![[The Editors' Verdict] Data 3 Act: Clarifying Roles and Standards Needed](https://cphoto.asiae.co.kr/listimglink/1/2020070310413540917_1593740495.jpg)
The 'Data 3 Act,' which had been stalled in the National Assembly for over a year, was passed in the plenary session on January 9. The Data 3 Act refers to the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection (Information and Communications Network Act), and the Credit Information Act (Act on the Use and Protection of Credit Information). Collectively calling them the 'Data 3 Act' signifies viewing personal information as a resource for the development of the big data industry. The purpose of this legislative amendment is to eliminate overlapping regulations on personal information protection and to enable broader use of data. In particular, pseudonymized information can be used for commercial purposes and processed and utilized without the consent of the data subject.
With the passage of this law, expectations are growing that the era of the data economy will officially begin. On the other hand, concerns about personal information leakage and the ambiguity in the definitions of key items have also increased, indicating that there are many shortcomings in unlocking the potential of data utilization. Although the Data 3 Act is set to be enforced in August, many controversies and disputes are expected during its implementation. Without sufficient social consensus, not only the responsible government agencies enforcing the law but also individuals and companies will inevitably face difficulties. The intense discussion process may be exhausting and leave scars, but considering the impact of the Data 3 Act on the economy and society, it is a process that cannot be ignored.
To start the discussion, it is essential not to lose sight of the foundation and background of this law. Above all, the legislative direction is important. Although the expressions in Article 1 of each law under the Data 3 Act differ slightly, both 'personal information protection' and 'efficient use' are explicitly stated. When these two differing values conflict, disputes are inevitable.
Government policies must harmoniously incorporate five aspects: purposefulness, effectiveness, simplicity and clarity, acceptability, and sustainability to achieve goals and maintain long-lasting influence. If policies under the Data 3 Act, which have the character of comprehensive measures, cause confusion in interpreting detailed contents and raise significant concerns among individuals and companies, they may fall into a dilemma where the sustainability of the policy is compromised.
To resolve this, a more detailed response to the risks of personal information infringement, which civil society is concerned about, is necessary. Furthermore, it is important to consider how to effectively protect the rights of data subjects, which were framed in the past, within a future-oriented framework. Moreover, discussions should be held on what benefits members of our society, who will provide data upon the law’s enforcement, can receive. Additionally, through broad consultation with experts from various fields, the methods and levels of pseudonymization should be clearly defined, ensuring that the essence of 'data and information utilization' is not obscured in the process.
The bill and the competent authority need to be unified under the Personal Information Protection Act and the Personal Information Protection Commission, in line with the intent of the amendment. In this process, the Personal Information Protection Commission must maintain independence and autonomy to avoid becoming a ground for political confrontation. Furthermore, there is an urgent need to consider how to balance protection, regulation, and promotion functions.
Is regulatory innovation that simultaneously enhances personal information utilization and protection truly possible? In times of great controversy, it is necessary to return to the essence and find solutions. If we are to find new growth engines in the digital age, the government must clearly define what should and should not be done before considering the scope of permission and allowance. It is hoped that these discussions will serve as the starting point for designing data regulation innovation policies that companies can feel and practical user protection policies that the public can experience.
Shin Minsu, Professor, Department of Business Administration, Hanyang University
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
