According to government documents disclosed this month, the South Korean Ministry of Justice (MOJ) has shared with companies engaging in artificial intelligence approximately 170 million facial images of local and foreign travelers in the Incheon International Airport in Seoul, without obtaining their consent. The biometric data that the MOJ shared was intended to assist the AI companies in developing a governmental AI system for screening and identification of travelers leaving or entering the country. In addition to the facial images, the MOJ provided information regarding the travelers’ age, gender, and nationality.
The South Korean Personal Information Protection Act governs the processing of sensitive information, a term that includes information produced for the purpose of identifying a specific individual through their physical and physiological characteristics. Under the Act, such processing by a third party, requires the specific and separate consent of the data subject. However, sensitive information can be processed by a third party without the subjects’ consent if the processing is performed “within the scope reasonably related to the initial purpose of the collection”.
According to documents disclosed at the request of the South Korean Democratic Party, the MOJ determined that because the images were initially collected for the purpose of identifying travelers, they can also be processed by third parties for the purpose of developing an AI system for identifying travelers. Members of the South Korean Democratic Party and civil rights groups have criticized the MOJ’s unprecedented decision and called for its reconsideration.