|
Melissa Koh |
Melissa is currently the ASEAN and Greater China Complex Contracting Lead in Accenture, a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Having worked in Accenture’s offices in Hong Kong, China and current based out of Singapore, Melissa leads a team of lawyers in ASEAN and Greater China, negotiating and providing legal support and risk mitigation strategies for complex consulting, information technology, outsourcing and digital contracts with Accenture’s clients. Prior to Accenture, Melissa was an IP lawyer at Lee and Lee and graduated with her LLB from the National University of Singapore. She has a keen interest in artificial intelligence, cloud, blockchain, cybersecurity and other new and emerging technologies relating to the services which Accenture provides. |
Synopsis
Korea has a very stringent legal regime regarding personal data protection. Many statutes claim jurisdictions on issues in personal data protection, including the Personal Information Protection Act (“PIPA”). A major principle which is commonly observed in the relevant statutes is the consent principle. That is, when gathering statutorily defined personal information from a data subject, it is required to give a prior notice and to obtain consent. For obvious practical reasons, however, obtaining consent from all relevant data subjects would be a very cumbersome process in many circumstances. One way to solve this conundrum is to de-identify personal information. Personal information, once properly de-identified, would no longer be considered personal information under the PIPA or other statutes.
With this backdrop, several guidelines were issued by public agencies in Korea, which deal with the concept and procedure of de-identification and their practical aspects. Efforts made along this line was culminated by the issuance of a guideline in 2016 (“2016 Guideline”). The 2016 Guideline was a result of the efforts made by multiple government agencies. The 2016 Guideline provides for a four-step approach for de-identifying personal information. Soon after the publication of the 2016 Guideline, a dozen or so de-identification projects were reported to have been carried out involving multiple organizations. One of the most contentious issues involved the service of linking databases performed by these designated agencies. Questions were raised by certain observers and NGOs regarding the validity and legality of this service from data protection and privacy perspectives. Several NGOs joined forces and even filed a criminal complaint against these designated public agencies and also against the companies which actually conducted de-identification and data linkage in accordance with the 2016 Guideline. We will analyze the de-identification scheme and the ramifications from various reactions of businesses and NGOs.
Further, from 2018, efforts were made to amend statutory provisions in order to introduce the concept of pseudonymization. The proposed statutory amendments on pseudonymization were derived from similar provisions contained in the GDPR, albeit with certain nuanced differences. The proposed statutory amendments, however, have not been enacted yet. We will strive to analyze implications from such legislative stalemate.
Speaker
|
Haksoo Ko |
Haksoo Ko is Professor of Law at Seoul National University School of Law in Seoul, Korea. He holds B.A. and M.A. degrees in Economics from Seoul National University and received both J.D. and Ph.D. (Economics) degrees from Columbia University in New York, USA. He primarily teaches areas in Law and Economics and in Big Data such as Data Privacy and Artificial Intelligence Law. His research interests include data privacy; artificial intelligence; information technology policy; and contract negotiation and arbitration. He has teaching experiences at Columbia University, National University of Singapore, University of Hamburg, and Yonsei University. He also had visitor appointments at UC Berkeley; Freiburg Institute for Advanced Studies; and Vrije University Brussels. Prior to joining academia, he practiced law with large law firms in the U.S. and in Korea. He regularly sits on various advisory boards and committees for the Korean government, legislature, and judiciary. He received Presidential Commendation from the Korean government. He currently serves as President of Asian Law and Economics Association; Director of SNU Center for Law and Economics; and Director of SNU Asia-Pacific Law Institute. In 2017, he launched SNU AI Policy Initiative and currently serves as co-director. He is a recipient of the Humboldt Foundation Fellowship for Experienced Scholars. |
Synopsis
This paper investigates consent in contract relationships - specifically, whether user access on certain platform facilities based on third party information sharing consent, is consent in any contracting sense. Such consent may be neither actual (you don’t know what you are consenting too in sufficient detail) nor voluntary (if you don’t consent you don’t get access) yet the platform operators use consent as if it establishes some contracting relationship.
[This paper will focus on Singapore and Hong Kong developments, proceeding from a common law perspective. It will discuss the impact AI has on consent and contractual relationship.]
Speaker
|
Goh Yihan |
Professor Goh’s research focuses primarily on the law of contract and torts, with a secondary interest in the principles of statutory interpretation and the legal process. He has published numerous books, chapters and journal articles internationally and in Singapore, which have been cited on multiple occasions by the Singapore courts and the Federal Court of Malaysia. He has been appointed amicus curiae before the Singapore Court of Appeal and the Singapore High Court. In recognition of his invaluable contributions to the development and advancement of Singapore law, he became the youngest recipient of the pentennial Singapore Academy of Law Singapore Law Merit Award in 2013. He obtained his LL.B. (First Class Honours) from the National University of Singapore on a University Undergraduate Scholarship, where he graduated as the top student in 2006. He subsequently obtained a LL.M. from Harvard University in 2010 on a NUS University Overseas Graduate Scholarship. |
|
Yeong Zee Kin |
Yeong Zee Kin is Assistant Chief Executive (Data Innovation and Protection Group) of the Infocomm Media Development Authority of Singapore (IMDA) and Deputy Commissioner of the Personal Data Protection Commission (PDPC). In his capacity as ACE (Data Innovation and Protection Group), Zee Kin oversees IMDA’s Artificial Intelligence and Data Industry development strategy. This is one of four frontier technology areas IMDA has identified for its transformational potential for a Digital Economy. The other three are cybersecurity, the Internet of Things, and immersive media. In his role as an AI and data analytics champion, Zee Kin’s work includes developing forward-thinking governance on AI and data, driving a pipeline of AI talent, promoting industry adoption of AI and data analytics, as well as building specific AI and data science capabilities in Singapore. As the Deputy Commissioner of PDPC, Zee Kin oversees the administering and enforcement of the Personal Data Protection Act (2012). His key responsibilities include managing the formulation and implementation of policies relating to the protection of personal data, as well as the issuing of enforcement directions for organisational actions. He also spearheads the public and sector-specific educational and outreach activities, to raise both awareness and compliance in organisations and individuals in personal data protection. Before that, he was Senior Assistant Registrar and CIO cum CDO of the Supreme Court of Singapore. During his time in the Supreme Court, his administrative responsibilities included (at various times) the management of its registry, statistics unit and CISD. He managed the Supreme Court's Shipping, Intellectual Property, Information Technology and Employment lists and developed the specialised procedures for electronic discovery and managing IP cases in the Supreme Court IP Court Guide. He commenced his career as a Deputy Public Prosecutor and State Counsel with the Attorney-General’s Chambers where he prosecuted white collar cases and cybercrimes. In between, he was also with Rajah & Tann’s Intellectual Property and Technology (iTec) practice for a few years. |
|
Lim How Khang |
Lim How Khang is an Assistant Professor of Law and Information Systems (Practice), holding cross-appointments with the School of Law and the School of Information Systems, Singapore Management University (SMU). He is also the Programme Director for SMU’s Bachelor of Science (Computing & Law), an interdisciplinary degree jointly offered by both schools. Prior to obtaining his LL.B. (First Class Honours) from National University of Singapore, he graduated from Monash University with a Bachelor of Computer Science followed by a Master of Information Technology (Minor Thesis). In keeping with his interdisciplinary background in law and computing, his research interests include computational law and smart contracts technology, machine learning and natural language processing, legal informatics and legal analytics, artificial intelligence and the law, and legal technology innovation. |
