The option of pseudonymization — associating personal data with an alias — is considered to be less secure than choosing to anonymize data sets, though both methods guarantee varying degrees of privacy. (Image: Yonhap)
SEOUL, Feb. 7 (Korea Bizwire) — Personal data that has undergone “anonymization” — made anonymous to render the identification of the individual the data was generated from impossible — will no longer fall under the confines of the Personal Information Protection Act, for which the stated purpose is to “provide for the processing and protection of personal information”.
The Presidential Committee on the Fourth Industrial Revolution revealed the impending change in a February 6 announcement.
In addition to anonymization, the committee will look to draft a legal framework clarifying what constitutes “pseudonymized” data and how it can be utilized.
Taking a page out of the European Union’s rulebook (the GDPR), the committee will exclude anonymized data but guarantee legal protection for personal information and pseudonymized data. (Image: Yonhap)
The option of pseudonymization — associating personal data with an alias — is considered to be less secure than choosing to anonymize data sets, though both methods guarantee varying degrees of privacy.
Taking a page out of the European Union’s rulebook (the GDPR), the committee will exclude anonymized data but guarantee legal protection for personal information and pseudonymized data.
The relevant portion of the GDPR reads, “Legal protection for data must be applied to all data pertaining to an individual that is either identifiable or has been identified.
Distinguishing between standard personal information and pseudonymized data, the GDPR also requires that technical and organizational measures be adopted to prevent the identification of data subjects through the incorporation of new data, which must be kept separately.
Committee member Lee Sang-yong said, “As we enter the Fourth Industrial Revolution era, in which data serves as a key resource, demand for data applications are growing while concerns over personal privacy violations are still persisting.”
The committee also touched on the tasks that need to be completed once legal revisions abolishing the required use of public key certificates are passed before the end of this year. A reassessment of digital signatures and the need for a ban on the collection and use of resident registration numbers are two topics that still demand greater deliberation.
The committee’s announcement was a summary of issues discussed in talks held with civic groups and legal and industry experts on February 1 and 2.
Kevin Lee (kevinlee@koreabizwire.com)
