Goh Haksoo, Chairperson of the Personal Information Protection Commission: "A 'Prevention Bureau' Is Needed to Reduce New Technology Risks"

"There is a need to establish a 'Prevention Bureau' within the Personal Information Protection Commission to reduce legal uncertainties related to personal information when companies pursue new businesses. Companies must also pay attention to personal information, ensure safe management, and make appropriate investments."

Goh Haksoo, Chairperson of the Personal Information Protection Commission, is being interviewed by Asia Economy at his office in the Government Seoul Building, Jongno-gu, Seoul. Photo by Jo Yongjun

View original image

Koh Haksoo, Chairperson of the Personal Information Protection Commission, is approaching the end of his three-year term. Just one month after taking office in October 2022, ChatGPT was launched, and generative artificial intelligence (AI) technology rapidly gained prominence. Since most AI technologies advance by learning from data that includes personal information, his responsibilities as the head of the Commission have become even more significant.

He has taken on the role of supporting both the protection and industrial use of personal information. He was the first to introduce the "preliminary adequacy review system," which reduces legal risks for companies launching AI-based advanced technologies and new services. Looking ahead, he has also stressed the need to officially establish a "Prevention Bureau" to proactively prevent personal information breaches and reduce corporate risks.

In an interview with Asia Economy conducted on September 29 at his office in the Government Seoul Building, Koh stated, "Some people have the preconception that the Commission only regulates, but we have always worked with a pragmatic approach," adding, "We have sought to protect the rights and interests of the public without hindering the benefits brought by AI innovation."

He cited the preliminary adequacy review system, which has been in operation since October 2023, as a prime example of pragmatic administration. So far, the Commission has established compliance measures for the Personal Information Protection Act for a total of 15 cases involving AI and other new technologies and services. Of these, seven have either been officially launched or are in testing. Examples include Toss's Face Pay service, which has been introduced at 200,000 franchise locations nationwide, and Facebook's blocking of celebrity impersonation ad accounts-both commercialized after undergoing the preliminary adequacy review process.

Koh commented, "By using real-time processing that does not store users' facial images in the database, companies have been able to address privacy concerns when using facial recognition technology." He added, "Currently, due to budget and organizational limitations, prevention-related work is divided among several departments, but eventually, a Prevention Bureau should be established to take on these responsibilities officially."

Koh Haksoo, Chairperson of the Personal Information Protection Commission, is being interviewed by Asia Economy at his office in the Government Seoul Building, Jongno-gu, Seoul. Photo by Jo Yongjun

View original image

Additionally, Koh emphasized that companies must take an active interest in personal information protection and invest in it, starting with their CEOs. Citing the SK Telecom server hacking incident, he said, "Records show that a junior SKT employee reported the vulnerability for years, but no decisions were made at higher levels, and time just passed. When vulnerabilities accumulate one by one, they can eventually lead to significant risks."

As of December 2023, the proportion of information security investment relative to IT investment in Korean companies was 6.1%, lower than the United States (11.6%). Koh noted, "Unless there is a major data breach, companies may tend to reduce security investments, so it is necessary to sound an alarm." To strengthen corporate accountability, the Commission is considering measures such as increasing fines for companies that repeatedly experience data breaches.

He stated, "With the full-scale arrival of the big data and AI era, data is exploding and there are more targets for hackers to attack. It is important not to stop at implementing software solutions like firewalls or antivirus programs, but to devote genuine effort to analysis and strengthening practical capabilities." He also added, "There needs to be a shift in corporate culture to recognize the expertise of Chief Privacy Officers (CPOs) and support their career development."

Hot Picks Today

"Could I Also Receive 370 Billion Won?"... No Limit on 'Stock Manipulation Whistleblower Rewards' Starting the 26th

• Samsung Electronics Labor-Management Reach Agreement, General Strike Postponed... "Deficit-Business Unit Allocation Deferred for One Year"
• "From a 70 Million Won Loss to a 350 Million Won Profit with Samsung and SK hynix"... 'Stock Jackpot' Grandfather Gains Attention
• "Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
• "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?

Koh's departure ceremony is scheduled for tomorrow (the 2nd). When asked about his plans after leaving office, he replied, "Given the high level of public interest in personal information, I will need to continue to serve as an expert in some capacity." He added, "As AI technology develops further and enters the market, there will come a time when we need to be more specific about what aspects of 'safety,' which is still somewhat broad, require further consideration." He also predicted, "With the full-scale arrival of the AI agent era early next year, various complex issues related to personal information will emerge."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.