Overview
Doyeup Kim focuses his practice on IT/broadcasting telecommunications matters, with a particular focus on regulatory issues regarding IT, protection of personal information, and compliance.
Mr. Kim was responsible for APP service/system review, privacy system establishment, big data analysis by using personal information, and new business projects, including establishment of new servers and their transmission overseas, and data usage/advertising in IoT. In particular, he played a leading role in reviewing legal issues relating to data integration, overseas transmission, consent to receive marketing messages in the EU, US, Middle East, CIS, Southeast Asia, Southwest Asia and Central and South America in connection with customer-based marketing platform setup projects.
Mr. Kim holds privacy-related certifications, including CIPP/E (Certified Information Privacy Professional/Europe), PIMS (Personal Information Management System) Auditor, ISO 27001 Auditor, Privacy Impact Assessment Expert, and SECU-STAR Assessor. He also responded to the investigations by Korean/foreign government regulatory authorities and cases involving personal information leakage/theft. He completed a doctoral course at Korea University Graduate School of Information Security. Based on his work experience, he was appointed as advisory counsel for the Personal information Protection Commission and Korea Communications Commission and a member of the Personal Information Protection Self-Regulatory Committee, Korea Communications Commission, EU Adequacy Assessment Public and Private Joint Bureau of Ministry of the Interior, Public and Private Partnership Forum of E-government of Ministry of the Interior, Personal Information Protection Forum of Korea Internet & Security Agency, and member of Committee for Adequacy Assessment, Korea Credit Information Services and Financial Security Institute, respectively. In addition, he has advised on international privacy law matters concerning the GDPR and CCPA as well as domestic matters concerning enactment of and amendment to the Video Information Protection Act, Personal information Protection Act and Information and Communications Network Act. He co-authored the introduction, guidance and guidebook in relation to the EU GDPR for domestic companies and deal with compliance projects.
Related Practices
Representative Experience
2018-Present
Bae, Kim & Lee LLC
2012-2018
Global Privacy Office, Legal Affairs Division, Samsung Electronics
See More
2023-Present
Member, Public-Private Committee on Policies for AI Privacy, Personal Information Protection Commission
2023-Present
Member, Data Mediation Committee, Ministry of Science and ICT
2023-Present
Member, Data Review Board (DRB), Seoul National University Hospital
2023-Present
Member, Evaluation Committees of Appropriateness of Data Pseudonymization and Anonymization; Korea Credit Information Services, Korea Financial Telecommunications & Clearings Institute, and Social Security Intelligence
2023-Present
Member, Committee of Consent Grading System, Korea Credit Information Services
2023-Present
Member, Committee for National Tax Statistics Center, National Tax Service
2022-Present
Member, Technology Forum, Personal Information Protection Commission and Korea Internet & Security Agency
2020-Present
Advisory Counsel, Personal Information Protection Commission
2020-Present
Member, Committee for Pseudonymous or Anonymous Identity Appropriateness Evaluation, Korea Credit Information Services
2020-Present
Data-Specialized Consultant, Korea Data Agency
2020-Present
Member, Legal System Study Group for Prevention of Illegal Spams, Korea Communications Commission
2020-2021
Member, Committee for Appropriateness Evaluation, Financial Security Institute
2019-Present
Member, De-Identified Information Deliberation Committee, Korea Credit Information Services
2019-Present
Member, Forum for Legal System on Intelligence Data, National Information Society Agency
2019-Present
Member, Personal Information Protection Forum, Korea Internet & Security Agency
2019
Member, System Renovation Advisory Group, Personal Information Protection Commission
2019
Member, Committee for Advice on Personal Information Laws and Regulations, Korea Communications Commission
2018-2020
Member, Personal Information Protection Self-Regulatory Committee, Korea Communications Commission
2017-Present
Member, Committee for De-Identification Measure Appropriateness Evaluation, Korea Internet & Security Agency
2015-Present
Attorney specializing in IT and broadcasting telecommunications, Korean Bar Association
Representative Matters
Advised a global IT company on the establishment of global personal information protection system (Advised on privacy governance setup, internal guidelines, overseas transmission, privacy by design, and global/local privacy policy)
Advised a global IT company on personal information issues related to data collection, integration, analysis, and marketing as an attorney in charge of big data
Advised a global IT company on the Personal Information Acts of different countries and responding to the GDPR, regarding profiling, marketing, rights of information subjects, third party agreement structure, following the establishment of a data-based online platform (target countries: over 50 countries, including countries in EU, US, Middle East, CIS, Southeast Asia, Southwest Asia, and Central and South America)
Advised a global IT company on marketing using online advertisement ID (e.g. ADID) targeting US, France, Australia, Singapore, and South Korea
Advised a global IT company on measures of making identifiers and informers unidentifiable and their range of use
Advised a global IT company on the establishment of global personal information protection system (Advised on privacy governance setup, internal guidelines, overseas transmission, privacy by design, and global/local privacy policy)
Advised a global IT company on personal information issues related to data collection, integration, analysis, and marketing as an attorney in charge of big data
