The Personal Information Protection Commission on Tuesday held a meeting at the Korea Press Center in Seoul with major domestic and foreign generative artificial intelligence (AI) companies and experts to discuss improving privacy policies for the sector.

The meeting was organised to strengthen transparency in personal data processing and discuss directions for improving reasonable privacy policies, as generative AI services expand.

The "privacy policy evaluation" is a system designed to improve transparency and accountability by assessing privacy policies that personal data controllers have established and disclosed. It has been conducted since 2024 for representative services that use new technologies such as AI and autonomous driving, or that process large volumes of sensitive information and personal data.

In the 2024 evaluation, first conducted across seven sectors, the overall average score was 57.9. After actively strengthening explanations and guidance through steps such as distributing the 2025 evaluation manual, holding briefings on revised writing guidelines and evaluation indicators, and company meetings, the overall average score across the seven sectors rose to 71 in 2025.

In the generative AI sector, however, overall adequacy, readability and accessibility were found to be relatively weak. Some services described the "items of personal data processed" in broad terms, did not specify the "legal basis for processing", or expressed the "retention and use period" vaguely.

The commission also identified cases in which services provided personal data to third parties but used abstract terms such as "partners" and "service providers" without clearly specifying the recipient. It also found cases in which services explained how data subjects can exercise their rights only in English, or delayed handling privacy-related complaints. Some mobile apps were assessed as needing improvement on accessibility because they required users to log in or go through multiple steps to check the privacy policy. The commission also identified cases in which translated-sounding sentences and long descriptive passages made it difficult for data subjects to understand.

The commission said it discussed steps at the meeting to help generative AI companies write privacy policies that are more specific and easier for users to understand. It said the meeting shared the 2025 evaluation results and implications and discussed practical tasks focused on how to describe the processing and training use of prompt input data, clarifying the legal basis for processing, consistency with global policies and improving the effectiveness of procedures for users to exercise their rights.

Participating companies explained that processing structures are complex due to the technical characteristics of generative AI and that it is difficult to coordinate with global headquarters policies. They agreed there is a need for clearer and easier-to-understand explanations to secure user trust, the commission said.

There were also comments that companies would move to increase specificity so users can understand more intuitively whether input data are used for training, the retention period and opt-out procedures.

Chairperson Kyung-hee Song (송경희) said trust in AI can rise when users can easily know how their information is used. She said the commission will continue communicating with companies and establish reasonable, on-the-ground standards to create a responsible AI environment. The commission said it plans to supplement its privacy-policy writing guidelines to help generative AI companies draft privacy policies more clearly, based on the meeting discussions.