In the movie "Avengers: Infinite War" released in April 2018 as the 10th anniversary of Marvel Studio, 23 heroes appear. However, Iron Man's presence is unrivaled among them. In fact, Tony Stark is not a mythical god like Thor, nor is he as strong as Hulk and Captain America. On the contrary, without the arc reactors attached to the heart, life cannot be maintained. But the moment he wears a wearable robot suit, he turns into an invincible Iron Man. Flying in the sky like Superman is the basic thing, and like Thor, the entire building is lifted up, and sometimes it exudes superhuman powers like Hulk. However, what if Iron Man gets into a fight over Korea? He would probably crash while pressing the "agree" button on the helmet screen before even fighting the enemy. Although it is rare overseas, it is due to "opt-in" of personal information that all businesses must unconditionally comply with in Korea.
May I collect your personal information?
In the Internet of Things(IoT) era, electronic devices are equipped with various sensors and connected to the Internet to process personal information. Wearable devices such as wristwatches will collect various personal information such as health information and location information to check the amount of exercise or health status in real time, while artificial intelligence services such as voice-recognition speakers will provide customized services optimized by accumulating all lifestyle information from the time they open their eyes to eating, and writing.
Big data, cloud and AI technologies, which are considered key technologies for the fourth industrial revolution, are essential for securing and utilizing various kinds of data. However, there is a process that must be followed in order to collect and use data: 'Private consent for personal information.'
The Personal Information Protection Act of Korea requires 'individual prior consent' from customers when providing personal information service. It is easy to understand the service terms and conditions. When you sign up for an Internet site or download a smartphone app, you must click the accept Personal Information Protection Policy button to access the service.
May I collect your personal information? Would it be okay to provide your personal information to third parties? Would it be okay if your personal information could be used for this and other purposes? It is roughly this kind of thing, depending on the service, I ask for consent only once and every time I ask for consent. Since personal information is sensitive information, it must be thoroughly managed and strictly protected. Procedures necessary for the protection of personal information are somewhat inconvenient and troublesome. However, Korea's Personal Information Protection Act is distant from these principles.
For example, 'Alexa, let me play songs' without the need to press a button that is a competitiveness of AI speakers that can play music in one word. But if you have to agree to personal information whenever you want to listen to a song, how much trouble would it be? An autonomous vehicle is a state-of-the-art equipment that allows a car to travel safely to its destination without driver. However, if I have to ask every time when I pass a crosswalk or a blue light turns on, can I leave now? It may be easier for me to drive myself.
The various IoT devices, such as AI speakers and self-driving cars, are mainly characterized by collecting and processing user's usage information in real time. If the current law strictly applies the principle of notice and consent to the terms and conditions of use under the law, it will not only cause extreme inconvenience for individuals but also reduce the convenience of individuals. But you can't break the law. The Personal Information Protection Act stipulates administrative punishment and civil liability for individual violations of consent, as well as imprisonment of up to five years or fines of up to 50 million won. This is the reason why it is considered the strongest law in the world.
The problem is that the privacy system is as powerful as any other country in the world, it is ironic that it is difficult to exercise self-determination for personal information. There is no legal protection against personal information infringement. The company providing the service at the moment the user clicks the button to accept the pre-agreement will be free from legal liability because it fulfills the legal obligations of prior notice and agreement. If the damage is in accordance with the terms and conditions announced beforehand, no matter how much the damage is, the government can not take the user's side.
After the individual agreement, it is not easy to give a visibility to the company's personal information processing policy. The best thing the government can do under the current system is the degree of post - fines that impose penalties or penalties after the damage has occurred. In the end, the damage is returned to the user unconsciously clicking on the pre-accept button to use the service. As a result of strength pre-consent regulations in order to protect personal information, the right of individuals to control post-personal information has been in place.
The message written in a small font that is difficult to read calls the polarization of personal information.
AI services are characterized by the more data they can find patterns, the more powerful they become. In addition to the data that was previously entered, the process of analyzing data that is accumulated in the service use process and detecting and applying new patterns is repeated indefinitely. Through this, AI services become closer to AI, and our daily lives become more convenient. However, the more data you collect, the more terms and conditions you have to agree in advance. The problem is that the privacy divide phenomenon, in which privacy is shifted to one side, will intensify in the process.
A younger generation who is accustomed to high-tech equipment will not have a big problem, but it is difficult for elderly people with disabilities or children who are not working with the device to communicate the Terms of Service. I do not skip it because I'm bothered, but I do not want to understand and agree. There can be a number of side effects that can lead to consent to the provision of unwanted personal information.
Strong regulation is a mechanism that causes privacy infringement, and companies are also in trouble. Following all of the strong personal information regulations, there is no choice but to restrict data collection and application development. Innovative service models are born when we imagine impossible, but because there are too many regulations in reality, the scope of thinking narrows and we are reluctant to try even though we are afraid of punishment. For the users, there is no reason to insist on complicated and uncomfortable domestic services compared to those of foreign companies. Domestic companies that are out of competition cannot afford to invest in new technology development and service research. The result is a vicious circle.
The system of individual consent for personal information seems to guarantee individuals' right to control information. However, in reality, individuals are experiencing loss of post-control due to unconscious consent, and companies are experiencing difficulty and loss of competitiveness due to excessive regulation. This is by no means a desirable outcome. Now we have to change. In order to guarantee real personal information, it is necessary to improve the regulation of personal information all over the world
Send feedback history saved community
The individual consent of current personal information has resulted in the impairment of personal information protection due to formal consent procedures. Instead, it is necessary to switch to 'One Click Consent' from the user's perspective to 'One Click Consent' that fully describes and obtains consent from users, or 'Opt-Out' method that requires prior consent only for sensitive information or identifiable information that can specify individuals, and that the rest be freely utilized.
The individual opt-in arrangements adopted by Korea at present are a positional system that lists the conditions allowed and otherwise considers all but illegal, which is also a strict regulation worldwide. On the other hand, the U.S. is following the exclusion principle of hindsight, which opens the rest to companies except for sensitive information, but punishes them in case of problems. A corrective order is preferable to a criminal punishment for minor or unthinkable wrongs. Only then will more startups be able to imagine new services without fear of punishment. Like the U.S., South Korea needs to shift to a policy that requires the government to present guidelines for personal information protection, companies to come up with and submit policies for personal information protection based on the standards, and to require nullification or correction through subsequent reviews.
It is time to ponder whether the current regulations, which make it illegal for companies to use their personal information without asking for the will of all users without checking whether individuals feel uncomfortable, are really in line with the purpose of the law to protect personal information. If excessive regulations on personal information continue, it will not only lose the competition with global companies but also backtrack on the protection of personal information.
Lawyer Koo Tae-eon/TEK & LAW, CEO (firstname.lastname@example.org)