In March 2016 Korea made amendments to its Act on the Promotion of Information & Communications Network Utilization and Information Protection (“Act”). The purpose of the Act is to both facilitate the utilization of information and communications networks and regulate for the protection of personal information including that of users of online service providers. “Online service provider” includes any commercial website operator or telecommunications service provider; and “user” is defined as any person that uses the information and communications services of an online service provider.
The Act covers the collection, storage, use, processing, provision, destruction and similar disposition of personal information. The Act applies to Korean online service provider companies and, though the Act does not specify, may apply to foreign companies.
In determining whether the Act will apply in the case of a foreign website operator, the Korea Communications Commission (KCC) would likely consider factors including the location of the website’s server, whether the website is written in the Korean language or uses a Korean domain, or whether the operator conducts promotional activities in Korea. In January 2014, the KCC fined multinational corporation Google 212 million Korean won (approximately US$200,000) for collecting Korean users’ personal information without properly obtaining their consent. This was the first time that the KCC had imposed an administrative sanction against a foreign corporation for violation of Korean personal information protection law.
The amendments, which will take effect on 23 September 2016, further enhance accountability for data protection as well as increase sanctions for data breach or unauthorised transfer of personal data. Sanctions will be increased to three times the actual damage suffered by customers in the event of a data breach; and in the event that a company does not obtain the necessary prior consent for transfer of personal information abroad, a statutory fine of up to 3% of revenue generated from its use will be imposed – up from 1%. Criminal sanction may, also, be imposed.
In light of the stringent penalties soon to come into effect, it would be advisable for online service providers both in Korea, and with a connection to Korea, to exercise particular vigilance in their data protection compliance practices.
___
Sean Hayes may be contacted at: SeanHayes@ipglegal.com. Sean is co-chair of the Korea Practice Team at IPG Legal. He is the first non-Korean attorney to have worked for the Korean court system (Constitutional Court of Korea) and one of the first non-Koreans to be a regular member of a Korean law faculty. Sean is ranked, for Korea, as one of only two non-Korean lawyers as a Top Attorney by AsiaLaw. Sean is known for his proactive New York-style street-market advice and his aggressive and non-conflicted advocacy. Sean works with some of the leading retired judges, prosecutors and former government officials working in Korea.
Sean’s profile may be found at: Sean C. Hayes
Similar Posts:
- Korea Increases Penalties For Data Breach and Unauthorized Transfer of Data: Korea Communications Commission
- Korea’s Data Privacy and Data Protection Law
- Korea prepares itself for Big Data-driven 4th Industrial Revolution: Korean Data Protection Laws Revised
- Korean Data Privacy: Korean National Assembly passes the Second Major Amendment to the Personal Information Protection Act of Korea
- Korean Data Privacy Act: Need for Compliance Audit for your Korean Company
- Data Protection in Korea is set to take on new importance in 2021
- Korea Strengthens Data Protection Law
- Privacy Policy
- Google Korea Faces New Lawsuit over Data-sharing Concerns: New Technology Company Challenges in Korea
- Korea Increases the List of Serious Crimes in the Act on Regulation and Punishment of Criminal Proceeds Concealment
You must log in to post a comment.