Korean Online Retailers Challenge Data protection Claims Amid Regulatory Revision
Table of Contents
The Korea Online Shopping Association (Onshohyup) is pushing back against assertions made by the Personal Information Protection Commission (PIPC) regarding the security of specialized personal information management organizations, as the PIPC revises the Enforcement Decree of the Personal information Protection Act. The debate centers on expanding personal information request rights and the potential risks associated with centralized data handling.
Concerns Over Specialized Agency Security
On thursday, July 25th, onshohyup issued a statement contesting claims made by Ha Seung-cheol, head of the government-wide My Data Promotion Team of the PIPC, during a recent press briefing. The association alleges that the PIPC’s assessment of the safety of specialized agencies – specifically regarding encryption and access control – is inaccurate and downplays inherent risks.
According to the statement, “specialized agencies have a much higher risk than telecommunications companies due to their structure that intensively performs information storage and relay functions.” A key point of contention is that robust encryption and access control are already mandated for all personal information processors, not unique advantages held by specialized organizations.
Disputed Statistics and Regulatory Impact
Onshohyup also challenged the PIPC’s figures regarding the scope of the proposed regulatory changes. The association argues that the PIPC’s claim that only 680 out of approximately 30,000 websites will be affected by the amendment is “a misleading statement using figures unrelated to the submission standards of the law.”
Rather, Onshohyup emphasizes that the criteria for triggering transmission obligations are based on a company’s scale of sales and information processing, meaning the impact will be far broader than initially suggested. This broader impact, they argue, needs to be fully considered.
Legal Uncertainty and Data Scraping
Further concerns raised by the online retailers relate to the lack of clear definitions within the proposed enforcement ordinance. Specifically, the association points to ambiguity surrounding the exclusion of “information analyzed and processed by the company,” stating that the absence of a defined judgment standard creates notable legal uncertainty for businesses. Similarly,the criteria for determining third-party rights and trade secrets remain undefined,potentially leading to disputes.
The PIPC’s stance on data scraping also drew criticism. Onshohyup contends that suggesting scraping is too widespread to ban “directly conflicts with the purpose of the amendment’s API conversion and also contradicts the automation access restriction provisions of the current law.”
PDS Safety and Data Concentration Risks
the association expressed skepticism regarding the safety of Personal Data Storage (PDS) systems. They argue that the amendment’s likely reliance on sp
Here’s a breakdown of the news report, answering the “5 Ws and H”:
* Who: The Korea Online Shopping Association (Onshohyup) is challenging the Personal Information Protection Commission (PIPC). Key individual mentioned: Ha Seung-cheol,head of the PIPC’s My Data Promotion Team.
* What: Onshohyup is disputing the PIPC’s claims regarding the security of specialized personal information management organizations and the scope of impact from revisions to the Personal Information Protection Act’s Enforcement Decree. They are raising concerns about data security, regulatory impact, legal uncertainty, and data scraping.
* Why: Onshohyup believes the PIPC’s assessment is inaccurate, downplays risks, and could negatively impact industry stability and create legal issues for businesses. They advocate for a balanced approach to data protection.
* When: The statement was issued on Thursday, July 25th, as the PIPC revises the Enforcement Decree.
* Where: The dispute
