The AI Privacy Risk Is in the Input Box, Not the Model
I read a paper on generative-AI privacy regulation published in Media and Law (Yeom Gyu-hyeon, Vol. 24 No. 1). Its subject is how to reconcile freedom of expression with personal data protection when using AI in media and journalism environments, and toward the end it moves into the elements of criminal liability: assessing intent, the scope of the duty of care, proving causation.
Honestly, that part isn't my field. I'm neither an AI expert nor a criminal-law specialist, so I'm in no position to evaluate it. But there were two places that overlap with what I actually have to explain to clients while consulting, and those are worth jotting down.
Service risk, not model risk
Section 2.3 of the paper is the most practical. The gist is this. There are new privacy risks that the AI model itself creates (model inversion, membership inference, that sort of thing), but the moment you use AI as a web service, the traditional data-management problems arise exactly as they always did.
When a user types something into a prompt, that input is just data stored in a web service. If a customer's name is in it, that's personal data; if the provider is an overseas operator, that's a cross-border transfer. It's a problem that exists prior to whether the model learns from it or not.
In the field, when a client brings up adopting AI, the questions usually run this way: "Will our data be used for training?" "Could it be re-identified?" They're worth worrying about, but where defects actually get flagged is somewhere far more mundane. A marketing team member pasting a customer list into a chatbot and saying "segment this for me." Dumping an entire consultation history in to have it summarized. This isn't a cutting-edge AI issue; it's just a cross-border transfer of personal data (PIPA Article 28-8) and use beyond the stated purpose.
AI adoption review forms often have an item checking "whether data is used for training," but no rule defining "what an employee is allowed to type into a prompt." The latter is where incidents actually happen.
The paper's use of the DeepSeek case is in the same vein. What became a problem was that personal data was collected broadly in the course of providing the service, not that the model architecture was the problem.
The press isn't exempt from PIPA
The paper introduces GDPR Article 85 (the exemption for processing carried out for journalistic, academic, artistic, or literary expression) and proposes examining the introduction of a similar special provision into Korea's Personal Information Protection Act.
But our law already has something similar. PIPA Article 58(1)4. Personal data that the press collects and uses to achieve its inherent purpose of news gathering and reporting is not subject to Chapters 3 through 8.
Two things practitioners often get confused about here.
One. The exemption applies only to "collection and use." Another controller "providing" personal data to a press outlet is a separate matter. If a local government hands CCTV footage to a news outlet for reporting purposes, that's provision beyond the purpose, so you have to work through Article 18. The PIPC's Q&A collection spells this out too.
Two. Even with Chapters 3–8 removed, Article 58(4) remains. Under that clause you must process only the minimum personal data within the purpose, for the minimum period, and you still have to put technical, administrative, and physical safeguards and a grievance-handling procedure in place. It is not "the press is outside PIPA." It absolutely does not mean you can toss news-gathering data around however you like.
So the paper's proposal to introduce a special provision is better read not as "there's no clause for it," but as pointing out that the current exemption approach isn't an active balancing obligation like GDPR's "reconcile freedom of expression with data protection." Beyond that is not for me to judge.
In the end, you have to do what you were already doing
The thought left after closing the paper was a slightly deflating one. AI-regulation discourse is flashy. Risk-based approaches, algorithm audits, restorative justice, transparency obligations. All necessary topics.
But what actually gets flagged as a defect in consulting practice is still access-rights management, cross-border transfer notices, outsourcing contracts, privacy policies. Adopting AI doesn't make these stop getting flagged; it makes them get flagged more often. An AI service is, in the end, just one more processor you outsource to, or one more transfer destination sending data to an overseas operator.
Before waiting for new regulation, there's still a lot you can catch with the clauses that already exist.
Source
- Yeom Gyu-hyeon (2025), "A Study on Personal Data Protection Regulation in the Era of Generative AI: Focusing on Key Legal Issues in Media and Journalism," Media and Law 24(1), 1–41. DOI 10.26542/JML.2025.4.24.1.1