South Korea’s Digital Healthcare Conundrum
KEY TAKEAWAYS
- South Korea is engaged in a national debate about when, or if, the government should limit how information technologies might leverage public, private, and sensitive data. This is perhaps most apparent in discussions of digital healthcare.
- President Moon Jae-in has argued that South Korea is well-positioned to lead globally in developing new, first-in-class digital health products. Yet here, caveats include questions about deregulation and other reforms that might be required to bring big data-enabled services to scale — even as others point to warning signs that certain safeguards should first be strengthened.
- South Korea began 2020 behind several peer economies in domestic adoption and availability of several digital health technologies. However, in the first half of the year, the Korean Disease Control and Prevention Agency was nonetheless able to rapidly scale-up one the most ambitious bio-surveillance regimes ever as part of its response to Covid-19.
- Laws such as the Personal Information Privacy Act and Medical Services Act detail stringent domestic obligations related to data privacy and protection — yet also carve out exemptions for uses deemed ‘in the public interest.’
- What this exemption means has been tested and further refined during the country’s response to Covid-19, with some arguing that certain pandemic-era approvals should be retained or expanded post- crisis.
- To address novel and complex data governance questions that have arisen during Covid-19, South Korea should consider bolstering its engagement with the United States, Taiwan, the European Union, and other like-minded that are looking to strengthen their own best practices.
- Seoul should also aggressively pursue opportunities to engage with and weigh-in on ongoing debates on digital health questions currently being discussed in fora such as APEC, the World Health Organization, and the G-20.
INTRODUCTION
In 2020, South Korea’s digital healthcare policies were thrust into the global spotlight as a result of Covid-19. In early February, South Korea was one of the world’s hardest hit countries, accounting for half of all cases outside of China.[1] Several so-called ‘super-spreader’ events also raised the prospect that the country’s healthcare system would be quickly overwhelmed. Yet instead of turning to a societal lockdown, President Moon Jae-in championed the idea of a technology-led approach to the crisis. Specific applications have included the use of digital tools to track, trace, and slow community spread; the (temporary) authorisation of telemedicine services; and the tacit blessing of unofficial websites that allow the public to map the virus’ spread.[2] Alongside this, the Moon administration has argued that an expanded use of AI and big data could support other urgently needed medical breakthroughs. Such breakthroughs include, for example, in the race to develop new vaccines.[3]
Digital health is about more than just technologies that might be deployed in an emergency. However, emergencies can offer insight into the strengths — and weaknesses — of existing tools, policies, and practices. To that end, the current moment has served to intensify ongoing debates within South Korea about when — or if — the government should limit how information technologies might leverage public, private, or sensitive data. While the country has a robust, mature data governance framework, a diverse cross-section of domestic voices has argued that this framework does not strike the right balance in promoting innovation, ‘quality’ healthcare, human rights, and other societal interests. Moreover, several such debates have continued to question whether South Korea’s data governance framework is too restrictive, Covid-19 era developments notwithstanding. Ultimately, how Seoul might navigate these issues has implications for not only South Korea, but also for others in the Asia-Pacific that are interested in data governance best practices.
This essay explores debates surrounding digital healthcare in South Korea as a case study in ongoing efforts to improve data governance in Asia. Section one provides an overview of South Korea’s digital healthcare ecosystem, including its key stakeholders. Section two reviews select policies impacting how digital health technologies can or cannot be deployed within the country, including their potential economic, public health, and human rights implications. The next section explores several reform efforts that have been proposed or are underway. Section four then suggests scenarios for the future, ultimately offering recommendations for how insights from South Korea might inform ongoing efforts to advance best practices in the wider Asia-Pacific. The essay concludes by noting several final takeaways.
DIGITAL HEALTH IN THE CONTEXT OF SOUTH KOREA
South Korea has been described as having ‘one of the world’s most rigorous data protection regimes’ — a statement that may seem at odds with examples in the introduction given their implied levels of data collection, sharing, and disclosure.[4] Yet as Korea policy specialists June Park, Hannah Kim, and others have examined, these ideas are not necessarily in contradiction. Rather, they hint at how frameworks interpret trade-offs, risks, and social license in situations involving public health.[5]
A key case in point is that while a number of South Korean laws emphasise domestic obligations related to data privacy and protection, they also carve out exceptions related to activities deemed ‘in the public interest.’ This is something where the government in particular could be viewed as having a heightened duty to act — and where, subsequent to a disastrous domestic outbreak of MERS in 2015, South Korean public policy has erred on the side of providing health officials with more expansive tools for carrying out their duties (for instance, allowing significant intra-government data sharing, bio-surveillance measures, etc.).[6] Alongside this, South Korean regulators and other officials have also been encouraged to weigh an individual’s right to privacy against the public’s right to information. This includes vocal public support for disclosing more, rather than less, patient data to the extent that it might support earlier, more comprehensive public health interventions as well as overall transparency in government.[7]
Keeping this in mind, at a high-level, South Korea’s digital health ecosystem is comprised of a wide range of stakeholders. This includes not only the Blue House[8] and National Assembly, but also the Ministries of Health and Welfare, Science and ICT, and Food and Drug Safety; the country’s so-called “big five” hospitals; insurance programs; major conglomerates such as Samsung, LG, SK, and KT; and a wide cross-section of universities, doctor and patient advocates, and civil society.[9] Table 1 provides select information on each of these groups, and what roles they typically perform in informing domestic development.
