|
|
|
|
|
|
|
Newsletter | August 2014, Issue 3
|
|
|
|
|
|
|
|
|
|
|
TECHNOLOGY, MEDIA & TELECOMMUNICATIONS
|
|
|
|
|
Amendments Strengthen Korea’s Online Privacy Regulations
|
|
|
|
On May 2, 2014, the Korean National Assembly passed amendments to the Act on Promotion of Information and Telecommunications Network Utilization and Information Protection, Etc. (the “Network Act”) aimed at strengthening provisions related to the protection of personal information online. The amendments introduce material changes to the current data protection regime, and the notable changes are summarized below.
|
|
|
|
|
Subject
|
Amendments
|
|
Limits on the Collection and Delegation of Personal Information
|
| Collection of personal information by online service providers is limited to the extent necessary for providing the relevant online services. |
| User consent is not required for delegation of personal information processing only to the extent that such delegation is necessary for the performance of the underlying contract and for increasing user convenience and benefits. |
|
|
Notification and Reporting Requirements Following Leakage Incidents
|
| In the event of a data leakage incident, online service providers must notify users and file reports with designated authorities within 24 hours of becoming aware of the data leakage incident absent justifiable reasons. |
|
|
Deletion of Personal Information
|
| If personal data is required to be deleted, any such deletion must be irrevocable, without the possibility of recovery or reproduction, and a violation of this requirement is now subject to criminal sanctions. |
|
|
Statutory Damage Awards
|
| A user is now entitled to claim up to KRW 3 million (approximately USD 3,000) in damages if he/she can prove that an online service provider intentionally or negligently violated provisions of the Network Act concerning the protection of personal information, and his/her personal information was lost, stolen, and/or leaked as a result. |
| The burden of proof is shifted to the online service provider to show lack of bad intent or negligence with respect to such leakage. |
|
|
Designation of Chief Information Protection Officer (“CIO”)
|
| Designation of an executive-level, CIO is now mandatory for certain online service providers, and the designation must be reported to the Ministry of Science, ICT and Future Planning. |
|
|
Administrative Fine
|
| Administrative fine is increased from 1% of the relevant revenues to 3%, and the delegator of personal information processing can be fined for a vendor’s failure to comply with the Network Act’s requirements for protecting personal information. |
| As for the loss, theft, leakage, modification or damage of personal information, the upper limit of the administrative fine (KRW 100 million) is abolished. Further, a showing of causation between the failure to take proper technical/managerial protective measures and any loss, theft, leakage, modification or damage of personal information is no longer required. |
|
|
Spam Regulation
|
| Opt-in consent also required for email spam. |
| A recipient who provided his/her consent to receive spam must be periodically notified of this fact. |
|
|
|
|
The Ministry of Science, ICT and Future Planning and the Korea Communications Commission are currently preparing corresponding changes to related sub-regulations, and public debate and discussion on the specific meaning and application of the amended Network Act are ongoing. As the amended Network Act will become effective on November 29, 2014, it is necessary for businesses that process personal information to evaluate their practices to see if they are aligned with the amended Network Act and take appropriate measures to ensure full compliance.
|
|
|
|
|
|
Back to Main Page
|
|
|
|
|
|
If you have any questions regarding this article, please contact below:
|
|
|
|
|
|
|
|
For more information, please visit our website:
|
|
|
|
|
|
|
|