Data are regarded as a crucial aspect of information technology and artificial intelligence. Data independence is gaining more and more of a place in the world as more superpowers and thick powers compete to become the forefront of AI and IT services.
Data independence refers to the notion that a nation’s and its citizens ‘ data should also be under their power, just as national sovereignty does so. This implies that governments and citizens or consumers should be able to choose when, where, how, and why their information are used.
With the use of AI and the web becoming more commonplace, more and more people are putting more emphasis on making sure that the ownership of data is determined by the country and its citizens. Therefore, countries have recently focused more on strengthening information sovereignty and restricting and evaluating access to data based on different types of data and international companies.
Without distinguishing colleagues from enemies, data sovereignty is lacking.
On June 30, 2021, Didi Chuxing, often referred to as” the Chinese Uber”, proceeded with its IPO on the New York Stock Exchange, raising$ 4.4 billion despite strong opposition from Chinese authorities. The officials had urged a pause because they worried that sensitive personal and regional data may be contained in the Offering documents.
By July 2022, Chinese authorities imposed a great of$ 1.19 billion on Didi Chuxing for violating security laws, leading to the company’s volunteer withdrawal. In response to these concerns, China enacted the Three Data Laws to regulate online information control. The three are who.
- Cybersecurity Law,
- Data protection legislation and regulations
- Personal Information Protection Law
To protect information independence, these laws established regulations like the Security Assessment Measures for Cross-Border Data Transfer, which mandate federal evaluations for the transfer of crucial data abroad.
China’s steps against major software and its data sovereignty measures have received criticism in the West for having a negative impact on businesses, including the US and Europe. However, similar measures were immediately adopted in these areas.
For example, the US Protecting Americans from Foreign Adversary Controlled Applications Act, which was signed into law by US President Joe Biden last month, requires TikTok’s family business, Chinese business ByteDance, to sell its US businesses within 360 time or face a ban due to concerns that the Chinese government might have access to people ‘ personal information.
Prior to this, President Biden had signed an executive order in February to protect Americans ‘ sensitive data, such as biometric, health, and location information, from adversarial nations like China.
Additionally, countries such as Australia, the UK, and the European Union have banned TikTok on government devices and strongly recommend its removal from personal devices.
Europe also has been proactive in addressing data sovereignty. The General Data Protection Regulation, which governs the transfer of data to third parties and countries unless otherwise authorized by the EU, was put into effect in 2018. Additionally, it grants individuals the ability to access and delete their personal data.
The Digital Markets Act and the Digital Services Act, which were signed into law this year, were both more recent efforts to stop foreign big tech platforms like Google, Meta, and Apple from dominating the market, fundamentally aimed at protecting domestic businesses.
Missing Korea’s data sovereignty
In the neighboring economies of South Korea, data privacy and location restrictions are in place. This pattern is evident in the recent Naver Line conflict between Korea and Japan. The Japanese government pressured Naver to transfer its 50 % share of the joint venture Line to its partner, Japan’s SoftBank, due to fears that data from Line Yahoo, used by most Japanese, could be transferred to the Korean company Naver. This demand comes after an information leak from Naver Cloud, which runs the Line messenging service that is most popular among Japanese consumers.
The issue began last November when Line Yahoo’s servers were attacked, resulting in the leak of over 440, 000 personal data records. The Japanese Ministry of Internal Affairs and Communications then issued administrative instructions to Line Yahoo on March 5 and April 16 to safeguard the security of communications. This response highlights Japan’s growing concern about data sovereignty and the use of data outside their purview.
Meanwhile, the Korean government focused solely on opposing the forced sale of Naver’s shares, pledging to “firmly and strongly respond” to these measures. However, this reaction did not address the broader issue of data sovereignty protection.
In contrast to other major nations ‘ efforts to prevent foreign companies from gathering and obtaining data, Korea’s response seems overly complacent. The Korean government still views data sovereignty protection merely as personal information protection, which is the main argument.
The current Personal Information Protection Act explicitly states in Article 1, Paragraph 1, that” the purpose of this law is to protect individuals ‘ freedom and rights by stipulating matters relating to the processing and protection of personal information and, furthermore, to realize the dignity and value of individuals.”
It also briefly and vaguely states in Article 14 Paragraph 2 that the state is required to formulate policies for the transfer of personal information abroad and that it must obtain the information subject’s consent when doing so, without giving an explicit description of its territorial scope.
These limitations indicate that the Korean government continues to view data sovereignty protection with a narrow lens rather than as a matter of national security and a geopolitical issue. The PIPA falls short of the comprehensive measures required to safeguard national data sovereignty in an increasingly interconnected digital world by failing to address the broader implications of data transfers and lacking a clear extraterritorial application.
An Australian think tank recently discovered that Chinese state-controlled propaganda organizations are frequently linked to the collection of data from Chinese businesses, including the shopping and gaming apps AliExpress and Temu.
Relevant Korean ministries, such as the Ministry of Science and ICT and the Personal Information Protection Commission, have only mentioned observing how user data from Chinese online retailers is collected and used, which seems unrelated to the seriousness of the situation.
While other nations put in place measures to restrict where data can be collected and to prevent foreign companies from doing it, Korea still believes that as long as foreign companies properly manage collected personal information and protect against cyberattacks in accordance with PIPA, it is not a major issue.
This suggests that Korea may not fully comprehend how collected and used citizens ‘ data are used by foreign companies operating there. South Korea should take stronger measures to safeguard crucial data for economic security and actively change strict legislative guidelines that cover extraterritorial scope.
Seunghwan ( Shane ) Kim , ( seunghwankim619@gmail.com ) is a researcher at the Korea Foundation.
This article, first published by Pacific Forum, is republished with permission.