The Enactment of the Data Protection Act and the Responsibility of the Data Protection Commission

 

Joint Press Statement 

From MINBYUN-Lawyers for a Democratic Society, JinboNet-Korean Progressive Network, Catholic Human Rights Commission

10 March 2011

 

The Enactment of the Data Protection Act and the Responsibility of the Data Protection Commission

 

 

On 9 March 2011, the National Assembly of the Republic of Korea performed an examination of two acts concerning personal data. The first is the revised bill of the Residents Registration Act for the electronic ID card which had been examined by the Public Administration and Security Committee’s subcommittee and further deliberation of this Act is to be postponed to April. The second is the Data Protection Act that the subcommittee of the Legislation and Judiciary Committee passed. The Act also passed the regular session of the Legislative and Judiciary Committee on 10 March and then it passed the plenary session on the following day on 11 March.

 

The enactment of the Data Protection Act has been a long-cherished wish of many human rights organizations since the controversy over the electronic ID card began in 1996. The main point in this issue is the establishment of an independent data protection supervisory authority named the Korea Data Protection Commission. The Data Protection Commission, which could be considered as independent, seems to have been created, despite an obstacle of the Ministry of Public Administration and Security to further its own interests. In this process, the Data Protection Act has received invaluable contributions from many specialists, human rights organizations, and the opposition party. 

 

Originally, a bill by the Ministry of Public Administration and Security placed the Data Protection Commission under the prime minister. Furthermore, the President appoints all the commissioners without the assistance of the secretariat and the standing commissioner. In September 2010, however it was agreed by the Public Administration and Security Committee that the Data Protection Commission be promoted to the president’s department, and that the National Assembly and the Court could appoint one third of the commissioners. Also the Commission could have the secretariat and the standing commissioner. Most importantly, the commission could have the right to vote, whereas previously it had had only the right to deliberate, and also it has the right to demand the submission of materials and the measure for redress to public institutions. 

 

But, this alternative also included some exceptions to public institutions and has many articles mandating the Presidential Decree. Moreover, it had its limits, as there was no means to control the Ministry of Public Administration and Security’s influence on the Data Protection Commission. At that time, the president had appointed the chairman and the standing commissioner, which meant that among those 15 members, the majority were from the government and the ruling party. It is easy to see why this kind of appointment made it difficult for the Data Protection Commission to truly act as an independent authority, capable of checking or supervising policies that were pushed by the government. 

 

Reducing the numbers of mandates to the Presidential Decree, disproving the Ministry of Public Administration and Security’s false remarks that there were no antecedents, and preventing public officials from taking commissioners are great accomplishments. There are, however, some limits as there are many exceptions to public institutions that still exist, and no one can accurately predict when the Data Protection Commission will ultimately achieve complete independence. We’re still afraid of the possibility that the government has a hand in the working-level through the influence on the standing commissioner, so that we regret that the standing commissioner missed the appointment from the National Assembly as a result of opposition by the ministry during the bill examination.

 

Concerning the alternative, the Ministry of Public Administration and Security has proclaimed that it fits into the international standard like EU directives and heard the same opinion from the former EU deputy director. However, whether the Data Protection Commission has enough independence or not would be seen through the work. There still exist some controversial issues such as the possibility of electronic ID cards violating human rights or the problems caused by the increase of CCTV in certain areas, such as jails. Specifically, pursuant to the recommendation from the National Human Rights Commission of Korea in 2007, the regulation act for surveillance in the workplace, apart from the Data Protection Act, should be quickly passed to improve the circumstances of workers who have been suffering from the state of the art watching device. 

 

It is really regrettable that the Korean press has not been effectively performing the monitoring work until the enactment of the Data Protection Act. Some media have even repeated the Ministry of Public Administration and Security’s groundless claims, misleading public opinion. The press should strive to create a proper data protection system and to reject suggestive reports about personal data leaking. 

 

We are to keep watching, reporting and taking action for continuing improvement of the Data Protection Act.