DOI QR코드

DOI QR Code

Identifying Stakeholder Perspectives on Data Industry Regulation in South Korea

  • Lee, Youhyun (Department of Public Administration, Ajou University) ;
  • Jung, Il-Young (Office of Future Industry Strategy Research, Science and Technology Policy Institute)
  • 투고 : 2021.05.10
  • 심사 : 2021.06.30
  • 발행 : 2021.09.30

초록

Data innovation is at the core of the Fourth Industrial Revolution. While the catastrophic COVID-19 pandemic has accelerated the societal shift toward a data-driven society, the direction of overall data regulation remains unclear and data policy experts have yet to reach a consensus. This study identifies and examines the ideal regulator models of data-policy experts and suggests an appropriate method for developing policy in the data economy. To identify different typologies of data regulation, this study used Q methodology with 42 data policy experts, including public officers, researchers, entrepreneurs, and professors, and additional focus group interviews (FGIs) with six data policy experts. Using a Q survey, this study discerns four types of data policy regulators: proactive activists, neutral conservatives, pro-protection idealists, and pro-protection pragmatists. Based on the results of the analysis and FGIs, this study suggests three practical policy implications for framing a nation's data policy. It also discusses possibilities for exploring diverse methods of data industry regulation, underscoring the value of identifying regulatory issues in the data industry from a social science perspective.

키워드

1. INTRODUCTION

1.1. Data in South Korea’s Information Technology Industry

Considering the irrevocable change wrought by the COVID-19 pandemic, countries are now preparing for the post-COVID-19 era. As the core component of the Fourth Industrial Revolution in the private sector, data and data innovation have aroused the keen interest of both academia and the public sector. The pandemic has accelerated the societal shift toward an “untact” society, with data becoming the most feasible vector and only asset in the emergence of the data economy.

Indeed, data are being used as a new currency, one that can be exchanged across borders and markets. The emergence of data as a new asset in the data economy is changing the industrial and economic paradigm. Data typically require new technologies to operate, and it seems unavoidable that future technologies will be dependent on data availability. As a quintessential part of the Fourth Industrial Revolution, the data industry differs from the broader Information Technology (IT) industry, which formed the core of the Third Industrial Revolution. The increasing value of data is forcing governments to be involved in the industry, particularly since most of the data collected are personal information related to people’s lifestyles and daily activities, thus involving privacy issues (Janssen & Helbig, 2018).

The data industry is characterized by the expanded scope of data collection of objects, such as the Internet of Things and the collection of data, without evaluating the actual usefulness of the information Korea Institute for Industrial Economics & Trade (2018). In contrast to real assets, data assets are characteristically non-rivaling, nonreplaceable, and experienced commodities. While a single piece of data can be used in various locations simultaneously, data are not replaceable because each piece contains different information. Data are also characterized as an experienced commodity because they can only be identified with contextual information.

Within this data-based economic paradigm, the abilities of firms and countries to use and process data play key roles in securing a competitive advantage, leading to data capitalism, whereby some firms own more data and monopolize consumer data. South Korea is a well-known and interesting testing ground for advanced new technology in the IT industry (Nam, 2017), particularly insofar as it has excellent human resources and an extended grid that coevolve rapidly. However, the rise of the data industry and role of the government in this industry remain confused. Table 1 presents a comparison of the IT and data industries.

Table 1. Comparison of IT and data industries

E1JSCH_2021_v9n3_14_t0001.png 이미지

Source: Reformatted from the Korea Institute for Industrial Economics & Trade (Jang, 2018).

IT, Information Technology.

1.2. Study and Research Question

On the public side, the European Union (EU) has spearheaded regulatory policy by announcing the General Data Protection Regulation (GDPR). While the South Korean government did not enact a regulation policy, it attempted to ameliorate and revise improper data legislation in 2019. With the exception of EU countries, most countries have experienced similar chaos. The world now envisages a fast transition toward the data-economy paradigm. There is no doubt that “data” has become the most important keyword and the source of innovation at present. Therefore, analyzing the South Korean debate will provide insights into the direction of data-industry regulation in different countries. Accordingly, this study provides a rationale for policymakers, data-related industries, and even citizens who use data to design better regulations in the data industry. This study identifies different typologies of data-industry regulation and makes practical policy recommendations. It also addresses the following research question: What typologies of data industry regulation are reflected by experts in South Korea’s data industry?

Addressing this question, this study explores the appropriate role of government in this data-driven society. In a typical approach, the government regulation of data industries is limited to a binary option: protection or promotion. In recent years, the protection of individual data has become one of the government’s most important tasks. Protecting privacy means enforcing the regulation of data. However, according to the emergent paradigm, data can create an individual’s economic value, forcing the government to promote the use of data for the sake of the individual’s benefit. Therefore, by analyzing the South Korean case, this study seeks to overcome typically dichotomous solutions to suggest more timely solutions for dataregulation policy: namely, what the government should or should not do.

The rest of this paper is organized as follows. The second section reviews the relevant literature on data regulation and specific ongoing regulatory issues in the data industry. The third section presents this study’s methodology, namely, the Q methodology and focus group interviews. The fourth section presents this study’s results in terms of four typologies of data regulation and consensus statements. The fifth section discusses the results in greater detail, while the sixth section presents this study’s conclusions.