Each of the above have their own specific interests in pursuing digital health, including views about the field’s potential profitability and contributions to patient care.[10] They also have distinct opinions about how these benefits measure up against other concerns. Yet overall, the OECD has characterised South Korea as employing a “strong[,] collaborative approach to public health governance.” To that end, formal processes often involve extensive intra-government coordination as well as engagement with academia, industry, and civil society in selecting (and executing) strategic goals.[11] Even in the absence of such intentional outreach, groups like labour unions and associations can also wield substantial policy influence in their own right. The Korean Medical Association, for example, has been credited with derailing earlier proposals related to telemedicine, most visibly after it led a nation-wide walkout of healthcare workers arguing that these technologies were often not well-aligned with goals for promoting quality healthcare.[12]
Consequentially, it should be noted that South Korea’s heavy domestic support for using digital tools to respond to public health emergencies has not always translated into a more permissive environment for commercialising a wider range of technologies. To that end, South Korea still lags behind the United States, Japan, and others when it comes to actually deploying a number of digital health technologies that go beyond bio-surveillance. For example, even after MERS, South Korea retained a de-facto ban on telemedicine; limited services that have been approved during the most recent pandemic have been characterised as subject to additional scrutiny (and potential post-crisis reversal).[13] President Moon’s expressed enthusiasm for AI-backed healthcare solutions should also not distract from the fact that several assessments have also rated South Korea poorly in its readiness to utilise AI (citing, for example, fragmented or inaccessible public datasets).[14] Each of these issues should thus be kept in mind when thinking about South Korea’s way forward after the current crisis passes, and what they say about potential unmet policy needs.
Nonetheless, as of 2020, South Korea had already cultivated a fairly comprehensive governance framework around technologies that intersect with healthcare data or with public health goals. Moreover, it remains a dynamic framework where best practices and overall goals continue to be further refined. What this means specifically — and how it impacts what can be brought to market — is explored in the following section.
SELECT NATIONAL LAWS AND THEIR IMPLICATIONS
Data governance around digital health in South Korea is informed by a sizeable number of policies, laws, regulations, and informal norms. Yet of these, three laws in particular could be viewed as having outsized impact in guiding how various technologies might be designed or otherwise deployed (and thus, are especially important to review for understanding ongoing debates). These laws are the country’s Personal Information Protection Act (PIPA); Medical Services Act; and Infectious Disease and Control Act.
Personal Information Protection Act (PIPA)
PIPA is a key pillar of South Korea’s data governance regime, detailing domestic obligations on ensuring data protection and privacy. Among other features, PIPA not only establishes civil and criminal liabilities for violations but also requires that data be used for task-limited purposes by a single entity and only after receiving explicit user consent.[15] As studies by this author and others have explored, in practice these measures can severely limit the ways in which an individual’s information can be exchanged between different organisations, regardless of whether individuals might be receptive to providing consent. This in turn has also restricted how historical data can be used; something that both industry and various academics have argued undercuts efforts to improve the diagnostic capacities of AI-backed systems.[16] It has also arguably contributed to challenges in boosting the country’s overall competitiveness in AI, by opening up a gap between how firms in South Korea versus those in other markets are permitted to operate, with (for better or for worse) the United States and others taking more lax approaches here.[17]
Notable exemptions to PIPA’s more restrictive standards do exist. This includes, for example, a public interest override as has been previewed above. However, in terms of how these overrides are executed, not all stakeholder groups are considered equal in terms of their potential reliability, trust, and overall commitment to promoting data protection by other means.[18] To that end, studies by Hannah Kim and others have documented that while efforts have been made to reduce barriers to data sharing and usage within the government, less so has been done in terms of addressing barriers to public-private collaborations (much less private sector-led development).[19] And, when combined with the limitations imposed by the next highlighted piece of legislation, this has periodically presented substantial challenges to how South Korean firms might look to bring several specific technologies to scale.
