South Korea’s data protection watchdog released proposed personal data processing criteria for generative AI (genAI), with the stated aim of addressing uncertainties in the country’s current personal information protection act.
Personal Information Protection Commission (PIPS) chair Ko Haksoo Ko noted the guidelines aim to “provide clarity to iron out legal uncertainties that AI practitioners have encountered and systematically incorporate privacy-safeguarding perspectives”.
The proposal incorporates legal interpretation and safeguards criteria, as well as details how to develop AI privacy governance centred on a chief privacy officer, responsible for internally supervising compliance and privacy risk management.
Subscribe to our newsletter
Get breaking news, exclusive insight, and expert analysis - before anyone else.
The draft criteria divides the lifecycle of genAI into four stages: purpose setting; establishing strategies; AI training and development; and application and management. It also classifies genAI models in three categories: LLM as a service, off-the-shelf LLMs and self-developed LLMs.
PIPS explained the guidances were finalised following consultation with a public-private policy advisory council, providing businesses with concrete measures for making use of personal data to be trained on genAI.
Earlier in the year, the commission ordered app stores to suspend downloads of DeepSeek’s AI platform, sparked by concerns over the Chinese start-up’s data management practices.
Subscribe to our newsletter
Get breaking news, exclusive insight, and expert analysis - before anyone else.
Comments