S-Space College of Law/Law School (법과대학/대학원) The Law Research Institute (법학연구소) Journal of Korean Law Journal of Korean Law Volume 17 Number 1/2 (2017/2018)
Rule or Standard: The De-Identification of Personal Information in Korea
- Ko, Haksoo; Lee, Sun Goo
- Issue Date
- 서울대학교 아시아태평양법연구소
- Journal of Korean Law, Vol.17 No.1, pp. 79-100
- Big data; de-identification; anonymization; personal information; Korea; rule; standard; risk-based approach
- Korea is a data-rich country with huge potential in this era of the data-driven economy. Nonetheless, it is unclear if the country is actively utilizing its potential. A central reason for this hesitancy appears to be related to Korea’s strict privacy law regime. In an effort to encourage utilization of data, the Korean government issued multi-agency de-identification guidelines in 2016. The guidelines rely heavily on the statistical concept of “k-anonymity.” In the context of academic discourse distinguishing between rules and standards, the adoption of k-anonymity can be identified with the adoption of a rule. By analogy, employing the concept of k-anonymity is akin to imposing the same speed limit in all cases, regardless of road conditions such as the traffic situation, time, and number of lanes. On the other hand, a standard would demand that drivers drive at a reasonable speed. As such, while a rule is simpler and easier to follow, a standard could be adapted to suit diverse circumstances. This article suggests that Korea needs to adopt a risk-based approach for de-identifying personal information and argues that a risk-based approach would be predicated upon providing a suitable standard, not a rule.