Medical Service Act
Operating in tandem with PIPA, South Korea’s Medical Service Act has a broad mandate to “ensure that all citizens can enjoy benefits of high-quality medical treatment [emphasis added by author].”[20] As part of this mandate, the Medical Service Act outlines stringent credentialing prerequisites for those who might seek to provide medical care. Additional provisions also establish requirements for in-person consultations on sensitive topics, and limit how and whether medical information can be shared digitally.
Collectively, these measures could be seen as designed to ensure that digital health technologies ‘first do no harm:’ limiting what sensitive information might be exposed via any data breaches as well as restraining the overall role of pseudo-experts in providing medical advice.[21] Nonetheless, both South Korean firms and a number of studies have argued that these requirements are also potentially at odds with startup models that bring together both medical practitioners and technologists to deliver services; among other outcomes, producing what this essay has characterised as a de-facto ban on telemedicine.[22] Moreover, these restrictions also raise questions about how firms operating within South Korea can deliver new smart-phone applications and wearable devices that provide health and fitness services to a South Korean audience. For example, although Samsung Health (a health-record management application) has been available outside of South Korea for several years, longstanding regulatory challenges meant that it was unavailable within the country until June 2020 — suggestive of potential gaps in how South Koreans might be able to independently manage their own healthcare needs relative to their overseas peers.[23]
Infectious Disease Control and Prevention Act
Finally, countering some of these more restrictive trends is a third critical ingredient shaping South Korea’s digital health governance: the Infectious Disease Control and Prevention Act.[24] Following the MERS coronavirus pandemic, this Act explicitly and tacitly expanded what uses of healthcare-related data might be deemed as ‘in the public interest.’ This includes, for example, putting in place many of the surveillance authorities that have been on display during the Covid-19 pandemic. Alongside this, the act also further formalised the idea of a ‘public right to information’ that encourages disclosure of available public data.[25]
However, as the name of this legislation implies, the Act also has a fairly bound mandate: addressing concerns related to highly infectious diseases. This means that some of the legislation’s most expansive provisions only come into play during major pandemics or in more traditional, routine public health campaigns that intersect with these diseases (like during vaccination drives). It does not cover other preventative interventions: for example, both the Moon administration and studies by the OECD have argued that South Korea could be doing more to tackle the country’s chronic care challenges (such as relatively high rates of obesity and tobacco usage) if public health authorities and researchers had greater access to complex and complete population health data sets.[26] Although President Moon and others have touted several strategic initiatives on AI and 5G as supporting inroads on these health challenges, it remains unclear how much of this call-out is rhetoric; calling out the promise of technology without sufficiently addressing the needs for reform. This is more so in the absence of either a new legislative mandate that might build on the framework provided by the Infectious Diseases Control and Prevention Act or that seeks to remove barriers posed by PIPA and the Medical Services Act.
EARLY TAKEAWAYS FROM THE COVID-19 ERA: PROOF OF CONCEPT OR CATALYST FOR A ‘NEW NORMAL?’
What do these measures mean in practice, and how have they been on display during the current Covid-19 pandemic? South Korea began 2020 notably behind several regional peers in the adoption and availability of numerous digital health technologies. However in the first half of the year, the Korean Disease Control and Prevention Agency (KCDC) was able to rapidly scale-up what is arguably one of the most ambitious and extensive bio-surveillance regimes ever for a democracy — drawing on hospital, credit card, and GPS data to track, trace, and reinforce quarantine efforts for those who have been potentially exposed to Covid-19.[27] Moreover, given the country’s emphasis on public disclosure of health emergency-related data, an overview of anonymised patient data related to the outbreak (including information about patient gender, age, and infection routes) has been made available online by the KCDC via the Ministry of Health and Welfare’s website.[28] This in turn has been seized upon by both scientific researchers and private firms, who have used this data and various scientific principles to kick-start their own research, design public notification applications, and build other novel products.
