The Personal Information Protection Commission has been promoting the adoption of co-regulation to replace/improve the existing self-regulation programs since 2022. While the Commission's co-regulation framework has received positive feedback for its contribution to address the regulatory issues, it has also faced criticism for being seen as “co-regulation in appearance only without any real differentiation from existing self-regulation”. This study aims to examine the case of industry-specific co-regulation proposed by the Personal Information Protection Commission, with the objectives of 1) determining whether their approach can be categorized as a type of co-regulation with differentiation from the existing self-regulation programs, and 2) proposing improvements for successful regulation. The ‘co-regulation’ of the Commission can be classified as a form of co-regulation that differs with traditional self-regulation, as it involves government and private organizations collaborating to establish self regulatory codes reflecting industry-specific characteristics as well as provides interest groups with incentives to comply with the codes. The co-regulation framework is evaluated to some extent as successful, but there is still room for improvement in three major aspects. (1) When selecting the areas for co-regulation, a focus should be placed on areas where technological changes are rapid, and government regulations should be applied in areas where they are not. (2) It is necessary to enhance the expertise of regulatory agencies, and (3) ensuring the democratic nature of regulation, such as encouraging the participation of civil organizations, is necessary.