2. LITERATURE REVIEW

2.1. Era of the Data Economy

Data are an intangible resource in the digital era of the Fourth Industrial Revolution, with data becoming a source of competition between countries and enterprises. The advent of hyperconnectivity has resulted in people and devices generating massive amounts of data. At the same time, the sources of data vary. The global market is driven by firms—such as Google and Facebook—possessing and harnessing considerable amounts of data. Such large amounts of data serve as a catalyst for the development and new value creation of industries. The data economy is an ecosystem for this catalyst.

The term “data economy” refers to an ecosystem of members who play different roles in data collaboration, data production, infrastructure provision, and research while collaborating to access and use data (Kerber, 2017). The data economy ecosystem comprises various types of market participants who create value from data by developing a variety of applications, such as telemedicine, to improve daily life. The data economy includes the entire data market, in which digital data in the form of goods and services derived from raw data are traded. In other words, the data market encompasses the creation, collection, storage, processing, distribution, and delivery of data processed using digital technology. This entire process covers and relates to the data industry.

2.2. Data-Industry Regulation and Issues

Since Warren and Brandeis (1890) argued that there is an intimate relationship between technology development and privacy protection, data have been considered a target for protection. In the US, this privacy issue was initially systematized from a legal perspective in the 1960s (Prosser, 1960). In the 1980s, official Organisation for Economic Co-operation and Development guidelines established the basic principles for the protection of privacy and personal data. However, the paradigm of data has changed the traditional governmental role, with data now being perceived as an asset (Lee & Jung, 2020). As Gatner Inc. notes, the value of data now determines the ranking of each enterprise and government.

Data industry regulations do not have an established theoretical background. However, in a larger scope, data regulation can borrow concepts and theories from technological regulations. Accordingly, this section discusses data regulation from the perspective of existing technological regulation, which is defined as regulation that governs technology that either facilitates or impedes an actor in technological innovation in conducting a business activity. In addition to legal regulations, laws, and ordinances, technological regulation includes quasi-legal regulations, such as guidelines, processes, and criteria. Therefore, the nature of such regulation can be considered to include passive regulations, which may limit certain activities, and active regulations, which may involve payments of grants and guidelines.

The most significant characteristic of technological regulation is its double-sidedness, to which core issues in the data industry are also subject. Technological regulation has a positive influence, including protecting the individual as the primary owner of data, inducing innovation, and ultimately facilitating the growth of the data industry. However, such technological regulation may be excessive or unfair, hindering the progress of technological development, inducing massive administrative costs, and impeding industry growth.

Recent regulatory issues in the government-firm relationship typically occur in the creation, management, and use of data, which start and end the value chain in the data economy. This is due to the governance domain of policy actors surrounding the data industry. The relationship between the government and the firm in the data industry is constructed through the medium of the individual, as the user or primary user of data. In technology-led developments in the data industry, the government faces difficulties regulating firms due to data being perceived as a target for use, rather than only protection. In other words, there is a dual burden to improve the protection of data owned by the primary owner of the data and the asset value of the data created using that data, thus situating it within the boundaries of government regulation. The following section addresses several regulatory issues specific to the data industry: data collection, consent system, data ownership, data policy, laws and regulations, and compensation policies for violation and technology.

2.3. Regulatory Issues in South Korea’s Data Industry

A review of current research on the data industry, data regulation, privacy, and related issues reveals four major regulatory issues relevant to this study. The first is data collection and monopolization (Kang & Jeon, 2018). In recent years, data collection has become the central process of the data industry. In general, there are three types of data pertaining to individuals, two of which are related to regulatory issues (Son, 2017). The first type of data is that provided by individuals. These data do not provoke privacy problems because the person is aware that they have provided the data voluntarily. The second type is observed data, such as purchasing history or location information, which can raise privacy problems in certain cases. The third type is inferred data, which are produced by combining provided and observed data. These data cause regulatory issues because individuals cannot recognize their presence. Inferred data can also be wrong, potentially impacting an individual’s rights. Regulators—typically the government—face numerous difficulties regulating observed and inferred data. Global firms, including Google and Facebook, already have certain privileges. In the Korean context, domestic firms, including Naver and Kakao, have monopolized data collection. While Korean society has called for rational regulation to address these issues, the discussion of domestic regulations lags far behind the EU GDPR.

The second issue is data ownership (Cho, 2018; Kim, 2018; Purtova, 2017; Trute, 2017), with numerous ongoing debates centered on the setting of data ownership. Two specific issues have emerged in this matter. The first is the individual’s self-control of data. If the data come from the individual, the property rights belong to that individual. Second, data are non-rival goods, which means that firms can easily copy and use the data while excluding others from doing so. While many unsolved questions remain, opt-in and opt-out principles are gaining traction as a solution for deciding data ownership. Simply put, opt-in and opt-out principles are those of the consent system, which is important for judging the scope of data ownership.

