UPDATE — SEPTEMBER 2025: Since publishing its October 2024 guide on video privacy in mobile AI systems, South Korea’s Personal Information Protection Commission (PIPC) has expanded its efforts with clarifications on how Article 25-2 of PIPA applies to autonomous shuttles, delivery robots, and drones. In March 2025, it released explanatory materials, followed in June by a self-check compliance tool for companies. Draft PIPA amendments now before the National Assembly would strengthen penalties, require privacy impact assessments for high-risk AI projects, and set rules for cross-border transfers of video data. Industry pilots in Seoul and Busan are already deploying real-time anonymization to comply, while international coordination with the EU has begun to harmonize standards.
ORIGINAL NEWS STORY:
South Korea Sets New Standards for AI Development with Guidelines on Personal Video Data Protection
In a move poised to set a new standard for the responsible use of video data in artificial intelligence (AI) development, South Korea’s Personal Information Protection Commission (PIPC) has released the Guide to the Protection and Use of Personal Video Information for Mobile Video Information Processing Devices. Published on October 14, 2024, the guide focuses on safeguarding personal information captured by autonomous vehicles, service robots, and other mobile video processing devices, addressing growing privacy concerns as AI technology continues to advance.
Strengthening AI Accountability Under PIPA
The guide clarifies how Article 25-2 of the Personal Information Protection Act (PIPA) applies to businesses using mobile video devices for AI development in public spaces. It outlines eight core principles that all organizations must follow to balance technological advancement with privacy protection:
-
Proportionality – Limit data processing to what is necessary and justified.
-
Legality – Collect and use data only within legal frameworks.
-
Transparency – Inform the public clearly about how and why data is collected.
-
Safety – Secure systems to prevent unauthorized access and misuse.
-
Accountability – Ensure compliance through oversight and responsibility.
-
Purpose Limitation – Restrict data use to the specific purpose intended.
-
Control – Allow individuals to exercise their rights over personal data.
-
Privacy Protection – Minimize risks of privacy invasion through strong safeguards.
Privacy-by-Design in AI Development
The PIPC urges companies to adopt privacy-by-design practices throughout product development—from planning to deployment. Businesses must clearly disclose when personal data is collected and maintain transparency, especially in public spaces where video surveillance occurs. When using video data for AI training, companies must pseudonymize or anonymize identifying features such as faces or license plates. The guide allows the use of original data for research purposes only under strict safety and oversight conditions.
Enforcement and Data Management
The guide requires operators to maintain detailed records of data processing, conduct regular audits, and implement secure data storage and deletion policies. For companies outsourcing data processing, the PIPC mandates active oversight and periodic reviews to ensure third-party compliance. By introducing these standards, South Korea is setting a global benchmark for responsible AI development, balancing innovation with data protection and public trust.
Need Help?
If you’re wondering how South Korea’s AI strategy, or any other AI strategies and laws worldwide could impact you and your business, don’t hesitate to reach out to BABL AI. Their Audit Experts can address your concerns and questions while offering valuable insights.
