South Korea is facing a conflict over whether to further ease domestic restrictions to allow financial companies, especially foreign entities, to transfer customers’ information overseas for processing at data centers operated by their global headquarters or third parties.
The current regulation restricts offshore data processing and outsourcing without prior consent from the country’s financial authority due to privacy and security issues.
Financial and legal experts said that relaxing the rules governing overseas financial data transfer and processing would help cut costs and raise efficiency through the use of cloud computing servers.
As Korea must adopt an open information model in accordance with its free trade agreements with the U.S. and European Union, it can no longer be passive or indecisive on the matter but must actively move forward by clarifying the legal meaning of information transfer.
“We need to clearly define what information transfer means before spurring the cloud computing industry,” said Park No-hyoung, law professor at Korea University.
Park No-hyoung, professor at Korea University’s School of Law
“Korea is in a difficult position, but since we have already taken a hit with the issue, the country has the advantage to move first in setting the right direction on cross-border data flows.”
With the World Trade Organization discussing the matter toward standardizing a freer flow of digital information, the move has become inevitable even for Korea amid the rise of the digital economy, said Park, also the director of Cyber Law Center in Seoul.
However, deregulations on offshore data processing and storage could have a severe impact on the country’s ICT industry and its cloud computing ecosystem as the market is dominated by global tech giants such as Amazon, Microsoft, Google and IBM.
Introduced in 2008, Korea’s bill on improving the cloud computing industry has not yet been approved by the National Assembly as policymakers and regulators have been caught in the crossfire between lawmakers demanding strengthened privacy rules and the U.S. and the EU stressing ease of information transfer.
Also, various government and regulatory agencies have not yet decided and fine-tuned their roles on which ones will govern the cloud computing industry and regulate security.
“Korea needs to find the right balance between regulations and industry efficiency as it adopts new rules on data transferring,” Park said.
By Park Hyong-ki (email@example.com