The third issue concerns domestic data policy and legislation (Kim, 2010a, 2013). South Korea is renowned for its world-class Internet environment, including its network and grid, with massive amounts of data collected through these infrastructures. However, the nation faces the task of transitioning to a data-driven society. Even with sufficient data, the Korean government has failed to suggest the rational use of data, including transactions, distribution, and applications (Lee, 2018).

The fourth issue involves data-based technology. While new technologies such as tracking and profiling are advancing, Korea has yet to institute any responsive regulations. Although to varying degrees, many countries have trouble minimizing the regulation lag—that is, the gap between the level of technology and the level of regulation. Institutional frameworks for data policy should be reconstructed to match the speed of technological development.

3. METHODOLOGY

3.1. Research Design: Q Methodology and Focus Group Interviews

Q methodology was invented by William Stephenson in 1935 to study human subjectivity in a scientific way. It allows access to a given population’s perception and conducts an objective study of subjectivity using quantitative factor analysis (Stenner et al., 2008). This methodology starts with developing concourses, which comes from the Latin word concursus, meaning “running together.”

The course theory was constructed based on two assumptions: First, humans share their knowledge, and second, the structure and function of communication rely on subjectivity. Therefore, a concourse can be constructed from a certain population’s common and different perceptions, knowledge sharing, and debate. The researcher sets a concourse by selecting proper statements, called Q samples (Webler et al., 2001), which represent the concourse for a given population. Q methodology differs from other typical R methods in terms of the main agents of research. In conducting the Q methodology, the participants and respondents lead the research with their subjective viewpoints (Curry et al, 2013; Ockwell, 2008).

Once the Q samples are set, the next step involves selecting participants for the study. This study uses the term “P samples” for participants. P samples are asked to order selected statements related to personality type (Brown, 1997) and are usually purposive samples in the Q methodology. Studies, especially in the social sciences, engage 20-50 participants on average, which is considered adequate for analysis (Brown, 1997). However, studies involving 15 participants (Nijnik et al., 2009) were also found. As such, this methodology is appropriate for small- and mediumsized N.

After selecting P samples, respondents conduct Q sorting based on their own preferences regarding the statements. Q sorting is a core element of the Q methodology, allowing subjectivity to be expressed in a visible way (Watts & Stenner, 2005, 2012). After Q sorting, the researcher conducts a factor analysis to define the discourses of the study. Several useful statistical programs can be employed in this process. This study used the PQ method, the most frequently used method in previous studies.

In addition to Q methodology, this study conducted focus group interviews with six experts in the data economy between August 1, 2019 and September 15, 2019. Interviewees comprised two university professors, two CEOs of data enterprises, one public servant, and one researcher from the National Information Agency. The interviews were conducted based on a semi-structured questionnaire given to the interviewees a week before the interview. Interview data were used as evidence for the interpretation of the Q analysis and policy recommendations.

3.2. Selection of Q Samples

The three most common approaches to selecting Q samples comprise interviews, secondary data, or a combination of the two. In some cases, Q samples can be extracted from the debate of a given population. However, in most cases secondary data—including previous studies, reports, newspapers, and even visual data (pictures and illustrations)—can be used for structuring Q samples. The structure sample is typically employed if the research purpose has a set theory, and the main purpose of the study is to verify that theory. If the research purpose is to explore (i.e., to study new findings or new implications for an unknown field), an unstructured sample is used (Kim, 2010b).

In this study, statements were selected from previous studies on data regulation. However, as there are no concrete theories in this field, this study employs unstructured samples. The number of statements generally ranges from 40 to 60 (Brown, 1980), a number closely related to reliability and consistency (Brown, 1980). Therefore, this study initially sought to secure 40-50 Q samples in its research design. To select the cases of regulatory issues in the data industry, this study reviewed more than 30 domestic and foreign papers, press releases, and policy reports, and selected 43 regulatory issues with reference to the opinions of external experts. Of these, three ambiguous statements were excluded to prevent their potentially confusing the respondents.

Finally, 40 statements were selected as Q samples. These 40 statements were piloted by six data policy experts, a number considered to provide abundant verification of their appropriateness (Brown et al., 2015; Chang et al., 2019). These experts comprise two public policy professors, two senior researchers at the National Institute of Science and Technology (NIST), and two researchers in the data industry. The final statements were divided into seven categories: data collection by firms, consent systems, private information ownership rights, domestic data policies, private information laws and regulations, compensation policies for violation, and new data-based technologies. Table 2 presents these statements.

Table 2. Statements for Q analysis

E1JSCH_2021_v9n3_14_t0002.png 이미지

E1JSCH_2021_v9n3_14_t0003.png 이미지

GDPR, General Data Protection Regulation.

3.3. P Sample Selection and Q Sorting

After constructing Q samples, the next step was to form P samples. In previous studies, the number of Q samples differed, with one sample considered sufficient for some topics (e.g., intensive study). P samples were respondents who participated in the survey. This study selected P samples based on two principles. First, P samples should be experts in data policy. To define experts, this study used the NIST policy-expert pool and then expanded it using snowball sampling. Second, this study sought to diversify the backgrounds of the P samples, which included academia, research, government institutes, industry, and non-governmental organizations. As a result, a list of 42 P samples was finalized, as shown in Table 3.

