On the 26th, Commissioner Ko Hak-soo said at the '2025 Personal Information Protection Fair (PIS FAIR)' that the SK Telecom personal information leakage incident has reached a significant level of public anxiety regarding personal information protection, and this incident should serve as an opportunity to fundamentally examine the personal information protection system.
He emphasized that public institutions and corporations handling large amounts of personal information must reassess the entire process of personal information processing and develop comprehensive improvement measures. In particular, he pointed out that the establishment of a continuous risk management system at the enterprise level and a shift in perception regarding human and material investments are urgent.
The committee announced a draft for strengthening the personal information safety management system last week, focusing on 'immediate and technical measures,' 'strengthening internal controls,' and 'actualizing the rights and remedies of data subjects.' Commissioner Ko stated that discussions on institutional improvements would continue based on this.
As we enter the era of artificial intelligence (AI), personal information protection policies are also being rapidly reorganized. Commissioner Ko noted, 'After the announcement of the 'Policy Direction for Safe Use of Personal Information in the AI Era' in August 2023, we have been establishing a policy foundation by setting guidelines for the pseudonymization of unstructured data, the use of public data, and the generation and use of synthetic data.'
He further explained, 'The committee has established a principle-based regulatory framework centered on a technology-neutral approach that promotes innovation, differentiated safety measures proportional to risks, and principles for safeguarding rights considering the characteristics of AI and the context of personal information processing.'
Additionally, Commissioner Ko stated that the preliminary appropriateness review system and regulatory sandbox are playing a role in reducing the legal interpretation uncertainty for corporations, mentioning that major domestic and international operators such as Kakao and Toss are actively participating in the system.
The committee has examined the personal information processing practices of global AI companies including OpenAI, Meta, and DeepSeek. Commissioner Ko remarked, 'We found insufficient areas in the processes of utilizing open data for training and processing user input data, and recommended improvements.'
The committee is pushing for amendments to the Personal Information Protection Act based on relevant experiences. Commissioner Ko stated, 'We plan to strengthen the legal basis by expanding the grounds for lawful processing of personal information and establishing special provisions for processing of personal information by artificial intelligence.'
In September, the GPA General Assembly will be held in Seoul, involving personal information supervisory agencies from 95 countries and over 150 entities. Commissioner Ko noted, 'This assembly will be an opportunity for Korea to strengthen its leadership in international discussions on personal information norms and to lead the establishment of new standards,' and urged the attention of experts from the public and private sectors.
Finally, he expressed, 'I hope that the 2025 PIS FAIR will lay the groundwork for the safe and effective use of personal information in the era of artificial intelligence and become an opportunity to strengthen the national personal information safety management system.'