Writing about the situation in South Korea, Wonil Kim, Kwang-Wook Lee, Sang-Hyun Ahn and Bo Keun Cho of Yoon & Yang, LLC write, in part:
Under the existing framework of privacy and personal data protection, the processing (including collecting, using or transferring) of identifiable personal data is regulated by the Personal Information Protection Act (“PIPA”) and the Promotion of Information and Communications Network Utilization and Information Protection Act (“Communications Network Act”). The collecting and using of location data is controlled by the Protection and Use of Location Information Act (“Location Information Act”). However, it is not clear whether the scopes of the terms “personal data processor,” “telecommunications service provider,” and “location information business operator,” which are, respectively, subject to the regulations of the PIPA, the Communications Network Act and the Location Information Act, may cover drone operators. In particular, it would be difficult to trace the owners or pilots of small drones even if they invade privacy or violate personal data.
[…]
As attempts to address potential loopholes of the existing legal framework, it is being considered to expand the definition of “image information processing devices” under the PIPA to include drones; to specify drone operators’ personal data protection obligations in the Aviation Act; and to explicitly impose personal data protection obligations on drone operators and manufacturers.
Read more on Lexology.