South Korea approves AI assistant with strict privacy rules as Europe delays AI laws
Even as Europe wrestles with AI regulation, South Korea has approved an AI assistant from Naver that can use years of user activity to personalize its responses, as long as the company follows a strict set of privacy rules.

AI chatroom wrapped in chains. Image by Cybernews.
Even as Europe wrestles with AI regulation, South Korea has approved an AI assistant from Naver that can use years of user activity to personalize its responses, as long as the company follows a strict set of privacy rules.
- South Korea has approved Naver’s personalised AI assistant under strict privacy conditions.
- The system can use extensive user data but must allow opt-outs and avoid sensitive information.
- Europe is still debating and delaying parts of its AI rules amid concerns over innovation and enforcement.
- The contrasting approaches highlight a split between hands-on regulation in Asia and slower policy-making in the EU.
South Korea's Personal Information Protection Commission recently approved a new AI-powered search service from Naver, which is often described as the country's Google. The decision, however, comes with strict privacy conditions and offers a glimpse into how regulators might govern AI assistants, which increasingly rely on personal data to deliver tailored responses.
Naver's AI Tab generates conversational answers and summaries. To personalize those responses, Naver plans to draw on a broad range of user activity across its ecosystem, including search history, shopping behavior, blog activity, and interactions within its online communities.
Rather than blocking the practice, regulators have chosen to establish conditions. The commission said users must be able to opt out of personalization through clear and understandable controls. Naver must also disclose what categories of personal information the service uses and implement safeguards to prevent misuse or data leaks.
The regulator further prohibited the system from inferring or using sensitive information such as political views, religious beliefs, labor union membership, health information, or details related to a user's sex life. Financial information and unique identifiers such as account numbers and credit card details must also remain excluded from AI-generated responses.
A different approach
The Korean decision comes as Europe continues to grapple with broader questions about AI oversight.
European policymakers recently agreed to ease parts of the bloc's AI rulebook by delaying compliance deadlines for certain high-risk systems until 2027, responding to fears that such regulation could hamper innovation.
The move has fueled debate over whether Europe risks weakening the world's most ambitious AI governance framework before it is fully implemented.
At the same time, questions remain about whether existing rules are even enforceable in practice.
Recent research found that leading AI assistants routinely violate requirements under the General Data Protection Regulation (GDPR) and the EU AI Act when confronted with realistic user scenarios. In some cases, researchers found that AI assistants violated GDPR or AI Act requirements in up to 90% of tested scenarios, underscoring the challenge of translating regulatory principles into actual AI behavior.
Researchers have also raised concerns that many AI companies continue to advocate for responsible AI while becoming less transparent about training data, computing resources, and the societal impact of their systems. The findings suggest a widening gap between public commitments and industry practices as competition in the AI sector intensifies.
Against this backdrop, South Korea's latest decision offers a different model. Instead of focusing on sweeping restrictions or future compliance deadlines, regulators examined a specific AI service and established operational rules around consent, transparency, and data protection.
Whether that approach proves effective remains to be seen.
Unlock more exclusive Cybernews content on YouTube.