|
|
|
|
|
|
|
Newsletter | August 2015, Issue 2
|
|
|
|
|
|
|
|
|
|
|
Technology, Media & Telecommunications
|
|
|
|
|
Supreme Court renders judgment in data breach lawsuit against online shopping site
|
|
|
|
In early 2008, Auction, an online shopping site owned by eBay, suffered a hacking incident by a hacker. This incident resulted in the leakage of user IDs and personal information. In April 2008, over 140,000 plaintiffs filed a collective action lawsuit in Korea against eBay for damages from the incident. This lawsuit was not only Korea’s first ever case filed against an online service provider by alleged victims of personal information leak after a hacking incident, but also the largest collective action ever filed in Korea.
|
|
|
|
After vigorous arguments by both sides on Auction’s alleged liability, and thorough investigations by the courts, both the trial and intermediate appellate courts ruled in favor of the defendants. On February 12, 2015, on appeal, the Supreme Court rendered its judgment, affirming the lower courts’ rulings, and found that Auction was not liable.
|
|
|
|
Specifically, both the Seoul Central District Court and the Seoul High Courts found that “In consideration of Auction’s security measures, the state of hacking prevention technology development, and means of hacking at the time of the incident, etc., Auction had exhausted all technical protection measures, making it difficult to find negligence.” The Supreme Court affirmed, stating that "Auction did not violate the requirement to institute certain measures as required by the prior Network Act or measures necessary to secure safety as required by online service contracts.”
|
|
|
|
The Supreme Court’s ruling is significant as it shows that companies whose customers’ personal information becomes leaked may nonetheless be protected from liability if companies are found to have taken sufficient security measures before the incident.
|
|
|
|
Kim & Chang advised eBay from the outset of the incident, assisting in the reporting of the incident to the relevant agencies and providing notice to the users, as well as advising on how to effectively manage the fallout from the incident. Furthermore, by persuasively arguing against the availability of civil damages under the Network Act and clearly explaining Auction’s technical security measures, we were able to successfully defend Auction in this “bet-the-company” case.
|
|
|
|
|
|
Back to Main Page
|
|
|
|
|
|
For more information, please visit our website:
|
|
|
|
|
|
|
|