As artificial intelligence transformation accelerates, social concerns over personal data protection are growing. Academics are calling for preventive measures, including improving corporate internal control systems and expanding the scope of protection under the Personal Information Protection Act, given the clear limitations of post-hoc sanctions for managing personal data.
Participants at the "Personal Information Related Academic Societies Policy Forum" hosted by the Personal Information Protection Commission (PIPC) on January 9 at the National Information Society Agency in Jung-gu, Seoul, agreed on the need to establish a preventive system for personal data protection in the AI era. Representatives from 11 related academic societies attended, including the Personal Information Protection Law Society, Korean Society of Medical Informatics, Korean Public Law Association, Korea Data AI Law and Policy Society, Korean Artificial Intelligence Law Society, Korean Society for Artificial Intelligence, Korea Information Law Society, Korea Information and Communications Law Society, Korean Policy Studies Association, Korean Association for Public Administration, and Korea IT Service Society.
The PIPC and academic societies discussed new challenges and countermeasures for personal data protection in the "AX era." Participants proposed expanding the legal interests protected beyond the right to informational self-determination. They also called for reviewing governance frameworks to enable safe collection, processing, and use of data at industrial sites for physical AI technology development. They requested integrated support for data processors with insufficient privacy protection capabilities, such as startups.
Some participants emphasized the need for joint research and responses with academic societies on global issues such as cross-border transfer of personal data and illegal distribution.
The PIPC shared its major policy plans for this year at the forum. It introduced key policies including the revised Personal Information Protection Act that passed the National Assembly last month. The commission also mentioned plans to introduce "AI exceptions," establish "AI agent-related guidelines," and respond to personal data illegally distributed on the dark web, requesting continued interest and cooperation from academic societies.
"As deterrence through post-hoc sanctions alone becomes insufficient to address new and potential threats in the AX era, the PIPC aims to move toward a preventive system by specifying a risk-based approach," said PIPC Chairperson Song Kyung-hee. "We will continue to work closely with academia to proactively prepare for future society and develop relevant policies."
Meanwhile, the revised Personal Information Protection Act strengthening privacy responsibilities—including the introduction of punitive fines and enhanced roles for chief privacy officers—will be promulgated on January 10. This has been a key legislative initiative the PIPC has pursued since last year.
The legislation allows punitive fines of up to 10% of total revenue for repeated or serious violations. This significantly strengthens the existing system, which permitted fines of up to 3% of total revenue.
The provisions apply in cases where data breaches occurred repeatedly due to intent or gross negligence over the past three years, where intent or gross negligence caused breaches affecting 10 million or more individuals, or where the same type of incident recurred due to non-compliance with PIPC corrective orders following a breach. Fines may be reduced for companies that have invested in and operated privacy-related budgets, personnel, and facilities.
The revision also requires immediate notification to users when a data breach occurs. The current law requires notification to data subjects when a breach is confirmed, which has caused delays. The change requires notification "when there is awareness of a potential breach."
"We will strengthen communication with businesses to ensure the revised law is properly implemented in the field," a PIPC official said.