Skip Navigation
KO EN JP CN
Intellectual Property Careers
Menu
Intellectual Property Careers
Locations Contacts
Close
Search
Newsletters

KCC’s Review and Enforcement of App Access Rights and MSIT’s Survey on Value-Added Telecommunications Services

2024.10.14
Audio Print

Please see below our update on this year’s review and enforcement of app access rights by the Korea Communications Commission (“KCC”) and survey on value-added telecommunications services by the Ministry of Science and ICT (“MSIT”).
 

1.

KCC’s Annual Review and Enforcement of App Access Rights

Under Article 22-2 (1) of the Act on Promotion of Information and Communications Network Utilization and Information Protection (“Network Act”), telecommunication service providers who request rights to access stored data or installed functions on their users’ mobile devices (“Access Rights”) must obtain the users’ consent after providing information specified in the Network Act in clear, understandable language. Article 22-2 (2) of the Network Act further prohibits telecommunication service providers from refusing to provide services to users who did not consent to granting Access Rights that are not strictly necessary for providing those services.

The KCC, the competent authority responsible for the Network Act, conducts annual reviews of telecommunication service providers with mobile applications on their compliance with the Network Act. The KCC then issues official notices to telecommunication service providers found to be in non-compliance, advising them to take remedial actions. As of September, KCC has conducted about a thousand reviews during this calendar year, advising noncompliant providers of the needed corrections and requesting reports on the results of the remedial actions by October 18, 2024.

In view of the above, we advise companies to be prepared for KCC’s review by confirming their mobile applications’ compliance with the following requirements:

  • The application must distinguish between mandatory and optional Access Rights, and explain the differences between the two;

  • For optional Access Rights, the application must explain that users have the option of refusing consent;

  • The application must obtain users’ consent for mandatory Access Rights;

  • The application must allow users to continue using the application, even if the users refuse to grant consent for optional Access Rights; and

  • The Access Rights actually exercised by the application must be consistent with the Access Rights as explained to the user.
     

The KCC may issue corrective orders to those providers who fail to submit reports on the results of their remedial actions after receiving KCC’s official notices and advice. Subsequent failure to comply with the corrective order may result in fines of up to KRW 10 million, or in cases of violations of Article 22-2 (2) of the Network Act, fines of up to KRW 30 million. If a provider is found to have violated other provisions of the Network Act, the provider may receive corresponding corrective orders as well.

We also note that the KCC may be considering amendments to the above regulations of the Network Act and will provide further updates on any such developments.
 

2.

MSIT’s Annual Survey on Value-Added Telecommunications Services

Pursuant to Article 34-2 (1) of the Telecommunications Business Act (“TBA”), the MSIT has conducted and published the results of annual surveys on value-added telecommunications service providers (“VSPs”) since 2021. This year, the MSIT sent its survey notice and relevant documents to VSPs in early September, with the survey expected to take place from October to November. Notably, the MSIT is expected to conduct additional, in-depth surveys for food-delivery applications and businesses engaging in e-commerce.

This year’s survey respondents, contents, and methods are as follows:

  • Respondents: Businesses who have declared themselves, registered themselves, or are deemed to have effectively declared themselves as VSPs under TBA Article 22 (1), 22 (2), or 22 (4).

  • Contents: Businesses’ (i) general information, (ii) finances, (iii) human resources, (iv) R&D and technologies, (v) provided value-added telecommunications services, (vi) data protection and usage, (vii) competition over value-added telecommunications services, including market shares and mergers and acquisitions, and (viii) other areas that are deemed necessary by the head of the MSIT.

  • Survey method: The annual survey will be conducted in a single round of written surveys, interviews, statistical research, and research into existing literature. The respondents are notified in writing of the relevant details at least 30 days before the start of the survey.
     

As non-compliance with VSPs’ obligations under the TBA may be called into question during the survey, we recommend verifying in advance compliance with the following requirements for value-added telecommunications services:

  • Registration of the VSP (TBA Article 22 (1)): Any person operating a VSP must file a report with the head of the MSIT.

  • Registration of value-added telecommunications services that fall under special categories (e.g., “WebHard” (certain online storage service providers) and “corporate messaging” (third-party services used by businesses to send messages to individuals)) (TBA Article 22 (2)): Any person who intends to operate a value-added telecommunications business that falls under the special categories must register with the head of the MSIT.

  • Reporting of changes to value-added telecommunications services (TBA Articles 23, 24): A person who has declared or registered as a VSP must report to the head of the MSIT: any changes to matters prescribed by the Presidential Decree (e.g., trade name, name, address, representative, or types of service provided) or any sale/purchase or merger/acquisition of the business.

  • Reporting of value-added telecommunications service fees (TBA Article 22 (4)): Business that provide services that fall under TBA Article 2 (14) (B) (e.g., corporate messaging) must report related service fees to the head of the MSIT.

  • Reporting of confidential information related to communications and retention of relevant documents (TBA Articles 83 (5), 83 (6); Protection of Communications Secrets Act Articles 9 (2), 9 (3), 13 (7)): After providing confidential information related to communications to law enforcement agencies, the provider must (i) keep for a specified period the data request and a ledger tracking the provided information, (ii) report on a bi-annual basis the status of the provided confidential information to the head of the MSIT, and (iii) report on a bi-annual basis the ledger to the head of the central administrative agency of the relevant law enforcement agency (TBA Article 83 (7)).

 

[Korean Version]

Related Topics

#App Access Rights #Value-Added Telecommunications Services #KCC #Technology Media & Telecommunications #Legal Update

List

Share

Close

Professionals

CLose

Professionals

CLose