Korean MyData to be fully operational from January 2022
The due date for the MyData’s API mandatory implementation, which was originally scheduled for August 4th, has been officially postponed to January 1st of next year.
The Financial Services Commission (FSC) announced on July 29th that it has revised the “MyData Operating Guideline” that contains such information after discussing and confirming its final measures on major pending issues of MyData. The Korean MyData is a new business service fostered by the FSC, aiming at allowing accredited companies (MyData Operators) to manage personal information scattered across financial, telecommunication, medical, and public sectors. Through the introduction of MyData, it is expected that more personalized innovative services will be provided to users in various fields such as finance, medical care, and education.
According to the announcement, the FSC, which is the South Korean government’s highest financial regulator, decided to postpone the due date of the MyData’s API mandatory implementation after collecting opinions from the stakeholders of the related industry. Initially, the adoption of the MyData service was supposed to mark the end of scraping method when collecting customer data and to make the use of an ‘API system’ mandatory instead from August 4th. Scraping is a method through which MyData operators collectively inquire all customer information to data providers such as banks by collecting and storing authentication information of their customers such as User ID/password or public certificate signature, and submit those data to data providers on the behalf of customers.
However, due to a number of challenges faced by the stakeholders of the industry such as the lack of available manpower to build the system or the requirements of providing several integrated means of authentication for users ‘convenience, MyData operators have requested a delay on API’s mandatory application.
In response, the financial authorities have decided to allow MyData operators and data providers to complete API development and testing by November 30th and open the service through API from December 1st. From January 1st 2022, MyData operators shall have completed app updates for all customers and the MyData service must be provided through the API method only.
While making this announcement, the FSC has also released security measures in relation to the provision of ‘related data’. In order to prevent inconvenience to consumers, the data related to the MyData services should be provided only for the purpose of providing analysis services requested by users themselves. Considering concerns over third-party information protection and privacy violations, it is prohibited to use related data for purposes other than marketing purposes or provide it to external counterparts that do not belong to the MyData industry. In addition, account numbers that can be identified or specified by the counterpart are not provided. Also, it should be clearly notified that the related data may include information about the user’s personal life, etc.
In addition, MyData operators have decided to build a simplified transfer request and consent system to enhance usability. A function enabling to collectively search the list of subscription products and assets of up to 50 data providers shall also be implemented to enhance consumer convenience. The new guideline also mentioned that it is necessary to provide a link to the MyData portal where MyData operators can provide guidance to the user for using the MyData service and check the service subscription status. In this regard, the portal has been recently released here.
Source: https://newsis.com/view/?id=NISX20210729_0001531280
Our View: the announcement of the FSC followed the meeting that was held on July 7th , and the decision to postpone the official launch of the MyData service was largely expected by the stakeholders of the Korean MyData industry. This new due date should give enough time to companies, in particular SME, that are preparing for opening related services. It will also provide the necessary time for simulating services and related technologies, which was one of the critics that has been mentioned previously. It will be interesting to see whether the companies that just received the license to operate a MyData service will also be able to launch their services early next year at the same time than the first companies that received the license.
