Shortening the Time and Cost of Processing Pseudonymized Data
Enhancing Utilization to Secure Data Competitiveness
The government will lower the barriers and regulatory intensity for the use of pseudonymized data, which has been criticized for hindering the development of the artificial intelligence (AI) industry.
On the 17th, the Personal Information Protection Commission's "Personal Information On-site Briefing" is being held at EL Tower in Seocho-gu, Seoul. Photo by Kyungjo Noh
On December 17, at the "Personal Information On-site Briefing" held at EL Tower in Seocho-gu, Seoul, the Personal Information Protection Commission announced this policy, stating that it aims to reduce uncertainties in the process of utilizing pseudonymized data.
First, the Commission introduced a pilot "No-action Letter" system last month. When inquiries are received regarding the application of laws related to pseudonymized data, the Commission will check whether the case is subject to administrative action and respond within 30 days. The core of the No-action Letter system is to refrain from administrative sanctions for cases where such a letter has been provided, as long as there are no changes in circumstances or environment.
In addition, the risk level of pseudonymized data has been subdivided into high, medium, and low risk, allowing for more flexible use. To address the difficulty of having to set extremely specific prior purposes for the processing of pseudonymized data in AI development, the Commission will now allow and review a "scalable purpose scope" as well. The processing period for pseudonymized data will also be broadly recognized as "until the completion of AI service development and operation" to ensure continuity. This reflects concerns that the principle of immediate destruction after achieving the purpose has hindered the development and advancement of AI models.
Furthermore, the guideline has been revised so that the practice of uniformly deleting unique information with a high risk of re-identification can be replaced by allowing such data to be retained if combined with data and environmental safety measures. Unique information is considered a key factor in improving AI model performance and preventing bias. The burden of conducting a full inspection of large-scale unstructured data in terms of time, cost, and manpower has also been eased.
Jumunho, an official at the Data Safety Policy Division, stated, "We expect the period from providing to combining pseudonymized data to be shortened from the current average of 310 days to within 100 days by 2027. During the same period, the proportion of public institutions with experience in providing pseudonymized data will also increase from around 2% to more than 50%." He added, "By promoting the supply of pseudonymized datasets for AI training, we aim to secure data competitiveness to become one of the world's top three AI powerhouses."
Meanwhile, the briefing was organized to address questions and difficulties faced by personal information managers in their work. In addition to the pseudonymized data system, the event also covered the prior adequacy review system to support the safe use of personal information, the overseas transfer system, and guidelines for handling personal information in the development and use of generative AI.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
