Korean regulators plan formal framework for biometrics as use cases expand

The scope of biometric technologies is often boiled down to facial recognition and ID verification. But in Korea, as biometric uses cases expand into healthcare, wellness and other sectors, the government is looking to introduce a legally binding regulatory framework for biometric information, to ensure biometric data privacy regulations keep up with increasing use in daily life.

A report from Korea Bizwire says the Personal Information Protection Commission (PIPC) is working on a document that aims to mitigate risks to individuals’ rights while providing clarity for businesses deploying or providing biometrics. The report quotes an anonymous PIPC official who claims the commission could have draft legislation ready by next year.

“We aim to strike a balance between protection and regulation,” the official is quoted as saying. “We’ll finalize internal discussions this year, draft legal provisions, and then seek external input next year.”

South Korea’s current laws on data protection do not have specific provisions for biometric data. A 2020 amendment expanded their definition of sensitive information to include “information about an individual’s physical, physiological, and behavioral characteristics.”

But the regulator says that’s not specific enough, and believes it makes the law out-of-date in a rapidly developing industry. The PIPC has cast a critical eye at some recent high-profile biometric projects, including Worldcoin’s iris biometrics scheme, which it began investigating in March.

Samsung Galaxy line hoovers more user data with new wearable devices

Meanwhile, in tech-happy Korea, AI-equipped wearable biometric devices are becoming popular – meaning more and more customer data is being collected. Samsung recently launched the Galaxy Ring, which monitors health indicators and other biometrics. According to Korea Bizwire, the company’s latest privacy policy covers data points such as heart rate variability, time to fall asleep, movement during sleep, and sleep-time heart rate and respiratory rate – data which is used to predict ovulation, fertility, sleep cycles and more. The expansion of its biometric collection capabilities has already drawn frowns from some data privacy advocates.

In tandem, the company is growing its digital identity and digitizer credentials business via its Samsung Wallet product.

The PIPC says that, as more and more businesses integrate biometrics, it is looking to the EU AI Act as a model in terms of data protection. The anonymous official says its goal is “to create specific definitional clauses and pursue amendments that balance protection and utilization.”

The AI Act prohibits the use of biometric categorization systems and facial recognition systems that are deemed high-risk in terms of their potential to damage human safety and fundamental rights. The predicted 2025 reveal of the PIPC’s draft regulation should provide a first look at how far South Korea is willing to go in mirroring the EU’s restrictions.

Article Topics

biometric data  |  data collection  |  data protection  |  legislation  |  Personal Information Protection Commission (PIPC)  |  regulation  |  South Korea