[Asking the Way to the Data Economy] "The First Step from IT Powerhouse to AI Powerhouse" (Interview)

[Asia Economy Reporter Kim Heung-soon] "In the 1990s, as South Korea pursued informatization and becoming an IT powerhouse, IT infrastructure, gaming, popular culture content business, and portal industries developed dramatically. Now, artificial intelligence (AI) and data are at the core. The question is whether we can leap forward again as a strong AI and data nation. This is the moment to take the first step to determine that."

Professor Lee Seong-yeop of Korea University Graduate School of Technology Management (pictured) recently gave this significance in an interview with Asia Economy regarding the upcoming enforcement of the Data 3 Act (Personal Information Protection Act, Information and Communications Network Act, Credit Information Act) scheduled for August 5. With the advent of the "data economy" era where data holds important value as a resource for production and marketing, South Korea must move away from the previous perspective that focused only on privacy concerns or security and actively utilize data assets. He expressed regret that South Korea, trapped in regulations emphasizing information protection, lags behind competitor Japan in data utilization. He used the analogy, "We should not block the usefulness of car use out of fear of accidents," emphasizing that the goal should be the safe 'utilization' of data.

Professor Lee serves as the president of the Korea Data Law and Policy Association, founded in January this year with the goal of researching laws, economics, and management theories for data utilization and protection and contributing to the creation of a proper data ecosystem. About 100 experts from legal, economic, management, media, and engineering fields are active members. We discussed his outlook on the data economy era and the points that need to be supplemented ahead of the amendment enforcement.

- What changes will the enforcement of the Data 3 Act bring?

▲ First, the biggest change is that pseudonymized personal identification information can be used without consent. Second, if the purpose differs from the original collection, consent was required, but now personal information can be used without consent within a reasonably related scope. It has also become possible to combine data held by different institutions. This is a significant advancement in that companies can analyze big data they possess to provide customized services to customers.

From a business perspective, targeted marketing becomes possible. All businesses aim to induce purchases, and if they can identify an individual's interests and provide appropriate services, the effect will be significant. For example, a company can collect personal pulse, exercise amount, and sleep time through wearable devices, then pseudonymize information such as gender, age, and weight to suggest suitable exercise programs. Based on pseudonymization, it is also possible to aggregate health checkup records and genetic information to analyze vulnerability to certain diseases and provide preventive guidance.

- Why is South Korea's data utilization slower compared to major countries like the US, Europe, and Japan?

▲ The US has developed businesses utilizing personal information without separate legal restrictions, flexibly operating broad consent and post-consent when consent is required. If consumer damage occurs later, compensation claims are made, or criminal penalties are imposed for intentional antisocial acts. The European Union (EU) has enforced the General Data Protection Regulation (GDPR) since May 2018, integrating public and private, online and offline sectors. The goal is to create a single market across Europe to freely move data while protecting and utilizing personal information.

Japan, once considered far behind us in IT, has loosened many related regulations to recover from the "lost 20 years" and strengthen data utilization. It established the Personal Information Protection Commission in January 2016 and quickly introduced anonymized processed information. Although we led Japan in the IT industry, we have not advanced in data utilization business due to regulatory issues emphasizing privacy. Therefore, big data analysis and AI have not progressed.

- The industry and academia still point out that the data economy may not activate as expected. Why?

▲ The purpose of the Data 3 Act has not been properly implemented through enforcement decrees. Although the amendment to the Personal Information Protection Act emphasizes data utilization, the subordinate laws reflect conflicting content, such as emphasizing 'protection' based on civic group opinions. Guidelines covering the scope, usage methods, and restrictions of data utilization will be issued, but in the past, some companies faced lawsuits from civic groups despite following guidelines. Government guidelines are not legally exempting, so companies inevitably become cautious fearing disputes.

- What alternatives do you suggest?

▲ Clear guidelines should be created to meet companies' needs, and it should be made clear that complying with them eliminates legal risks. I hope a 'grace period' of six months to one year after enforcement is set to suspend law enforcement. The government could also consider having an authoritative interpretation function to address ambiguous cases arising from laws, enforcement decrees, and guidelines.

- Concerns about personal information leakage remain during pseudonymized information utilization, processing, and combination. What about that?

▲ According to the amendment to the Personal Information Protection Act, if information is processed to identify a specific individual, a fine of up to 3% of the company's total sales can be imposed. Criminal penalties are also possible if safety measures to prevent loss or leakage during pseudonymized information processing are not secured or if record-keeping obligations are neglected. This is a strong regulation compared to other countries. Privacy infringement risks can be addressed through this. We should not block usefulness due to accident risks.

- Recently, the political sphere has advocated establishing a 'Data Agency.' What do you think?

▲ Various ministries already handle data utilization in their respective fields, such as financial data (Financial Services Commission), health and medical data (Ministry of Health and Welfare), and transportation and logistics data (Ministry of Land, Infrastructure and Transport). Placing these under a single ministry agency would be inefficient because it is impossible to separate financial, health, medical, and transportation policies from their respective data.

However, establishing a Data Agency under the Ministry of Science and ICT to create a common data utilization foundation across public and private sectors is an option. The Personal Information Protection Commission, which will be promoted to a government ministry in August, is expected to perform comprehensive policy work on data protection and utilization. After observing the cooperation results among the Ministry of Science and ICT's data utilization foundation efforts, the Ministry of the Interior and Safety's public data utilization tasks, and the Commission, governance discussions such as the Data Agency should be considered with time.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.