Table 3. P samples

E1JSCH_2021_v9n3_14_t0004.png 이미지

E1JSCH_2021_v9n3_14_t0005.png 이미지

NGO, non-governmental organization.

Q sorting was conducted from September 24, 2018 to May 2, 2019, using the individual e-mail of each expert. The P samples were invited to distribute the statements for each section. Participants were asked to categorize the 40 statements into three categories: agree, disagree, and neutral. Participants were then instructed to categorize the statements, which consisted of nine sections. The agree section was divided into four sections: +1 (slightly agree), +2 (moderately agree), +3 (fairly agree), and +4 (strongly agree). The disagree section was divided into four sections: -1 (slightly disagree), -2 (moderately disagree), -3 (fairly disagree), and -4 (strongly disagree). Each section also contained limited statements. Statements were allowed for -4 to -1, respectively, and vice versa for +4 to +1. Implementation of Q sorting followed a forced distribution similar to the reversed shape of the quasi-normal distribution.

3.4. Hypotheses

Qualitative studies in social science, including Q-methodology, do not typically propose hypotheses. However, this study has ample scope to evaluate certain propositions based on the results of the Q methodology. Hypotheses comprise two categories: P-samples and Q statements. With respect to the former, it is likely that different affiliations of experts will lead to a binary attitude toward data industry regulation: namely, pro-protection and pro-use. H1 and H1-1 to H1-4 are hypotheses deduced from the P samples. In regard to the Q-statements, it may be possible to link certain statements to others using factor analysis. However, it is impossible to set all research propositions for each Q statement because there are 40 statements. Accordingly, this study selected two important regulatory issues from the Q statements. Based on the literature review and the purpose of this study, two hypotheses are proposed (H2 and H3) concerning the relationship between data policies, the consent system, and data ownership.

Accordingly, this study proposes the following hypotheses:

H1. Experts will exhibit pro-protection or pro-use attitudes toward data regulation based on their affiliations.

H1-1. Non-governmental organizations (NGOs) will exhibit a pro-protection attitude toward data regulation.

H1-2. Government officers will exhibit a pro-protection attitude toward data regulation.

H1-3. Academia will exhibit a neutral attitude toward data regulation.

H1-4. The industry will exhibit pro-use attitude toward data regulation.

H2. The consent system will be bounded by domestic data policies.

H3. Data ownership will be bounded by domestic data policies.

4. RESULTS

4.1. Factor Analysis

After collecting the data, this study conducted factor analysis using the PQ method, ver. 2.35. This study considered four factors, with other factors eliminated due to their eigenvalues being smaller than 1, which is considered improbable (Cliff, 1988; Kaiser, 1960). These four factors were rotated using Varimax rotation to maximize the variance between factors.

Factor A comprised eight defining variables with a composite reliability of 0.97 and standard error of 0.174. Factor A’s eigenvalue was 4.0979, clearly exceeding the crossover point. Factor B comprised seven defining variables, with a composite reliability of 0.966, standard error of 0.186, and eigenvalue of 4.0731. Factor C comprised nine defining variables, with a composite reliability of 0.973, standard error of 0.164, and eigenvalue of 4.8318. Finally, factor D comprised nine defining variables, with a composite reliability of 0.97, standard error of 0.174, and eigenvalue score of 3.2941. In total, 32 participants explained 76% of the overall variance and defined the characteristics of the four selected factors. Table 4 summarizes these results.

Table 4. Characteristics of rotated factors

E1JSCH_2021_v9n3_14_t0006.png 이미지

4.2. Perspective A (PA): Pro-use Activist

Perspective A was defined by eight participants, namely, two experts in academia and research, three in industry, and three from NGOs. While many of their responses were excluded from the final Q analysis, all of the valid responses of three of the experts were included in perspective A. Overall, this perspective exhibits a strong active response to the data regulation issues. Participants felt that if a valid purpose is confirmed, the use of the data can be justified accordingly.

Statements 22, 28, and 36 received the highest scores in this perspective. Participants in this perspective highly agreed (+4) with statement 36, “Broadly speaking, the use of private information for citizen safety and crime prevention should be allowed,” producing a Z score of -1.71. However, to a lesser degree, they also strongly agreed with statement 28, “Developing the data economy requires revising the three laws focusing on easing regulations: namely, the Personal Information Protection Act, Information and Communications Network Act, and Credit Information Act,” producing a Z score of -1.683. They also agreed (+3) with statement 22, “Korea places greater focus on data protection policies than on data use policies, hindering the development of the data economy,” producing a Z score of -1.57.

Perspective A participants did not agree with statements exhibiting more generous attitudes toward data regulation, notably statements 13, 15, 30, and 31. Participants highly disagreed with statement 13, “The consent system must be upheld in order to secure and exercise individuals’ right to control their private information,” which had a Z score of 1.706. Yet to a lesser degree, participants also disagreed with statement 15, “Firms should be banned from collecting and using private information for objectives outside the stated purposes that were agreed upon,” which produced a Z score of 1.6; statement 30, “Penalties for leaking data that may breach individual confidentially should be more severe for data-related private firms and government organizations,” which produced a Z score of 1.325; and statement 31, “Data-related private firms and government organizations should compensate individuals whose information has been leaked regardless of their losses,” which received a Z score of 1.266. Table 5 summarizes these results.

