The Personal Information Protection Commission (Personal Information Protection Commission) said on the 22nd that among the 123 state tasks finalized at the Cabinet meeting on the 16th, "establishing a personal information protection system that the public can trust" was ultimately included.
This state task aims to strengthen the accountability of corporations in response to large-scale personal information leaks and expand the public's personal information rights. It will also support artificial intelligence (AI) innovation by preparing a safe personal information utilization system. The Personal Information Protection Commission will push five key action items to that end: ▲ strict sanctions for major incidents and making victim compensation substantive ▲ guaranteeing the right to informational self-determination ▲ reestablishing a prevention-centered protection system ▲ strengthening the control tower role in the AI and data era ▲ preparing a safe personal information utilization system.
For major incidents, it will strengthen penalty surcharges and toughen responses by mandating immediate notices to all users. It also plans to advance systems that detect and delete illegal distribution of personal information and to minimize secondary damage by creating a basis for punishing illegal transaction.
Regarding the guarantee of the right to informational self-determination, it will expand the protected group of children and adolescents from under 14 to under 18 and activate the digital right to be forgotten that supports deletion of online posts. It will also establish grounds for deletion requests and punishment for AI-synthesized content (deepfakes) and introduce policies that guarantee the privacy rights of the deceased.
To shift to a prevention-centered system, it will set standards for corporations to secure dedicated personnel and budgets and strengthen the certification procedures for personal information protection management systems. It also plans to expand inspections of vulnerable areas such as smart devices and public institutional sector systems.
To strengthen the control tower role in the AI and data era, it will establish the basic principles of the Personal Information Protection Act and expand the MyData system to 10 everyday, close-to-life areas such as health care and telecommunications. It also plans to strengthen international cooperation, taking the hosting of the Global Privacy Assembly (GPA) in Seoul as an opportunity.
To build a safe personal information utilization system, it will establish grounds for using high-quality data for AI training, innovate the pseudonymous information system, develop privacy-enhancing technologies (PET), and foster professionals. In addition, following the Korea–EU adequacy recognition, it plans to expand cooperation to the United Kingdom and Japan to establish a safe data transfer system.
Koh Hak-soo, Chairperson of the Personal Information Protection Commission, said, "We will pursue a balanced approach to the protection and use of personal information to deliver results that the public can feel firsthand."