Republic of Korea: Personal Information Protection Commission announced cooperation with Jeollanam-do and Sejong to improve privacy protections in local ordinances and ensure alignment with Personal Information Protection Act

On 12 September 2025, the Personal Information Protection Commission (PIPC) announced that it is cooperating with Jeollanam-do and Sejong Special Self-Governing City to review a total of 1'793 ordinances (985 in Jeollanam-do and 808 in Sejong) in order to identify and address personal information infringement factors not subject to the assessment scope under the Personal Information Protection Act. Of these, 263 ordinances (115 in Jeollanam-do and 148 in Sejong) involved the processing of personal information, and 38 ordinances (19 in each jurisdiction) were found to contain infringement risks, including the unnecessary collection of excessive personal data beyond the intended administrative purpose, the processing of resident registration numbers without the legal basis required by presidential decree under the Personal Information Protection Act, and provisions inconsistent with the purpose or content of the Act. Examples included replacing requirements to provide resident registration numbers with date of birth, removing insufficiently grounded collection of resident registration card copies, and ensuring that when debt-related information on parents of children and adolescents is collected for legal aid purposes, the purpose, items, and retention period of the data are specified in compliance with Article 15(2) of the Act. The local governments plan to revise the ordinances in stages to better protect personal data, and the PIPC will share these findings with other municipalities. The PIPC noted that it expects the changes to reduce unnecessary data collection, strengthen safeguards against leaks, and enhance public trust in local governance.