INSIGHTS
-
Newsletters VIEW MORENewslettersKim & Chang Legal Newsletter (2020 Issue 1) This issue includes: Discussions on Interest Rate Benchmark Reforms Amendments to Improve Shareholder Meetings and Management Transparency Introduced Korean Patent Act Amended to Add Online Transmission of Software to Patent Infringement Proposed Amendments to the Enforcement Decree of the Capital Markets Act Expected to Heighten Requirements for Qualified Investors 2020 Tax Law Amendments Released Significant Increase in Penalties for Environmental Offenses and Expansion of Environmental Investigators’ Roles Enforcement of the Air Quality Control Act and Limits on Emissions Enhanced Penalties for Illegal Wastewater Discharge Amendment to the Subcontracting Act Requires Increase in Subcontract Price or Otherwise Grants Subcontractors’ Rights to Request Subcontract Price Adjustment in Case of Extended Construction Period or Delayed Delivery First Case of KFTC Imposing Sanctions Against Instagram Influencer Advertisements Key Changes to Employment and Labor Laws in 2020 Updated MOEL Guidelines on Illegal Dispatch Latest Policy Trends on AI Issues Report on the Second Internet Cooperation and Development Committee Released FSC’s Final Plan to Strengthen Protection of Investors in High-Risk Investments Recent Discussions on Streamlining Time, Effort and Costs in International Dispute Resolution Amendment to Insurance Business Supervisory Regulations: Reducing Regulatory Burden and Improving Sales Commission Practice Supreme Court Declines to Permit Retrial Regarding a Patent Claim Corrected After Close of Intermediate Appeal Proceedings Kim & Chang Legal Newsletter (2020 Issue 1)2020.03.23
-
Newsletters VIEW MORENewsletters[FAQ] Amended Personal Information Protection Act 1. What is the background behind amending the Personal Information Protection Act (the “PIPA”)? With the arrival of the Fourth Industrial Revolution, promoting new industries has become a nationwide project. Consequently, using emerging technologies such as artificial intelligence ("AI"), cloud computing, and Internet of things ("IoT") to collect and process data has become a necessity and so has the need to establish social standards for it. However, the current regulations have limitations (e.g., ambiguity in the definition of "personal information"), and the enforcement of data protection laws has been dispersed among multiple regulatory bodies, calling for a systematic overhaul of the laws. As a result, the PIPA has been amended to strengthen its purpose of protecting personal information, while enhancing the competence of the data protection regime as it applies to the related industries. 2. What are the key aspects of the amendments to the PIPA? (1) Clarify the conceptual framework of personal information by clearly establishing the definition of pseudonymized and anonymized information; (2) Centralize the regulatory and enforcement authority at the Personal Information Protection Commission (the “PIPC”) and transfer the data protection functions of the Ministry of Interior and Safety (the “MOIS”) and the Korea Communications Commission (the “KCC”) to the PIPC; and (3) Move the provisions under the Act on the Promotion of Information Network and Information Protection (the “Network Act”) concerning personal information protection to the PIPA. 3. When do the amendments come into force and when will the amendments to the subordinate regulations (e.g. the enforcement decree) be enacted? The amendments to the PIPA will come into force on August 5, 2020. Regulatory bodies currently in charge of data protection and privacy laws (the MOIS, the KCC and the Financial Services Commission) announced on January 21, 2020 that they will prepare (i) the Enforcement Decree for the amended laws by February 2020, (ii) amended administrative rules by March 2020, and (iii) revised sectoral guidelines and the commentary guidelines. However, there has been some delay in announcing the Enforcement Decree amendment. 4. What are pseudonymized information and anonymized information? Pseudonymized information is a type of personal information, which has been processed such that the information can no longer identify an individual without using or combining it with additional information to restore it to its original state (Article 2 (1) (c) of the amended PIPA). Pseudonymization refers to processing personal information by means of partial deletion or partial or total substitution such that the information becomes unidentifiable without using additional information (Article 2 (1-2) of the amended PIPA). Anonymized information is information that cannot identify an individual even when it is combined with other information, in reasonable consideration of the required time, cost, and technology for such combination. The PIPA does not apply to anonymized information (Article 58-2 of the amended PIPA). 5. How can one utilize pseudonymized information? Data controllers can process pseudonymized information without the data subject’s consent for purposes, such as statistics preparation, scientific research, preservation of public records, etc. (Article 28-2 (1) of the amended PIPA). 6. Do regulations on personal information protection apply to pseudonymized information? Article 28-7 of the amended PIPA lists provisions that do not apply to pseudonymized information: Disclosure of information, such as the source of personal information collected from sources other than the data subject (Article 20 of the amended PIPA) Destruction of personal information (Article 21 of the amended PIPA) Restrictions on transfer of personal information due to business transfer or similar (Article 27 of the amended PIPA) Notification of personal information leakage to the affected data subjects (Article 34 (1) of the amended PIPA) Data subject’s rights: access, revision/deletion, suspension of processing (Articles 35 through 37 of the amended PIPA) Special provisions that apply to online service providers (Articles 39-3, 39-4, 39-6, 39-7 and 39-8 of the amended PIPA) The following are some of the articles which are not included in the