Advised a global IT company on the Personal Information Acts of different countries and responding to the GDPR, regarding profiling, marketing, rights of information subjects, third party agreement structure, following the establishment of a data-based online platform (target countries: over 50 countries, including countries in EU, US, Middle East, CIS, Southeast Asia, Southwest Asia, and Central and South America)
Advised a global IT company on marketing using online advertisement ID (e.g. ADID) targeting US, France, Australia, Singapore, and South Korea
Advised a global IT company on measures of making identifiers and informers unidentifiable and their range of use
Advised a global IT company on issues related to transfer of employees and clients, following a disposal of a division
Advised a global IT company on issues related to the Personal Information Act and Information and Communications Network Act, including legality of application and services, information availability, and UX/UI
Advised a global IT company on business models of new IoT products and services, agreement structure, data sharing, and legality of Privacy Notice and COPPA
Advised a company on responding in advance to privacy monitoring by domestic and foreign government regulatory agencies, and advised on measures to deal with infringement and information leakage
Advised a global IT company on location of new server (CLOUD, IDC) following data flow, necessity of establishing a new server, construction scope and server construction plans
Advised a global IT company on the consent to use personal information of Korean officers/employees, policy on personal information processing, and issues related to overseas transfer of personal information of foreign officers/employees
Advised a global IT company on employee personal information, including database management before, during and after employment, employee monitoring, and CCTV
Advised Korea Communications Commission on EU's adequacy assessment and APEC CBPR
Advised on the amendment to the provisions about personal information overseas transfer under the Personal Information Protection Act and Information and Communications Network Act
Advised the Korea Internet & Security Agency on the key issues of the GDPR and legal review thereon
Advised the Ministry of the Interior and Safety on the forum to discuss enactment of the Video Information Protection Act
Advised PyeongChang 2018 Olympic Winter Games Information Protection Expert Committee on personal information protection
Advised a global IT company on on-site inspections of personal information and compliance (inspected 16 countries, including EU)
Advised a conglomerate's subsidiary on the establishment of a compliance system
Advised a global IT company on fair trade and trade secret matters and on-site inspection
Advised on e-commerce matters
Advised a foreign company on privacy compliance in Korea
Advised on a global large company on worldwide privacy compliance in relation to IoT and online services
Acting as an agent for a global IT company
Advised on the enactment and amendment of privacy-related laws
Education
2022
Duke University School of Law (LL.M.)
2016
Korea University School of Cybersecurity (Completion of Ph.D. Coursework)
2012
Kyungpook National University Law School (J.D., summa cum laude)
2004
Korea University (LL.B.)
Selected Activities
Publications
A Study on Transfer of Personal Information in Preparation for Intelligent Information Society (Co-author, National Information Society Agency, 2020)
Study on the Improvement of the Leal System involving the Construction of Data & AI based Smart Cities (Co-authored, National Information Society Agency, 2020)
A Study on the Movement of Personal Information in Preparation for the Intelligent Information Society (Co-author, National Information Society Agency, 2020)
Commentary on Personal Information Protection Act (Co-author, Personal Information Protection Commission, 2020)
Data-related Legal System, Data Industry White Paper Vol. 22 (Co-author, Korea Data Agency, 2019)
Analysis of the Recent Trend on Profiling Technology and Study on Privacy Policy Direction (Co-author, Korea Internet & Security Agency, 2018)
EU General Data Protection Regulation (GDPR) Guidebook for Korean Enterprises (co-authored by the Ministry of Public Administration and Security/Korea Communications Commission, Korea Internet & Security Agency, 2018)
EU General Data Protection Regulation (GDPR) Guidebook for Korean Enterprises (co-authored by the Ministry of Public Administration and Security Korea Internet & Security Agency, 2017)
The First EU General Data Protection Regulation (GDPR) Guideline for Korean Enterprises (co-authored by the Ministry of Public Administration and Security Korea Internet & Security Agency, 2017)
Activity
Lecturer, GDPR and its Countermeasures, EU/US IoT Guidelines, Big Data and Personal Information Processing, Privacy Act, and Information and Communications Network Act (Personal Information Protection Commission, National Information Society Agency, Korea International Trade Association, Korea Trade-Investment Promotion Agency, Korea Federation of Small and Medium Business, Korea Association of Game Industry, etc.)
Awards
Presidential Citation for Outstanding Contribution to Data Privacy (2023)
Citation for Outstanding Contribution to Data Privacy (Chair of the Personal Information Protection Committee, 2021)
Citation for Outstanding Contribution to Data Privacy (Commissioner of the National Information Society Agency, 2020)
Citation for Outstanding Contribution to Data Privacy (Chair of the Korea Communications Commission, 2017)
Citation for Outstanding Contribution to Data Privacy (Minister of the Interior, 2015)
Qualifications
2019
Personal information & Information Security Management System Auditor (ISMS-P)
2017
Certified Information Privacy Professional (CIPP/E)
2015
Information Security Management System Auditor (ISO 27001)
2015
Privacy Impact Assessment Expert, Korea Internet & Security Agency (PIA)
2012
Korea