Some of this rapid scale-up has only been possible due to the emergency nature of the current crisis (for example, data collection authorities); other elements have arguably long been possible within South Korea’s legal framework with only modest shifts in domestic support, market enthusiasm, or regulatory guidelines (including the availability of general types of digital health applications). At the same time, the past year has also served as an opportunity to test the theoretical capabilities of the South Korean government under post-MERS reforms and further refine how interests in public health and an individual’s right to privacy should be balanced in practice. For example, in an initial three-month period surrounding South Korea’s declared outbreak, much was made about the granular detail of the (often re-identifiable) personal information that the South Korean government was making public and its potential to enable employer or community-based discrimination against specific individuals. However, as adeptly chronicled by technology and legal scholars Sangchul Park, Gin Jeehyun Choi, and Haksoo Ko, South Korea’s governance frameworks also incorporate feedback loops (such as the opportunity for judicial and other formal reviews) to evaluate implementation. This disclosure issue was ultimately brought before South Korea’s Human Rights Commission, whose ruling in turn triggered the KCDC to revise and narrow the scope of what disclosures it deemed to be in the public interest.[29]
Meanwhile, the current crisis has served to reinforce and even accelerate interest in more permissive reforms (some of which, it should be caveated, were well underway prior to the acknowledged start of the pandemic).[30] To that end, between January and August 2020, the National Assembly has taken up and passed several amendments on issues that intersect with digital health debates, while the Ministry of Health and Welfare, among others, has pushed additional regulatory changes in line with its existing legal discretion to do so. Amongst other changes, several amendments to PIPA support the unrestricted use of pseudonymised data for scientific and statistical purposes and allow entities to reuse previously collected personal data in a wider variety of situations.[31] Amendments to the Medical Service Act have expanded the authority granted to the Minister of Health. This includes creating an obligation for the minister “to establish and operate a monitoring system for surveillance of the occurrence and causes of infections originating in health care institutions,” as changes have been translated and characterised by a U.S. Library of Congress analysis.[32] And, although not a by-product of a specific legislative reform, the Ministry of Health and Welfare has also begun to authorise limited telemedicine services on a case-by-case basis and permitted additional regulatory tweaks that could ultimately allow for the commercialisation of a more extensive suite of digital health applications. However, as repeatedly stressed above, telemedicine exemptions in particular have been characterised by ministry officials as part of their own emergency authority, and thus may not be made permanent in the absence of additional guidance from the National Assembly or via Presidential action.
Questions remain about what South Korea’s way forward might look like, including how several of the changes in law mentioned above might be further operationalised. If well-executed, South Korea’s reforms could demonstrate how even countries with mature data protection frameworks can improve upon their best practices as new challenges or opportunities emerge. Yet this process is ultimately not without risks. Notably absent in the above list of proposed reforms is any effort to curtail or impose additional obligations on how the government might leverage big data to design and execute public health interventions. As June Park and others have shrewdly observed, this is at least partially due to the fact that these measures still enjoy a high degree of public support domestically even years removed from the MERS outbreak.[33] But, how these same measures might be received or replicated internationally is still an open question, with some international observers and non-governmental organisations already expressing concerns about potential human rights abuses that could be driven by the use of these tools.
SCENARIOS FOR THE FUTURE
Placing the above in a global context, South Korea is not alone in trying to shape appropriate restrictions around the sharing, aggregation, and transmission of various forms of personal data, especially healthcare data, given the often-sensitive nature of the underlying information.[34] Japan, Taiwan, the European Union, and the United States each have their own restrictions on data sharing in this space, including requirements for when and how consent must be obtained.[35] Yet South Korea’s expansive use of digital surveillance and public disclosures related to Covid-19 suggest that the country’s practices may already have notable divergences between what might be deemed acceptable by South Korean stakeholders and by their societal counterparts globally. This is perhaps especially so in the case of comparisons with the United States and the European Union, who have struck a different balance in advocating for public health, an individual’s right to privacy, and the public’s right to information in executing digital contract tracing.
In this light, it should be noted that recent amendments to PIPA — expanding access to data with only incremental changes in increasing data privacy and protection safeguards — could end up exacerbating the differences between South Korea and its global peers, rather than bringing these countries together in their views on global best practices. If South Korea’s policies begin to drift from those in other markets, it could undercut the country’s ambitions for expanding its market share in North America, Europe, and Asia — in addition to being counter to domestic interests.
What, then, might a potential “best” path forward look like? As this author and others have argued, Seoul might benefit from additional targeted revisions to its data governance framework that could better bring it into alignment with other global standards (while still reflecting specifically South Korean interests). For example, Open Net Korea has adroitly argued that recent amendments to PIPA expand the use of pseudo-anonymised data beyond what the GDPR allows, and do so without sufficiently tackling when and how stakeholders should still have an obligation to preventing re-identification. They and others have proposed that potential next revisions could include formalising these obligations as well as modestly expanding the list of activities covered by existing requirements.[36] Meanwhile, in a contrasting example that highlights how restrictions might be relaxed, South Korea could also benefit from greater reviews of what capabilities are currently possible only (or primarily) during emergencies that might continue to benefit South Korean societal and geo-economic interests in any ‘new normal.’ To that end, Seoul should strongly consider what it would require to grant more permanent approval to telemedicine as a general category of service, in the anticipation that ongoing global challenges linked to Covid-19 could drive greater demand for services and shifts in domestic consensus on this issue (and where an early lead could support the country’s commercial edge globally).
