In South Korea, the Epidemic Intelligence Support System (EISS) has officially been in operation since March 26, 2020 to automate the epidemiological investigation procedure of the Coronavirus disease 2019 (COVID-19) after the pandemic. The EISS aims to automatically analyze the movement routes of confirmed patients by collecting and processing personal data from various public and private institutions. However, there is no provision of law planned to limit the analysis and prediction of sensitive personal data that becomes increasingly precise, the purpose and processing of the system, or ensure the rights of the data subjects.
The structure of the Personal Information Protection Act (PIPA) in Korea has not regulated “automated personal data processing” differently from general personal data processing, such as written documents. The problem is that with the development of digital communication technology, a plethora of more various types of personal data are being processed at a faster speed. As AI technology is applied to personal data processing methods in recent years, we are moving towards automated evaluation, analysis, prediction as well as decision-making. Compared to the methods in which personal data was processed manually or through paper documents, this change in personal data processing methods has a significant impact on the fundamental rights of data subjects, such as the right to the protection of personal data. Nevertheless, there is not enough discussion on the legal regulations.
The civil society in Korea has called the problematic human rights in such automated personal data processing “digital rights” and has demanded that they be guaranteed as fundamental rights protected by the Constitution. Chapter 2 outlines the progress of how Korean society developed by raising questions whenever the impact of the personal data processing methods on fundamental rights increased. Chapter 3 examines international norms related to automated personal data processing, such as profiling, and solely automated decision-making. Chapter 4 looks into problems with the EISS as a profiling system for sensitive data. Chapter 5 presents a legal regulation idea for the EISS to protect the rights of data subjects, and we concludes with Chapter 6.
This report is written by Chang Yeo-kyung from Institute for Digital Rights in South Korea, and sponsored by Human Rights Foundation SARAM. We would like to share awareness of issues with human rights activists at home and abroad and initiate social dialogues for disease control policies and social solidarity that guarantees human rights even in the midst of a global pandemic.
For more information, please contact :
idr.sec@gmail.com
Contents
1. Introduction
2. Growing awareness of problems with automated personal data processing and fundamental rights
3. European norms for automated personal data processing and profiling
--A. Concept of profiling
--B. Principles of general profiling process
--C. Profiling of solely automated decision-making
--D. Comparison with the norms of Korean PIPA
4. Automated personal data processing and profiling of EISS
--A. Overview of EISS
--B. Personal data processing of EISS
5. Direction of EISS regulations
6. Conclusion