South Korean consumers will soon know just by looking at the label of a product whether it was built to effectively protect data.
In a press release on Tuesday, the Personal Information Protection Commission (PIPC) stated that they are planning to issue a new certificate as a pilot program to give people more power over their own personal information.
The PIPC and the Korea Internet & Security Agency (KISA) received applications from April to May of this year and selected four products as candidates, including two home security cameras, an autonomous mobile robot, and a personal image de-identification system. If these products fully meet with the standards during the evaluation period, the government will issue the new certificate, called Privacy by Design (PbD), later this year.
The moves come after the country suffered from a series of data leakages related to internet connected devices. Multiple local news outlets reported security concerns over thermal cameras that could transfer user information to other countries. In October 2021, a local news outlet exclusively reported that huge amounts of personal data were siphoned onto illegal websites after bad actors hacked into smart home devices. Early this year, more news was reported, revealing that medical examination videos from a plastic surgeon’s office were exposed online and circulated through websites based in China.
According to the statement, 88.7% of respondents to a survey conducted last year said that they were afraid of private data breaches from data collecting devices used in their daily lives.
The South Korean government has been setting up multiple verification processes to protect people’s private data, issuing certifications such as Personal Information & Information Safety Management System (ISMS-P) and Internet of Things-Security Assessment Program (IoT-SAP). The difference between the existing certificate and the new one is the range of coverage, according to the official of the personal data new technology team at KISA.
The PbD looks into whether the products comply with data protection from the manufacturing process to their termination. “The new certificate will be issued to a particular product whereas ISMS-P is licensed to manufactures,” said the official. “The IoT-SAP covers multiple aspects and privacy is one of them. The PbD focuses on data protection.”
The South Korean government is planning to shift its data protection practices, giving more options to those who are privacy conscious. This means the key to success depends upon the participation of local companies who already have to go through multiple certifications to release their product on the market. The South Korean government is working on lessening the burden of companies to boost their engagement, such as exempting firms who have already gained IoT-SAP from specific authentication testing.
“People suffer from unsafely designed home security products. It is difficult for them to demand that firms take responsibility. This is why it is important to build products safely from the earliest step,” said Jung Jong-ill, the deputy director of new technologies for the personal information division at PIPC to The Readable. “We are looking into ways to reduce expenses. But corporates still need to pay to some extent to gain this certificate,” added Jung.