Alongside these efforts, Seoul should continue to prioritise close coordination with other countries to avoid potential drifts between South Korean and global best practices in data governance. To that end, greater regional and global dialogues built around operationalisation of the APEC Privacy Framework and the European Union’s General Data Protection Regulation suggest two potential starting points. Several APEC privacy framework ideals, such as focusing efforts on preventing harm and giving individuals the ability to choose what can be collected or shared, are already deeply embedded within South Korea’s data governance culture.
An essential conversation here should also be exploring questions linked to the differential treatment of varied stakeholders within South Korea and other markets, including a candid dialogue on Seoul’s practices in setting different restrictions on governmental- and non-governmental actors. As noted above, South Korea’s legal and regulatory frameworks draw numerous distinctions between how different end groups (for instance, ministries vs. private sector) are allowed to use certain forms of data. Yet as work by Rishab Bailey, Smriti Parsheera, and scholars at the U.S.-based Information Technology and Innovation Foundation has aptly suggested, an overemphasis on who can use data rather than how any group can meet comparable thresholds for safeguarding data may do little to promote good cybersecurity or data management hygiene.[37]
To that end, a critical and as yet incompletely answered question here is how “trust” should be guaranteed — and ultimately, audited — including how some of the APEC privacy framework’s general statements might be better guaranteed through more explicit and shared regional norms. Though this overall debate is fairly longstanding (and often contentious), the Covid-19 era in many ways presents a unique opportunity to reaffirm democratic commitments to audit and review best practices. Taiwan, for example, has committed informally to conducting a public-facing, comprehensive review of its bio-surveillance practices and how its human rights safeguards have ultimately held up in practice.[38] With this in mind, South Korea might consider duplicating or joining Taiwan’s initiative, given Seoul’s own commitments to advancing transparency and other governance best practices both at home and in the region. As aptly put by the KCDC’s Goh Jae-young to the BBC, “after the spread of virus ends … there has to be society’s assessment whether or not this [South Korea’s formal use of important personal data during Covid-19] was effective and appropriate.”[39] In other words, even despite the near-term benefits of novel applications of big data and information technology, there has to be public accountability — and this is an area where South Korea might be able to teach and lead the way.
CONCLUSION
South Korea is potentially well-positioned to emerge as a global leader in digital healthcare. Yet as this essay has attempted to demonstrate, how and to what extent the country might choose to pursue these ambitions is closely linked to the outcomes of several debates related to data governance. These include those about when (and if) it might be appropriate to reduce existing barriers to how technologies are permitted to leverage data — including making permanent select policies that have been put in place during Covid-19 — or if, alternatively, new barriers should be raised through narrowing how regulators and other authorities can make public interest exemptions.
This essay has argued that in approaching these questions, South Korea would be well-served by continuing to draw on the core strengths of its general approach to data governance — encouraging multiple feedback loops in crafting, testing, and potentially adjusting new proposals before making major changes. Here, an immediate next step is conducting a comprehensive evaluation of unmet reform needs in PIPA, the Medical Services Act and other legislation. Such an effort could be led by the National Assembly, Ministry of Science and ICT, or a designated Presidential committee — but regardless, should ultimately incorporate hearings or other opportunities for public input as a means of ensuring domestic support for any changes. Likewise, novel and complex questions that have arisen during the current pandemic — such as how bio-surveillance should be bound and audited — must also be addressed in a process that is open, transparent, and publicly accountable, lest these processes undermine trust in South Korean technology policies, both at home and abroad.
Each of these reviews could be conducted in purely domestic terms — yet Seoul (and other capitals) might also benefit significantly from the opportunity to share, review, and debate emerging best practices with other like-minded economies. Among others, this might include the United States, Taiwan, and the European Union; economies who have each applied digital tracing tools to different degrees during the pandemic and are also looking to strike a better balance between promoting public health and protecting individual privacy rights. Alongside this, Seoul should also aggressively pursue opportunities to engage and weigh-in on ongoing debates on these and larger digital health questions currently being discussed in fora such as APEC, the World Health Organization, and the G-20. In these ways, South Korea could not only safeguard its own interests and identify new best practices but also support the transition in other countries from general principles to specific implementation. Equally important, though, is the possibility that certain challenges might only be addressed via more collaborative and coordinated multinational action.
