, not to mention small firms and startups.
It is in this regard that the Korea Personal Information Protection Law Association pointed out in March that the revision will hinder the growth of new industries and cloud computing services and improvements have to be made to better reflect changing market environments and global trends.
“Such mandatory consents are nowhere to be found outside South Korea and, according to the General Data Protection Regulation of the European Union as an advanced personal information protection scheme, just a contract between a trustor and a trustee is sufficient,” said an industry insider, adding, “The revision will affect financial companies providing online banking services, online shopping malls, social networking service providers, and many more and their growth can be ensured only after the article is removed from the bill.”