South Korea has eliminated a significant barrier to the usage of the FIDO protocol for passwordless authentication by confirming that it falls outside the scope of a requirement for user consent to process biometrics.
Members of the FIDO Alliance Korea Working Group (FKWG) submitted an official inquiry to the Korea Personal Information Protection Commission (KPIPC), which has responded by stating that the consent rules do not apply to biometric processes performed entirely on user-controlled devices. Since biometric data is not collected, stored or processed by the organization requesting FIDO authentication, the process does not qualify as processing personal information under the Personal Information Protection Act.