ABOUT THE AUTHOR
Clara Gillispie is a Senior Advisor to the National Bureau of Asian Research (NBR). She is also a 2019–20 and 2020–21 recipient of the Korea Foundation’s prestigious “U.S. Next Generation Research” grant., whose support helped to enable field interviews and other research for this report.
Ms. Gillispie’s subject-matter expertise covers topics ranging from technology policymaking to energy security to geopolitical trends in the Asia-Pacific. She is the author of numerous policy essays and reports, including “Networked Benefits: Realizing the Potential of 5G in South Korea” (NBR, 2020) and “South Korea’s 5G Ambitions” (Korea Economic Institute of America, 2020). Ms. Gillispie is regularly called on to directly brief her research and analysis to U.S. and Asian government officials, senior industry representatives, and the media, including the New York Times, Washington Post, and NPR’s Marketplace.
Previously, Ms. Gillispie served as a Senior Director for Trade, Economic, and Energy Affairs at NBR. She was also a 2020 International Visiting Fellow at the Taiwan Foundation for Democracy, a 2019–20 Council on Foreign Relations’ International Affairs Fellow at Carnegie India, and a 2017–18 SAFE Energy Security Fellow. Ms. Gillispie graduated from the London School of Economics and Peking University with a dual MSc in International Affairs. Prior to her graduate studies, she received a BS from Georgetown University and attended Sophia University in Tokyo for language training.
FOOTNOTES
[1] World Health Organization. 2020. “Coronavirus disease 2019 (COVID-19): Situation Report.”, (https://www.who.int/docs/default-source/coronaviruse/situation-reports/20200228-sitrep-39-covid-19.pdf?sfvrsn=5bbf3e7d_4).
[2] For an official and unofficial primer on this overall approach, see Thompson, Derek.2020. “What’s Behind South Korea’s COVID-19 Exceptionalism?” The Atlantic, 6 May. (https://www.theatlantic.com/ideas/archive/2020/05/whats-south-koreas-secret/611215/) .
Lee, Dae J, Hyunji Lee, and Junsuk Park, 2020.“How Korea Responded to a Pandemic Using ICT: Flattening the curve on COVID-19.”Ministry of Foreign Affairs, The Republic of Korea. (http://overseas.mofa.go.kr/viewer/skin/doc.html?fn=20200421084220721.pdf&rs=/viewer/result/202008).
[3] Office of the President, the Republic of South Korea.2020.“Remarks by President Moon Jae-in at Joint Meeting with Industry, Academia, Research Institutions and Hospitals to Develop COVID-19 Treatments and Vaccine.” (https://english1.president.go.kr/BriefingSpeeches/Speeches/796).
Lee, Hyunji, and Park.2020. “How Korea Responded to a Pandemic.”
[4] See, for example Wall, Alex. 2020. “GDPR Matchup: South Korea’s Personal Information Protection Act.” International Association of Privacy Professionals. (https://iapp.org/news/a/gdpr-matchup-south-koreas-personal-information-protection-act/) .
[5] Park, June.2020. “Comparing Korea’s COVID-19 Tracking With Europe: Implications For ROK-EU Relations And Global Partnership On Artificial Intelligence (GPAI).”East-West Center. (https://www.eastwestcenter.org/events/comparing-south-korea%E2%80%99s-covid-19-tracking-europe-implications-rok-eu-relations-and-global) .
Hannah Kim, So Yoon Kim, and Yann Joly. 2018. “South Korea: In the Midst of a Privacy Reform Centered on Data Sharing.” Human Genetics 137: 627–35.
[6] Thompson, Derek. 2020. “What’s Behind South Korea’s COVID-19 Exceptionalism?”
As alluded to here, South Korea’s response to MERS has often been regarded domestically as failure of both the government’s emergency health management systems and its data governance policies. Over a two month period, South Korea formally quarantined nearly 17,000 people and some estimates put the economic toll of the outbreak at north of US$8 billion. As both historians and contemporaneous sources have recounted, critics argued that the severity of the crisis could have been lessened had then President Park Geun-Hye aggressively tackled intra-government barriers to data sharing and not initially withheld information about outbreak centers from the public; views that ultimately enjoyed significant public support and heavily influenced the shape of subsequent policy reforms.
For statistics and histories above see for example, Myoung Don Oh, et al.2018. “Middle east respiratory syndrome: What we learned from the 2015 outbreak in the republic of Korea.”, Korean Journal of Internal Medicine332. (https://www.kjim.org/journal/view.php?doi=10.3904/kjim.2018.031).
[7] Park.2020. “Comparing Korea’s COVID-19 Tracking.”
[8] That is, the Executive Office of the President of the Republic of Korea.