Table 5. Distinguishing statements for type A

E1JSCH_2021_v9n3_14_t0007.png 이미지

4.3. Perspective B (PB): Pro-protection Idealist

Perspective B was defined by seven participants. Four participants held occupations in academia/research, four worked in the government sector, and one worked in the industry sector. Therefore, perspective B largely comprised researchers and government officers. While these participants supported data protection and were cautious about the use of data, they exhibited optimism regarding the value, growth, and future of the data industry.

Four perspective B participants agreed the most with statement 13, “The consent system must be upheld in order to secure and exercise individuals’ right to control their private information,” producing a Z score of -1.74. This is in direct contrast to Perspective A, which gave statement 13 the lowest score. Participants in this perspective also agreed (+3) with statement 21, “The government’s data-use policies increase the potential violation of private information,” which received a Z score of -1.386, and statement 27, “The introduction of aliases and anonymous information will exacerbate concerns regarding data leaks and privacy violations,” which received a Z score of -1.672.

Perspective B participants exhibited a negative attitude toward statement 1, “The monopolizing of the data industry by global firms (e.g., Google, Facebook) will have a negative effect on the domestic industry and the economy,” which received a Z score of 1.629, and statement 2, “The monopolizing of the data industry by global firms (e.g., Google, Facebook) will have a negative effect on individual privacy,” which received a Z score of 1.921. As such, participants exhibited open-mindedness toward the globalization of the data industry. They also disagreed with statement 12, “An individual’s agreement to the collection and use of their private information does not help in protecting their consumer rights because it is merely a formality,” which received a Z score of 1.571. This indicates that they were optimistic about the efficacy and usefulness of the consent system for protecting consumer rights. Table 6 summarizes these results.

Table 6. Distinguishing statements for type B

E1JSCH_2021_v9n3_14_t0008.png 이미지

4.4. Perspective C (PC): Conservative

Perspective C comprised nine participants, four of whom worked in academia or research, four in government, and one in industry. Perspective C exhibited a conservative and prudent attitude toward both the use and protection of data.

Perspective C participants showed the highest agreement with statement 18, “It is impossible for the individual to claim ownership of private information stored in public databases,” which received a Z score of -1.907. Participants also exhibited a positive attitude toward statement 19, “The ‘ownership right’ debate regarding whether the private information is owned by the individual or the firm is meaningless,” which received a Z score of -1.259.

Perspective C participants disagreed with statements implying a lack or limited degree of institutional or governmental support for the use of data. More specifically, participants disagreed with statement 24, “The lack of a control tower overseeing all data-related policies in Korea hinders the development of the data economy,” which received a Z score of 1.18; statement 35, “There is a lack of clarity in or absence of legislation applicable to private information and new data-based technologies (e.g., artificial intelligence, facial recognition, autonomous driving),” which produced a Z score of 1.465; and statement 37, “Developing the data industry requires financial and institutional support for the data distribution system (e.g., data broker firms) and related firms,” which received a Z score of 1.182. Participants also expressed clear disagreement with statement 38, “Developing the data industry requires the strengthening of data standardization and support for security technologies,” which produced Z scores of -2.314 Table 7 summarizes these results.

Table 7. Distinguishing statements for type C

E1JSCH_2021_v9n3_14_t0009.png 이미지

4.5. Perspective D (PD): Pro-protection Pragmatist

The final category, Perspective D, comprised a relatively balanced number of participants from each sector: three individuals from academia or research, two from the government sector, and two who worked in industry. Perspective D participants exhibited reservations about the use of data. They were also cautious regarding the protection of privacy, and urged firms to compensate for the violation of privacy.

Perspective D participants agreed most with statement 27, “The introduction of aliases and anonymous information will exacerbate concerns regarding data leaks and privacy violations,” which received a Z score of -0.957, and statement 32, “Given the difficulties concerning adequate compensation for private data violations, laws should be instituted to assess the level of compensation expected from firms,” which received a Z score of -1.212.

Participants in this category exhibited a negative attitude toward statements related to the GDPR, including statement 29, “Korea needs to pass the adequacy evaluation under the European GDPR to develop its data economy,” which produced a Z score of 1.95. They also disagreed with statement 17, “Although firms collect private information, that information should be considered an asset of the individual and be at that individual’s own disposal,” which received a Z score of 1.18. This indicates that participants in this category considered that while the institution that collected data should have the right to use that data, they should also be responsible for any privacy issues. In other words, the firm, which is capable of dealing with such issues, should have both more rights and more responsibility. Table 8 summarizes these results.

Table 8. Distinguishing statements for type D

E1JSCH_2021_v9n3_14_t0010.png 이미지

GDPR, General Data Protection Regulation.

4.6. Consensus Statements

Factor analysis revealed four perspectives, each containing seven to nine participants. Although these perspectives reveal clear differences in attitudes toward regulation and the use of data, three consensus statements garnered similar responses across all four perspectives, as shown in Table 9.

