Amidst the rapidly changing business landscape due to the COVID-19 pandemic, there has been a significant increase in “contactless” purchases, and, as a result, businesses are starting to diversify their business through online/mobile stores.  Set forth below are some of the key legal issues to consider when operating online/mobile stores (e-business) for existing businesses.  

Considerations When Launching an Online/Mobile Store 

Deciding the operator and model for the store (onshore model vs. offshore model) 

An offshore business operator that wishes to sell products to customers in Korea through an online/mobile store may choose between the two models depending on the entity operating the store: (i) an onshore model where the operator is a subsidiary located in Korea and (ii) an offshore model where the operator is an offshore entity.  The two models differ not only in terms of delivery, return, refund and other customer services but also in terms of the applicability/enforceability of the Korean law, the party responsible for handling import declaration procedures, product pricing, tax imposition and other legal issues.  Therefore, the two models should be considered prior to launching an online/mobile store targeted at consumers in Korea. 

Considerations for licensing and compliance with Korean law 

• Whether to report as an online retail business or a value-added service provider and the party responsible for obtaining the relevant license. 
• Whether the license for issuance and operation of a prepaid electronic payment means must be obtained for point systems. 
• Compliance with relevant regulations when using payment gateway (“PG”), escrow services, etc. 
• Compliance with relevant regulations for payment and settlement (especially when using the offshore model). 
• Compliance with relevant regulations for the terms of use and privacy policy; review of procedures for obtaining consent to collect and use user information.  
• Review of the user interface of the website/mobile screen to check compliance with the disclosure/posting requirements.  
• Relationship with existing online/offline retail vendors (under the Fair Trade Law and the Civil Code). 
• Matters related to the business model that links online and offline stores. 

Considerations When Operating Online/Mobile Stores and Expanding Services 

Monitoring compliance under the E-Commerce Act 

Pursuant to the E-Commerce Act, the initial landing page, product description page and order/check-
out/order confirmation page must include all disclosure and notification items required for each step of transaction.  Please note that the Korea Fair Trade Commission has been actively investigating violations of the disclosure and notification requirements.  Accordingly, compliance with the following rules must be checked as they often arise as important issues during investigations. 

• Compliance with the notification requirements concerning the information on the store operator and seller, product description, and transaction terms and conditions (especially the information regarding return, refund and conditions/effect of contract termination); compliance with the obligation to provide a written contract. 
• Guarantee of customers’ right to cancel orders (the period and scope of cancellation may vary depending on the type and nature of the product). 
• No solicitation of consumers using exaggerated or deceitful means when providing information on products or discounts. 
• No interference with cancellation of order or contract termination. 

Compliance with legal requirements for payment methods 

• Compliance with requirements for payment and settlement methods under the Electronic Financial Transactions Act, the Specialized Credit Financial Business Act, and the Foreign Exchange Transactions Act (where the seller and the operator are different entities or an offshore entity is involved, a closer analysis must be conducted on issues including whether the electronic financial business license or foreign exchange business license is required). 
• For third-party payment services (e.g., PGs, escrow services, carrier billing, etc.), whether the third party is a licensed service provider, and its compliance with relevant regulations. 
• For points and other reimbursements, whether a prepaid electronic payment means license is required. 

Compliance with privacy and data security regulations 

In general, the following regulatory issues may arise when collecting/using personal data, providing or delegating the processing of personal data collected to a third party, sending advertising information to customers, and managing data of inactive customers in the course of registering new online customers or providing information to customers. 

• Compliance with the disclosure and consent requirements for collection/use, provision and delegation of personal information (includes distinguishing mandatory consent items from optional consent items).
• Considerations for processing consumer behavioral data¹ and targeted online advertising. 
• Monitoring compliance with procedures to be followed when sending advertising information. 
• Disclosure of the personal data handling policy and terms of use. 
• Compliance with the requirement to segregate/store or destroy personal data of long-term inactive customers. 
• Whether the certification for the information security management system (ISMS) must be obtained, depending on the sales revenue and size of the user base. 
• Qualification requirements for the chief information security officer (CISO) and chief privacy officer (CPO) and designation/reporting of the CISO and CPO. 

Others 

• Grounds for purchase restrictions and refusal to deal (particularly against those suspected to be parallel importers). 
• Licensing requirements regarding the use of location information (e.g., searching stores nearby).