[9] Gillispie, Clara. 2020. “Networked Benefits: Realizing the Potential of 5G in South Korea.” The National Bureau of Asian Research, Seattle. (https://www.nbr.org/wp-content/uploads/pdfs/publications/sr84_networked_benefits_may2020.pdf);. OECD, 2020; IntrakLink Limited. 2019. “Digital Health South Korea: Market Intelligence Report.” (https://www.intralinkgroup.com/getmedia/3153c79b-463d-47c7-84e6-56848c98aab7/Intralink-Report_Life-Sciences_June2019) .
[10] For example, President Moon Jae-in in particular has often touted it as an opportunity to improve domestic living standards while also revitalising South Korea’s economy, something that he has regularly returned to when discussing his flagship 5G+ Strategy and proposed ‘Korean New Deal.’
[11] OECD. 2020. “OECD Reviews of Public Health: Korea: A Healthier Tomorrow”, OECD Publishing. (https://doi.org/10.1787/be2b7063-en).
This is not to say that digital health governance has always been efficient, effective, or fully responsive to various domestic concerns. Rather, it is to say that feedback loops for keeping governance accountable to the national mood do exist.
[12] For contemporaneous coverage of walkouts in 2014, see for example Park, Hannah.2014. “Health Ministry, Doctors Reach Agreement on Telemedicine.” The Korean Herald (http://www.koreaherald.com/view.php?ud=20140317001326).
[13] For recent domestic reporting on this evolving situation, see for example Yonhap. 2020. “S. Korea to actively consider telemedicine services amid coronavirus pandemic.” Korea Herald. (http://www.koreaherald.com/view.php?ud=20200514000688).
[14] See, for example Oxford Insights and International Development Research Centre. 2019. “Government Artificial Intelligence Readiness Index 201.” Oxford Insights. (https://www.oxfordinsights.com/ai-readiness2019) . Additional analysis of this study and others can be found in Stangarone, Troy. 2020. “South Korea’s Digital New Deal.” The Diplomat. (https://thediplomat.com/2020/06/south-koreas-digital-new-deall) and in OECD (2020).
[15] The text of the Personal Information Protection Act is available in English at http://koreanlii.or.kr/w/images/0/0e/KoreanDPAct2011.pdf .
[16] See, for example, Gillispie, Clara. 2020. “Networked Benefits: Realizing the Potential of 5G in South Korea.” The National Bureau of Asian Research, Seattle. (https://www.nbr.org/wp-content/uploads/pdfs/publications/sr84_networked_benefits_may2020.pdf).
[17] This is a conclusion that, over the years, a number of key stakeholders within South Korea have reached, including the country’s own Ministry of Science and ICT. See, for example, Ministry of Science, ICT and Future Planning. 2017,.“Republic of Korea Interdepartmental Exercise, Mid- to Long-Term Master Plan in Preparation for the Intelligent Information Society: Managing the Fourth Industrial Revolution.” (http://english.msip.go.kr/cms/english/pl/policies2/__icsFiles/
afieldfile/2017/07/20/Master%20Plan%20for%20the%20intelligent%20information%20society.pdf) .
[18] The implication here being that even though government ministries are given greater latitude to use and aggregate various forms of data, they are nonetheless kept in check by the authority of other parts of government to conduct audits — as well as the public’s ability to punish any known abuses via the country’s regular democratic elections.
[19] See, for example, Hannah Kim, So Yoon Kim, and Yann Joly. 2018. “South Korea: In the Midst of a Privacy Reform Centered on Data Sharing.” Human Genetics 137: 627–35. Gillispie, Clara. 2020. “Networked Benefits.”
[20] The text of the Medical Service Act is available in English at https://elaw.klri.re.kr/eng_mobile/ganadaDetail.do?hseq=39874&type=abc&key=MEDICAL%20SERVICE%20ACT¶m=M .
[21] Gillispie, Clara. 2020. “Networked Benefits.”
[22] Gillispie, Clara. 2020. “Networked Benefits.”
[23] Herth, Michael. 2018. “‘Samsung Health’ Quite Popular Abroad but Not Available in Korea.” BusinessKorea. (http://www.businesskorea.co.kr/news/articleView.html?idxno=24127).
[24] The text of the Infectious Disease Control and Prevention Act can be found in English at https://elaw.klri.re.kr/eng_mobile/ganadaDetail.do?hseq=37239&type=abc&key=INFECTIOUS%20DISEASE%20CONTROL%20AND%20PREVENTION%20ACT¶m=I .
[25] Park.2020. “Comparing Korea’s COVID-19 Tracking.”