Table 9. Consensus statements

E1JSCH_2021_v9n3_14_t0011.png 이미지

GDPR, General Data Protection Regulation.

First, all four perspectives agreed with statement 6, “Domestic private information regulators must exercise strict oversight of the collection and use of data by global firms,” indicating domestic experts’ anxiety about global firms. Korean society has already recognized the situation in Europe, where the EU is struggling to effectively regulate global firms like Facebook or Google, even with the GDPR in force. Although the degree of agreement is not particularly high, all four perspectives agreed on the need for effective regulation of the use of data by global firms.

Second, all four perspectives were neutral toward statement 9, “The European GDPR provides effective regulatory oversight of violations of individual privacy by firms.” Although European regulation is at the forefront of the development of data regulation, Korean experts doubted the effectiveness of the GDPR and raised questions about its applicability to the Korean context.

Third, all four perspectives disagreed with statement 33, “Given the difficulties involved in calculating the psychological damage caused by private data violations, compensation should focus on tangible losses only.” Participants’ negative reaction toward the notion that compensation for privacy violations should be restricted to tangible losses indicates the support of data policy experts for expanding the compensation for privacy violations.

5. DISCUSSION

5.1. Response to the Research Question

To answer the research question, this study identified four types of data policy regulators: pro-use activists, proprotection idealists, conservatives (neutral position), and pro-protection pragmatists. Data experts in the government sector fell into types B, C, and D, with none included in type A, pro-use activists. While all of the experts from NGOs were in type A, industry experts were spread across all four regulator types. Experts in academia were spread across types A, B, and D, with none included in type C, pro-protection idealist. Table 10 presents the details of each typology.

Table 10. Details of each type of regulator

E1JSCH_2021_v9n3_14_t0012.png 이미지

NGO, non-governmental organizationc; EU, European Union; GDPR, General Data Protection Regulation.

Type A, pro-use activists, primarily comprised industry and NGO experts. Overall, this type exhibits a strong desire to actively respond to data regulation issues and are amicable toward the use of data and the need to revise data legislation. However, they also hold negative opinions regarding the utility of the consent system, banning of data collection by firms, introduction of severe penalties, and provision of compensation by firms and governments. This attitude directly opposes that of type D, the proprotection pragmatists. Ultimately, the pro-use activists of type A pursue value creation using data and want the government to facilitate the development of the data economy by implementing business-friendly regulations.

Type C primarily comprised those working in academia and the government. People in this category exhibit conservatism, and hold prudent and passive attitudes toward data regulation issues. Type C did not admit the right to data ownership and did not want to participate in the data ownership debate, disliked the lack of public control of the government and data laws, and disagreed with the need for government support for data firms. Therefore, type C people do not wish to change the current data-regulation system, and believe that the responsibility for finding solutions to data issues does not lie with the government.

Type B consisted of government and industry experts. People in this category agreed on the risk of data leakage and utility of the consent system, and insisted on the amelioration of the government’s current data policy. However, they disagreed with the notion that global data monopolies would negatively impact privacy or the domestic economic. Comprising pro-protection idealists, type B welcomes the globalization of the data economy and is open-minded toward the rise of global data firms, such as Google or Facebook, based on a liberal market economy.

Finally, type D comprised academic, government, and industry experts. Like type B, type D agreed with the risk of data leakage and the need to fix legislation regarding compensation by firms. However, they disagreed with the balancing of the Korean standard with the EU GDPR and did not agree that data collected by firms are at an individual’s disposal. This type of regulator ultimately insists on firms having more rights and responsibilities.

5.2. Understanding Consensus Statements

This study used in-depth interview data to analyze the three consensus statements in greater detail. First, certain institutional arrangements for controlling global data firms should be considered in the data-regulation system. The amelioration of data legislation may consider reinforced regulation for supervising global data firms. In other words, the government should play a role in safeguarding global data firms. Data do not have frontiers, and the domestic data economy is vulnerable to external effects. The South Korean framework still fails to consider the benefits of domestic data firms, which are at a beginner level. In this respect, the government should act as a strict regulator to raise the competitiveness of domestic data firms.

Second, extended compensation for damage to privacy should be considered in the regulation system. Firms should be required to provide compensation for privacy violations. However, in reality, it is almost impossible to measure the real damage caused by the violation of data privacy. Therefore, in this chaotic era, the compensation for privacy invasion by firms should be applied in a comprehensive manner with certain time limits. If the government implements strong regulations to protect users’ privacy, the overall data industry will not be able to grow and settle in our society. Therefore, instead of banning such violations in advance, the data-policy experts interviewed in this study argued that inclusive compensation for privacy invasion would be a wiser solution for both firms and individuals. In other words, it is time to concentrate on a back-up plan rather than a prevention strategy.

Third, although the European GDPR has had a significant influence on the domestic data industry, the national regulation framework should consider alternatives to EU policy. In reviewing the existing literature, many Korean scholars argue that Korean policy should follow the rules of the EU GDPR. However, the actual and most active actors in the Korean data industry argue for a more appropriate form of regulation.

