The FSC introduced guidelines on MyData services on February 22, which contain details about the consumers’ data privacy rights, scope of data transfers, operational procedures, obligations for service providers and so on, as MyData businesses will begin to offer their services using standardized API beginning on August 4, 2021.
In addition, MyData support center has been set up at the Korea Credit Information Services to facilitate a seamless operation for both service providers and consumers. The center will provide support for quick resolution of conflicts and consumer complaints through MyData web portal.
I. Scope of Data Provision
The guidelines specify the types of consumer credit and financial data that can be provided through MyData services from a range of financial sectors, such as credit finance and financial investment businesses, insurance businesses, credit card companies, electronic financial services, etc. A further expansion on the types of consumer data available for MyData will be reviewed and decided in the future.
II. Protection of Consumer Rights
The guidelines contain measures to ensure that consumers are giving consent to data transfer with sufficient awareness of their data privacy rights through the use of easy-to-understand language and visual contents while allowing freedom of consent, denial, withdrawal, etc. To strengthen data protection, MyData businesses will be required to make their service cancellation process easy and completely remove consumer credit data from their platform when cancellation occurs. MyData firms will be prohibited from offering excessive rewards as sales pitch to prevent excessive competition in the industry. For the purpose of data security management, MyData firms will be subject a set of specific data security standards and the suitability and vulnerability tests.
III. Data Transfer Process
First, data subject files a data transfer request at a financial institution after choosing specific types of data s/he wants to transfer and selecting a MyData service provider of their choosing. The data subject is able to make a request for data transfers from multiple originating entities using a secure and dependable personal authentication system. Then, data transfer takes place in real-time from the financial institution to MyData service provider using API, or the requested data is transferred to the personal data storage (PDS) inside the MyData web portal if the transfer is made to another financial institution or for personal storage purpose.
The FSC will set up a taskforce in March to look into ways to further strengthen consumer rights on MyData services. The authorities will also operate a testbed for the system development and verification to guarantee that consumers are able to exercise their data transfer rights safely.
* Please refer to the attached PDF for details.