Thompson, Derek.2020. . “What’s Behind South Korea’s COVID-19 Exceptionalism?”
[26] See, for example OECD 2020; Ministry of Health and Welfare. n.d. “Challenges & Tasks Ahead.” (https://www.mohw.go.kr/eng/pl/pl0103.jsp?PAR_MENU_ID=1003&MENU_ID=100326).
[27] For a thoughtful, more in-depth assessment of South Korea’s bio-surveillance regime in particular and its privacy debates, see Sangchul Park, Gina Jeehyun Choi, and Haksoo Ko. 2020. “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea — Privacy Controversies.” JAMA. 323, 21:2129–2130. (https://jamanetwork.com/journals/jama/fullarticle/2765252). See also DAH Staff. 2020. “When The Music’s Over — Contact Tracing Apps: Solution or Snake Oil?” Digital Asia Hub. (https://www.digitalasiahub.org/2020/05/22/when-the-musics-over-contact-tracing-apps-may-28/) .
[28] As of October 23, a dynamic tracker of this data and major trends can be found online at http://ncov.mohw.go.kr/bdBoardList_Real.do?brdId=1&brdGubun=11&ncvContSeq=&contSeq=&board_id=&gubun= .
[29] Park, Sangchul, et al. 2020. “Information Technology–Based Tracing Strategy.”
[30] Text and concepts in the following two paragraphs draw heavily upon prior author analysis in Gillispie, Clara. 2020. “Networked Benefits.”
[31] Kwang Hyun Ryoo, et al. 2020. “Korea’s Data Privacy Laws Amended, Paving Way for Big Data Services.” Bae, Kim, and Lee.
(http://www.bkl.co.kr/upload/data/20200120/bkl-legalupdate-20200120.html).
[32] Umeda, Sayuri.2020. “South Korea: Parliament Responded Quickly to COVID-19 by Amending Three Acts.” U.S. Library of Congress. (https://www.loc.gov/law/foreign-news/article/south-korea-parliament-responded-quickly-to-covid-19-by-amending-three-acts/).
Ministry of the Interior and Safety, 2020.법률제17069호(의료법일부개정법률) [beoblyulje17069ho(uilyobeob-ilbugaejeongbeoblyul)]. (http://gwanbo.mois.go.kr/ezpdf/customLayout.jsp?contentId=00000000000000001583220517377000&tocId=00000000000000001583220517595000&isTocOrder=N&name=%25EB%25B2%2595%25EB%25A5%25A0%25EC%25A0%259C17069%25ED%2598%25B8(%25EC%259D%2598%25EB%25A3%258C%25EB%25B2%2595%25EC%259D%25BC%25EB%25B6%2580%25EA%25B0%259C%25EC%25A0%2595%25EB%25B2%2595%25EB%25A5%25A0)#).
[33] Park. 2020. “Comparing Korea’s COVID-19 Tracking.”
However, this is not to say that domestic critics do not exist, with groups such as OpenNet Korea expressing significant reservations on how laws now treat pseudo-anonymised data and how easily safeguards around it might be undermined.
[34] Select text in this section draws upon earlier author analysis in Gillispie, Clara. 2020. “Networked Benefits.”
[35] Godement, François.2019. “Digital Privacy: How Can We Win the Battle?” Institut Montaigne, (https://www.institutmontaigne.org/en/publications/digital-privacy-how-can-we-win-battle). Gillispie, Clara. 2020. “Networked Benefits.”
[36] Park, Kyung-Sin. 2020. “PIPA’s misguided derogation on pseudonymized data puts privacy at risk.” Open Net Korea, (http://opennetkorea.org/en/wp/3127).
[37] Bailey, Rishab and Parsheera, Smriti. 2018. “Data Localisation in India: Questioning the Means and Ends.” National Institute of Public Finance and Policy, Working Paper. 242.,(https://www.nipfp.org.in/media/medialibrary/2018/10/WP_2018_242.pdf) .
Nigel Cory, Robert D. Atkinson, and Daniel Castro. 2019. “Principles and Policies for ‘Data Free Flow with Trust,’ ” Information Technology and Innovation Foundation. (https://itif.org/publications/2019/05/27/principles-and-policies-data-free-flow-trust).
[38] Remarks by Digital Minister Audrey Tang during “Containing Covid-19: Biosurveillance in China and Taiwan.” The National Bureau of Asian Research, 2020.( https://www.youtube.com/watch?v=NzJ8M4ed1LM).
[39] BBC, 2020, “Coronavirus privacy: Are South Korea’s alerts too revealing?” BBC, 5 March. ( https://www.bbc.com/news/world-asia-51733145) .