5.3. Hypotheses

This study identified seven hypotheses based on the Psamples and Q statements. H1 is supported by these data. In Table 10, four factor groups were derived from the factor analysis, with each factor group exhibiting a dominant profession (affiliation). H1-1 is not supported by the findings, as all NGOs were included in type A (pro-use activists). In other words, contrary to expectation, NGOs showed a very positive attitude toward the use of data. H1-2 is supported by the results, as most government officers exhibited neutral or pro-protection attitudes, while none showed pro-use attitudes. Meanwhile, H1-3 and H1-4 can be neither confirmed nor rejected, as experts situated in academia and industry were dispersed across the pro-use, neutral, and pro-protection groups. Finally, H2 and H3 are supported, with factor analysis revealing that both the consent system and data ownership are related with current domestic data policies.

6. CONCLUSION

This study employed a Q methodology approach to investigate different types of stakeholders in the data industry. A total of 42 experts from South Korea’s data industry, public sector, NGOs, and academia (researchers and professors) participated as P samples. According to the results of the Q analysis, four major types were identified from these P samples, namely, activists, idealists, conservatives, and pragmatists. This study also conducted focus group interviews with six data policy experts to explore practical directions for future data regulation. In doing so, this study makes three major contributions.

First, this study suggests a diverse perspective of regulation. While debates on data-industry regulation tend to center on a dichotomy between promotion or regulation, this study’s Q analysis results support diverse perspectives on regulation. In particular, type A, B, and D thought the government should be more active in data-industry regulation, while type C insisted on the intervention of other actors rather than the government. Among those valuing data protection, types B and C differed in their attitude toward the responsibility of data firms and the globalization of the data industry.

Second, the consensus statements prompt three practical policy recommendations: The government should (a) develop a legal and policy framework to increase its control over global data firms, such as Google and Facebook; (b) consider a back-up plan for privacy violations; and (c) develop a domestic data policy suitable for the unique cultural context of South Korea.

Third, this study provides proof of data regulatory policies, which remain relatively under-researched. From a social science perspective, both the data industry and data economy are opaque, with few studies addressing the role of the government in this regard. As such, the South Korean case can provide crucial evidence and a reference for other countries developing data regulations and overall data policies. Regardless of its lacunae, this study provides insights for any government interested in the importance of data in an untact society.

Regulation and promotion are the most typical forms of government intervention in the market and are implemented as public policies. From the perspective of policymakers, promotion is a means of support, while regulation is a means of control aimed at healthy market transactions or fair competition. Most public policies are implemented within one of these two governmental categories. However, data policies in a data economy cannot be implemented within this binary framework, requiring more diverse forms of regulation. The data policy experts surveyed in this study do not believe that the government should be solely responsible for such regulation, while even those working in NGOs recognized and affirmed the use of data as an asset. While these results indicate the need to change our approach to regulating data industries in the era of the data economy, more evidence and research are necessary.

ACKNOWLEDGMENTS

This work was supported by the Science and Technology Policy Institute Research Fund. We express our sincere gratitude to Dr. Lee Kwang-ho for his insights regarding the Q-statements.

CONFLICTS OF INTEREST

No potential conflict of interest relevant to this article was reported.

