The Path to Open Public Data Unveiled... Government Moves to Expand Use of Pseudonymized Information

Chairman Ko Hak-su of the Personal Information Protection Commission tapping the gavel.
[Photo by Yonhap News]

The use of pseudonymized information from public institutions, which has been difficult for private companies to utilize, is becoming much easier. AI companies will have access to high-quality data, enabling them to accelerate AI training.

On the 21st, the government announced the 'Plan to Expand the Use of Pseudonymized Information' at the Government Seoul Office, jointly with the Personal Information Protection Commission, the Ministry of Economy and Finance, and other related ministries. Pseudonymized information refers to data processed by deleting or substituting parts to prevent identification, ensuring that personal information is not exposed.

The government has prepared measures to address various difficulties raised in the field of system utilization, including ▲resolving difficulties in securing data for pseudonymized information use ▲improving burdens and constraints in pseudonymization and data linkage procedures ▲supporting infrastructure for pseudonymized information use ▲ensuring safety against re-identification and leakage of pseudonymized information.

Public institutions holding large amounts of public data have often responded passively to requests for pseudonymized information from private companies and researchers due to internal procedural issues, lack of personnel, and insufficient incentives to provide pseudonymized information during the process of pseudonymizing public data containing personal information.

Accordingly, the government amended the 'Public Data Act' and the 'Data-Driven Administration Act' to enable the provision and utilization of pseudonymized public data containing personal information to both public and private sectors, promoting the opening and use of public data.

Next year, new evaluation items related to the provision and utilization of pseudonymized information will be added to public institution assessment criteria such as the ‘Public Data Provision Operation Performance Evaluation’ and the ‘Data-Driven Administration Inspection.’ The evaluation results will be reflected in the ‘Government Work Evaluation’ and the ‘Public Institution Management Evaluation.’

The government expects that these legal amendments and the introduction of new evaluation criteria will serve as an opportunity not only for public institutions to utilize pseudonymized information but also to actively open and provide pseudonymized data they hold to private companies and researchers.

By the end of the year, the government plans to specify and detail principles for pseudonymization, identification risk assessment criteria, pseudonymization methods, and cases for unstructured data such as video, audio, and text, whose demand is rapidly increasing due to the recent rapid growth of artificial intelligence (AI), and incorporate them into the 'Pseudonymized Information Processing Guidelines.' It also plans to increase the possibility of utilization of unstructured data in the healthcare field, such as medical personnel observation/input text and voice information, based on technological advancement levels and strengthened safety measures.

The data utilization system for autonomous driving technology will also be advanced. When videos captured by mobile imaging devices such as autonomous vehicles and robots are used for AI training, requirements for anonymization often degrade the quality of AI training data. Going forward, the government plans to operate regulatory sandbox and other demonstration exception systems to allow the use of original video data. However, this will be limited to cases where it is difficult to secure the reliability of safe autonomous driving technology through pseudonymized videos.

The government will rationalize the criteria for designating specialized institutions, which differed between the 'Personal Information Protection Act' and the 'Credit Information Act,' and standardize and simplify the application procedures and forms for data linkage, thereby resolving inconveniences for data users caused by differences between the two laws.

Additionally, pseudonymized information linkage specialized institutions will be allowed to combine and directly utilize the pseudonymized information they hold. However, to prevent side effects from allowing self-linkage, various measures will be prepared, such as permitting self-linkage proportional to third-party data provision performance and mandating the participation of competing institutions during self-linkage appropriateness evaluations.

Furthermore, to alleviate the burden of pseudonymized information use in the field, the government will clarify the scope of legal responsibility during the processing and provision of pseudonymized information. These details will be codified in the 'Pseudonymized Information Processing Guidelines.'

The government will pilot the introduction of ‘Personal Information Safe Zones’ to enable more flexible use of personal and pseudonymized information by enhancing the environmental safety of data processing.

This system allows various data processing activities that were practically restricted before, provided that environmental safety measures such as zero-trust security models and pre- and post-data processing controls are in place. Zero trust is a security model based on the principle of 'trust nothing,' which does not automatically trust internal users and aims to verify the entire data processing process.

Moreover, for unstructured big data such as video and audio, where exhaustive pseudonymization inspections require excessive time and cost, the application of pseudonymization software verified by a specialized review committee and sampling inspections will be permitted for utilization.

Opportunities to actually utilize PET (Privacy-Enhancing Technologies) will also be provided. PET, which can reduce privacy risks while securing data utility, is rapidly advancing. However, until now, ambiguous application of existing systems and the lack of a system to verify safety have often caused difficulties in technology development and commercialization.

Therefore, by allowing the processing of personal information using PET under the review and verification of a specialized review committee within the safe zone, opportunities to utilize PET are expected to expand. The Personal Information Protection Commission plans to accumulate and study PET demonstration cases and consider institutionalization measures.

The government will strengthen support for small and medium-sized enterprises and startups lacking pseudonymization capabilities and personnel to eliminate data utilization blind spots. It will additionally establish ‘Pseudonymized Information Utilization Support Centers’ to support data utilization for regional SMEs and startups, enhance regional data utilization through cooperation systems with regional special zones and industrial complexes, and support 4,000 specialized personnel by 2026 through strengthened training for pseudonymized information experts.

The government supports safe personal information utilization through R&D on personal information protection technologies responding to new technologies such as AI and R&D on technologies supporting safe personal information use. It will also conduct regular inspections and expand quarterly checks on data processing institutions, establishing a personal information monitoring system that comprehensively considers data sensitivity and risks in pseudonymization and linkage processes.

Ko Hak-su, Chairman of the Personal Information Protection Commission, said, “Although there have been various achievements since the introduction of the pseudonymized information system, it is now time to prepare fundamental improvement measures for the various issues raised in the field of pseudonymized information system utilization. Starting with this plan, we will establish an ‘upgraded regulatory system’ to create a new data economy based on public trust.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.