list of provisions that have been explicitly excluded from application under Article 28-7 of the amended PIPA: Requirements for delegation of personal information processing (Article 26 of the amended PIPA) Establishment and disclosure of privacy policy (Article 30 of the amended PIPA) Reporting of personal information leakage to the regulatory authority (Article 34 (3) of the amended PIPA) Protection of personal information transferred overseas under the special provision that applies to online service providers (Article 39-12 of the amended PIPA) 7. What should be considered when processing pseudonymized information? When providing pseudonymized information to a third party, it cannot be accompanied by any other information that can be used to identify an individual (Article 28-2, Paragraph 2 of the amended PIPA). Furthermore, no one may process pseudonymized information for the purpose of identifying an individual (Article 28-5 (1) of the PIPA). If information that can be used to identify an individual has been created in the course of processing pseudonymized information, the processing of such information must be suspended immediately, and the information must be retrieved and destroyed without delay (Article 28-5 (2) of the PIPA). Additionally, implementing technical, managerial, and physical protective measures (such as separated storage and management) to the additional information which can be used to restore the information to its original state is necessary to prevent loss, theft, leakage, falsification, alteration or damage of the information (Article 28-4 (1) of the amended PIPA). Combining pseudonymized information in possession of different data controllers must be undertaken by a specialized agency designated by the PIPC or the relevant central administrative agency (Article 28-3 (1) of the amended PIPA). 8. May personal information be used/provided for purposes other than the original purpose of collection without the data subject’s consent? A data controller may be permitted to use or provide personal information without the data subject’s consent, if such use or provision is within the scope which is reasonably related to the original purpose of collection, as long as the conditions prescribed in the Enforcement Decree of the amended PIPA (e.g., whether there is any disadvantage to the data subject, whether necessary security measures, such as encryption, have been taken) are met (Article 15 (3) and Article 17 (4) of the amended PIPA). 9. Which regulations on personal information protection apply to online service users? As the provisions on personal information protection under Chapter 4 of the Network Act have been transferred to Chapter 6 (“Special provision regarding processing of personal information by online service providers”) of the amended PIPA, the amended PIPA will also regulate the protection of online service users’ personal information. Since the provisions that were previously in the Network Act have been either deleted or modified (e.g., provision relating to the delegation of processing personal information under the Network Act has been deleted; provision that allowed overseas storage and delegation of personal information processing without the user’s consent only “if necessary for fulfilling the contract for providing online service and for enhancing the user’s convenience” has been deleted), it is important to accurately understand the amended provisions. 10. What sanctions can be imposed for violating the amended PIPA? A person who violates the amended PIPA will be subject to the following sanctions: Providing pseudonymized information to a third party accompanied by information that can be used to identify a specific individual: imprisonment for up to five years or criminal fine of up to KRW 50 million Processing pseudonymized information for the purpose of identifying an individual: (i) imprisonment for up to five years or criminal fine of up to KRW 50 million; (ii) administrative fine of up to 3% of the total sales revenue Processing pseudonymized information or providing pseudonymized information to a third party in a way that violates the regulations on combination of pseudonymized information, or receiving pseudonymized information for the purpose of profit or fraud, while knowing that the provided information violates the regulation regarding combination of pseudonymized information: imprisonment for up to five years or criminal fine of up to KRW 50 million Failure to implement proper security measures when processing pseudonymized information that leads to loss, theft, leakage, falsification, alteration or damage of the information: imprisonment for up to two years or criminal fine of up to KRW 20 million Failure to immediately suspend the processing of pseudonymized information or retrieve and destroy the pseudonymized information without delay when information that can be used to identify an individual has been produced through pseudonymization: administrative fine of up to KRW 30 million Failure to prepare and store records of processing pseudonymized information: administrative fine of up to KRW 10 million2020.03.31
-
Newsletters VIEW MORENewslettersProposed Amendment to the Insurance Business Supervisory Regulations to Introduce Coinsurance In preparation for the enforcement of IFRS 17 and the new K-ICS in 2022, the Financial Services Commission (“FSC”) plans to amend the Insurance Business Supervisory Regulations (“IBSR”) to allow insurers to use coinsurance for the restructuring of insurance liabilities. Coinsurance is a type of reinsurance contract under which savings premiums as well as risk premiums are ceded, thereby transferring not only insurance risk but also interest rate risk, to reinsurers. Below is a summary of the key changes included in the proposed amendment to the IBSR. 1. Standard for Accumulation of Premiums for Reinsurers The reinsurer in a coinsurance contract shall reserve the amount notified by the ceding insurer which the ceding insurer has calculated in accordance with premium and policy reserve calculation method. 