Republic of Korea: Personal Information Protection Commission issued preliminary findings and recommendations on data protection for Artificial Intelligence Digital Textbooks

On 14 May 2025, South Korea’s Personal Information Protection Commission (PIPC) released the findings of a preliminary inspection into the personal data practices of Artificial Intelligence (AI) Digital Textbooks (AIDTs) focusing on Korea Education and Research Information Service (KERIS). The inspection applied to education technology providers using AI-powered textbooks, which process students' learning data to customise content. The inspection identified shortcomings in legal basis, transparency, security safeguards, and data subject rights protections. The PIPC recommended that KERIS revise its privacy policy and consent forms, clarify purposes for national-level data collection, and enhance security by obtaining ISMS-P certification and possibly designating the AIDT system as a central management system subject to stricter obligations under the Personal Information Protection Act. The Ministry of Education was urged to revise evaluation guidelines and certification criteria to align with data protection rules and ensure role clarity among participants. The entities must respond to the PIPC’s recommendations within 10 days and report implementation progress within 60 days.