참고문헌

  1. Brown, S. R. (1980). Political subjectivity: Applications of Q methodology in political science. Yale University Press.
  2. Brown, S. R. (1997). The history and principles of Q methodology in psychology and the social sciences. Paper presented at the British Psychological Society Symposium on "A Quest for a Science of Subjectivity": The Lifework of William Stephenson, London, UK.
  3. Brown, S. R., Danielson, S., & van Exel, J. (2015). Overly ambitious critics and the Medici Effect: a reply to Kampen and Tamas. Quality & Quantity, 49(2), 523-537. https://doi.org/10.1007/s11135-014-0007-x.
  4. Chang, R., Cao, Y., Lu, Y., & Shabunko, V. (2019). Should BIPV technologies be empowered by innovation policy mix to facilitate energy transitions? - revealing stakeholders' different perspectives using Q methodology. Energy Policy, 129, 307-318. https://doi.org/10.1016/j.enpol.2019.02.047.
  5. Cho, S. Y. (2018). A study on the guarantees of basic rights of data subject and consent by data subject in the law of personal data protection. Law Review, 18(1), 321-346. https://www.dbpia.co.kr/journal/articleDetail?nodeId=NODE07408469.
  6. Cliff, N. (1988). The eigenvalues-greater-than-one rule and the reliability of components. Psychological Bulletin, 103(2), 276-279. https://psycnet.apa.org/doi/10.1037/0033-2909.103.2.276.
  7. Curry, R., Barry, J., & McClenaghan, A. (2013). Northern visions? Applying Q methodology to understand stakeholder views on the environmental and resource dimensions of sustainability. Journal of Environmental Planning and Management, 56(5), 624-649. https://doi.org/10.1080/09640568.2012.693453.
  8. Jang, Y. J. (2018). Changes of data technology industry in the field of 4th industry and tasks of Korea. KIET Industrial Economic Review, 10, 7-21.
  9. Janssen, M., & Helbig, N. (2018). Innovating and changing the policy-cycle: Policy-makers be prepared! Government Information Quarterly, 35(4 Supplement), S99-S105. https://doi.org/10.1016/j.giq.2015.11.009.
  10. Kaiser, H. F. (1960). The application of electronic computers to factor analysis. Educational and Psychological Measurement, 20(1), 141-151. https://doi.org/10.1177%2F001316446002000116. https://doi.org/10.1177%2F001316446002000116
  11. Kang, H. G., & Jeon, S. M. (2018). The current issues on domestic e-commerce regulations and global competitions: Market dominance, data sovereignty, and Amazon effects. Korean Journal of Law and Economics, 15(3), 355-374. http://doi.org/10.46758/kjle.2018.12.15.3.355.
  12. Kerber, W. (2017). Rights on data: The EU communication 'building a European data economy' from an economic perspective. In S. Lohsse, R. Schulze, & D. Staudenmayer (Eds.), Trading data in the digital economy: Legal concepts and tools (pp. 109-134). Nomos.
  13. Kim, H. K. (2010a). A study on the regulation of the non-linear channel in the age of the convergence. Korean Journal of Broadcasting and Telecommunication Studies, 24(3), 98-136. https://www.dbpia.co.kr/Journal/articleDetail?nodeId=NODE01447529.
  14. Kim, J. H. (2013). Finding critical success factors for spatial data industry by comparing strategies of digital earth enterprises. Journal of the Korea Contents Association, 13(3), 318-329. https://doi.org/10.5392/JKCA.2013.13.03.318.
  15. Kim, S. E. (2010b). Theories and philosophy of Q-methodology. Korean Society and Public Administration, 20(4), 1-25. https://www.dbpia.co.kr/journal/articleDetail?nodeId=NODE01378759&language=ko_KR.
  16. Kim, T. O. (2018). The constitutional right to informational self-determination in the era of data-driven innovation - focused on the improvement of regulations through comparison of the IT network act and the EU GDPR -. Administrative Law Journal, 55, 29-56. http://doi.org/10.35979/ALJ.2018.11.55.29.
  17. Lee, S. Y. (2018). Response and evolution of the law on datadriven innovation in Korea. Journal of Law & Economic Regulation, 11(2), 147-167. https://www.dbpia.co.kr/Journal/articleDetail?nodeId=NODE07582373.
  18. Lee, Y., & Jung, I. (2020). Dilemma of data driven technology regulation: Applying principal-agent model on tracking and profiling cases in Korea. Journal of Digital Convergence, 18(6), 17-32. https://www.earticle.net/Article/A377473. https://doi.org/10.14400/JDC.2020.18.6.017
  19. Nam, T. (2017). Achievable or ambitious?: A comparative and critical view of Government 3.0 in Korea. International Journal of Electronic Government Research, 13(1), 1-13. https://doi.org/10.4018/IJEGR.2017010101.
  20. Nijnik, M., Nijnik, A., & Bizikova, L. (2009). Analysing the development of small-scale forestry in Central and Eastern Europe. Small-scale Forestry, 8(2), 159-174. https://doi.org/10.1007/s11842-009-9077-3.
  21. Ockwell, D. G. (2008). 'Opening up' policy to reflexive appraisal: A role for Q Methodology? A case study of fire management in Cape York, Australia. Policy Sciences, 41(4), 263-292. https://doi.org/10.1007/s11077-008-9066-y.
  22. Prosser, W. L. (1960). Privacy. California Law Review, 48(3), 383-423. https://doi.org/10.2307/3478805.
  23. Purtova, N. (2017). Do property rights in personal data make sense after the big data turn? Individual control and transparency. Journal of Law & Economic Regulation, 10(2), 208-222. https://www.dbpia.co.kr/Journal/articleDetail?nodeId=NODE07296102.
  24. Son, Y. H. (2017). The challenges of protecting personal information in the age of internet of things (IoT) - focusing on the revised personal information protection act of 2015 in Japan -. Business Law Review, 31(2), 293-324. https://doi.org/10.24886/BLR.2017.06.31.2.293.
  25. Stenner, P., Watts, S., & Worrell, M. (2008). Q methodology. In C. Willig, & W. Stainton-Rogers (Eds.), The SAGE handbook of qualitative research in psychology (pp. 215-239). Sage .
  26. Trute, H.-H. (2017). Industry 4.0 in Germany and the EU - data between property and access in the data-driven economy. Journal of Law & Economic Regulation, 10(2), 169-192. https://www.dbpia.co.kr/journal/articleDetail?nodeId=NODE07296100.
  27. Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193-220. https://doi.org/10.2307/1321160.
  28. Watts, S., & Stenner, P. (2005). Doing Q methodology: Theory, method and interpretation. Qualitative Research in Psychology, 2(1), 67-91. https://doi.org/10.1191/1478088705qp022oa.
  29. Watts, S., & Stenner, P. (2012). Doing Q methodological research: Theory, method & interpretation. Sage.
  30. Webler, T., Tuler, S., & Krueger, R. (2001). What is a good public participation process? Five perspectives from the public. Environmental Management, 27(3), 435-450. https://doi.org/10.1007/s002670010160.