SEOUL, Jul. 22 (Korea Bizwire) – As new technologies emerge that can predict menstrual cycles and detect sleep apnea by collecting biometric data during sleep, including heart rate, blood sugar levels, and stress indicators, the South Korean government has initiated efforts to draft legislation to address these developments.
The Personal Information Protection Commission (PIPC) aims to create a legally binding regulatory framework for biometric information. This move is intended to mitigate risks to individuals’ rights while providing clarity for businesses operating in this space.
According to a PIPC official, speaking on condition of anonymity due to the sensitivity of ongoing discussions, the commission plans to prepare draft legislation by next year.
“We aim to strike a balance between protection and regulation,” the official stated. “We’ll finalize internal discussions this year, draft legal provisions, and then seek external input next year.”
The current Personal Information Protection Act lacks specific provisions for biometric data. While a 2020 amendment to the enforcement decree expanded the scope of sensitive information to include “information about an individual’s physical, physiological, and behavioral characteristics,” critics argue that it fails to keep pace with rapid industry developments.
The tech industry, particularly in the realm of AI-equipped wearable devices, has seen a proliferation of biometric data collection.
Samsung Electronics, for instance, recently expanded its range of collected biometric data with the launch of its latest Galaxy series, including the Galaxy Ring, a smart ring for health monitoring.
Samsung Health’s updated privacy policy now includes additional data points such as heart rate variability, time to fall asleep, movement during sleep, and sleep-time heart rate and respiratory rate. This data is used to predict ovulation, fertility, menstrual cycles, and detect sleep apnea.
However, these advancements have raised privacy concerns globally. Gerritt Schneemann, a senior analyst at Counterpoint Research’s U.S. branch, noted in an email interview, “There are concerns about the increasing amount of personal health data collected by Galaxy devices. The EU requires health data to be stored and processed within the region where it’s collected, necessitating appropriate infrastructure.”
The European Union’s AI Act, finalized in February, prohibits the use of biometric categorization systems and facial recognition systems that pose a high risk to human safety and fundamental rights.
The PIPC plans to draft its biometric information bill considering international regulations like the EU AI Act and industry trends.
“Biometric information, once leaked, cannot be changed, and there may be unethical aspects to data collection,” the PIPC official explained. “We aim to create specific definitional clauses and pursue amendments that balance protection and utilization.”
Kevin Lee (kevinlee@koreabizwire.com)