[Exclusive] Government Moves to Prevent Coupang-Style Incidents... Support for Preventing Private Data Leaks, New Data Committee to Be Established

The government has begun establishing a public management system to prevent the external leakage of key data held by private companies such as Coupang. The National Data Agency is reviewing the enactment of the National Data Basic Act next year, which would include provisions to support the prevention of loss and leakage of data held by private companies. This would create a legal basis for the state to designate even the data accumulated within private platforms such as Coupang, Naver, and Kakao as subject to government management. In addition, the government plans to establish a new National Data Committee to oversee data management across ministries and integrate the currently fragmented data governance system.

According to relevant ministries on December 8, the National Data Agency is pursuing the enactment of the National Data Basic Act, which introduces the concept of data sovereignty, as well as the establishment of the National Data Committee. Data sovereignty refers to the obligation to preserve nationally important data so that it is not lost, and to prevent inappropriate leakage abroad or to external parties. The government believes that, up to now, the absence of such a concept in the domestic legal system has created blind spots in data management.

A senior government official stated, "Incidents like the Coupang case, where a Chinese employee leaked key data, are related to our data sovereignty," adding, "Since the Statistics Korea agency was elevated to the National Data Agency, we have been reviewing what can be done and what legal authority is needed, and are drafting the National Data Basic Act."

The government plans to ensure that, in addition to personal information accumulated within private companies, key data affecting national security or the lives of citizens will be designated as 'nationally designated data' and included as subjects of management. The government believes that major data held by private companies should not be treated solely as internal corporate assets. Another government official explained, "Increasingly important data is accumulating within companies, beyond just personal information," adding, "Going forward, the government will support private companies in preventing the leakage of such data and will verify whether it is being properly managed." As a result, private companies such as Naver and Coupang, which have accumulated vast amounts of data, will receive support for preservation and leakage prevention within the national management framework.

The government is also considering the establishment of a new National Data Committee (tentative name). With the National Statistics Committee (Statistics Korea), the Public Data Strategy Committee (Ministry of the Interior and Safety), and the National Data Policy Committee (Ministry of Science and ICT) all operating under different legal frameworks, the government has determined that a higher-level control tower is needed to oversee data utilization across ministries. Rather than abolishing existing committees, the focus will be on maintaining each committee under its respective legal system while overseeing and coordinating conflicts that arise during the data utilization process.

The government's move to establish a separate control tower is driven by the growing issue of 'data silos'-a structural disconnect in which ministries and agencies manage their own data separately, making interconnection and sharing difficult. Currently, when using financial data, regulations from the Financial Services Commission must be considered; when combining medical data, the Medical Service Act applies; and when personal information is involved, the Personal Information Protection Commission's regulations must be reviewed. Each time companies attempt to combine various data sets for the development of AI (artificial intelligence) services, overlapping regulatory systems result in repeated legal risks and procedural delays. The government believes that once a data control tower is established, these limitations will be addressed and large-scale data linkage and utilization will become more flexible, underscoring the need for stable data governance.

Major countries overseas are also building integrated governance structures to strengthen the management of key data. In 2021, Japan launched the Digital Agency, strongly integrating public and private data policies under a single agency, and legislated that the Digital Agency oversees the standardization of all administrative and public systems as well as metadata management through the Basic Act on the Formation of a Digital Society. This structure, which centralizes data management and utilization norms in one agency, is considered the most unified data governance system among Asian countries.

The United States requires every federal agency to appoint a Chief Data Officer (CDO) and operates a CDO Council to coordinate and unify data management functions at the federal level. The United Kingdom has also established a centralized data governance system by strongly integrating public, administrative, and statistical data under the Office for National Statistics (ONS).

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.