'Korean firms should pay more attention to privacy'
Posted : 2014-06-12 18:25
Updated : 2014-06-12 18:34
Leading expert claims Samsung, LG should feel greater sense of urgency
By Yoon Sung-won
Paul Schwartz, professor of law at the University of California, Berkeley School of Law and special advisor on privacy and data security practices at the U.S.-based law firm Paul Hastings. / Courtesy of Paul Hastings
Leading Korean technology giants such as Samsung and LG should put better privacy protection on their devices in order to appease overseas markets, a leading expert said recently.
As people become aware of how much they are being tracked, concerns are arising on the downsides of today's connected society.
Paul Schwartz, a U.S. expert on information privacy law, said Korean manufacturing companies such as Samsung, Hyundai, LG and SK should be extra aware about their "smart" products and services, especially if they target privacy-sensitive foreign markets such as Europe and the United States.
"Unlike Korea and the EU, states in the U.S. have their own different privacy protection regulations while lacking a general law that affects all of them at once," he said in a recent interview in Seoul. He added that personal information and privacy has become an issue with enormous value, significance and urgency for many Korean conglomerates looking to expand their businesses to overseas markets.
"Therefore, companies looking to the U.S. market should thoroughly analyze the risks of their smart products and services in collecting personal information and how to lead them to profitability without trouble," Schwartz said.
He elaborated about the current status of personal information protection and data security in the world and what international enterprises should do to comply with newly established laws and regulations.
According to Schwartz, personal information can be divided into three categories ― identified, identifiable and non-identifiable.
Non-identifiable data means information that cannot define and specify a person, such as customer statistics. Identified information, on the other hand, is capable of distinguishing an individual person.
One good example of the identified information is the resident registration number in Korea; and many countries in the world have already legislated regulations to protect this information.
However, the EU and the U.S. have shown different stances over identifiable personal information. The U.S. laws and regulations focus on protecting information that "pertains to an identified person," whereas the EU argues that all information identifiable to a person should be protected.
The EU says personal information should be protected if it is possible to use it in combination with other data to identify a person, even if it alone cannot be linked to a specific individual, Schwartz explained.
"Many Korean companies are likely to find it trickier to decide what to do regarding personal information protection in the U.S. market than in the EU, because Korea's perspective on personal information protection is closer to that of the EU, than the U.S," he said.
Schwartz is a professor of law at the University of California, Berkeley's School of Law, and a director at the Berkeley Center for Law and Technology. He has assisted organizations with regulatory, policy and governance issues relating to information privacy.
In a seminar held at the Paul Hastings Seoul office, the professor reiterated that personal information protection and data security are already bare essentials in the business sector. He said their importance have been even more obvious as many cases of personal information leakage and breach of privacy have been observed worldwide.
"Companies cannot hold off on their action for information privacy. They need to start now."