2. Reflection of Transferred Interest Rate Risk in Risk-Based Capital When interest rate risk is being transferred through a coinsurance contract, such risk shall be excluded from the calculation of interest rate risk of the ceding insurer. 3. Obligation to Report Coinsurance Insurers shall report the execution of coinsurance contracts to the Financial Supervisory Service within one (1) month from the date of execution. 4. Scope Permitted for Coinsurance The amendment only allows proportional coinsurance, a type of coinsurance whereby the ceding company and the reinsurer share risks and premiums on a proportional basis. 5. Accounting Standards A ceding insurer who pays an amount other than reinsurance premiums in excess of the policy reserves under a coinsurance contract shall record such excess as prepaid expenses and amortize such amount over the contract term. On the other hand, the reinsurer shall record the same amount as unearned revenue and amortize such amount over the contract term. A ceding insurer who pays an amount smaller than the policy reserves under a coinsurance contract shall record the difference as unearned revenue and amortize such amount over the contract term, while the reinsurer shall record the same as prepaid expenses and amortize the amount over the contract term. The FSC will be accepting opinions on the above amendment until March 17, after which the amendment will be finalized and come into force.2020.03.25
-
Newsletters VIEW MORENewslettersFSC Bans Short-Sales for Six Months On March 13, 2020, in an attempt to bring stability to the stock market hit by the outbreak of COVID-19, the Financial Services Commission (the "FSC") announced a six-month ban on short-selling of listed stocks and certain other listed products on the Korea Exchange (the "KRX"). The ban is effective from March 16, 2020 to September 15, 2020. The short sale ban will cover stocks, DRs, ETFs, ELWs, equity warrants, and beneficiary certificates that are listed on the KOSPI, KOSDAQ and KONEX markets of the KRX. Exceptions from the ban will be granted to market makers and liquidity providers. While naked short sales are strictly prohibited and covered short sales are permitted under the Financial Investment Services and Capital Markets Act, the FSC may impose restrictions on covered short sales if they are assessed to disturb market stability or discovery of fair price on the market. The FSC has previously banned short sales on two previous occasions in October 2008 and August 2011 amidst the global financial crisis. The FSC announced that it would review the market conditions at the end of the six month period and may consider further extending the short sale ban.2020.03.16
-
Newsletters VIEW MORENewslettersLaunching of the Advisory Committee by the PIPC The Personal Information Protection Commission (the "PIPC") recently launched the "Advisory Committee on Institutional Innovation of Personal Information Protection" (the "Advisory Committee"). The Advisory Committee will assume general advisory functions with respect to the business innovations and key policy issues of the consolidated PIPC, the successor agency to the Korea Communications Commission and the Ministry of the Interior and Safety as of August 5, 2020. The Advisory Committee will have six subgroups ((i) business and institutional innovations; (ii) law and regulations improvement; (iii) response to IT and new technologies; (iv) de-identification; (v) international cooperation; and (vi) communications and PR) comprised of approximately 60 experts. Each subgroup will have roughly ten specialists from academia, legal profession, industrial circles and NGOs. Notably, the subgroup for "law and regulations improvement" (led by Prof. In-ho Lee, Chung-Ang Univ.) will advise on the legislation and improvements of laws and regulations subordinate to the Personal Information Protection Act (the "PIPA"), in accordance with its recent amendments. The subgroup will also spearhead efforts on any new amendments to the laws, regulations and guidelines as needed. Meanwhile, the subgroup for "de-identification" (led by Prof. Haksoo Ko, Seoul National Univ.) will advise on the standards and processes related to de-identification and data combination, as well as designations of specialized data combination institutions. The two subgroups are expected to advance in-depth discussions on pseudonymized data, the biggest issue with respect to the amended PIPA. Discussions are also expected to include ways to improve the PIPA and guidelines including, but not limited to, the consolidation of the special provisions relating to online service providers with the pre-existing PIPA provisions. Furthermore, the subgroup for "business and institutional innovations" (led by Prof. Sang-Yong Yi, Konkuk Univ.) will advise on personal data-related business innovations, ways to induce self-regulation, and prevention and countermeasures against large-scale personal data infringement emergencies; the subgroup for "response to IT and new technologies" (led by Prof. Souhwan Jung, Soongsil Univ.) will advise on personal data issues related to new technologies and response measures thereto; the subgroup for "international cooperation" (led by Prof. Heung-youl Youm, Soonchunhyang Univ.) will consult on issues related to overseas data transfer systems and digital trade rules and other international issues; and the subgroup for "communications and PR" (led by Prof. Minjung Sung, Chung-Ang Univ.) will consult on ways to promote the PIPC and communications in general. Each subgroup of the Advisory Committee will hold one or more consultations every month and provide full-time consulting (online consulting and written proposals). While the Advisory Committee's term ends on the day before the enforcement of the amended PIPA (August 4, 2020), the mid- and long-term tasks resulting from the committee's work are expected to be continuously improved upon and appropriately reflected in the policies of the consolidated PIPC.2020.03.11
김·장 홍보
-
Top Ranking in All Nine Practice Areas
Kim & Chang was again the only Korean firm to secure “Band 1” ranking in all nine practice areas surveyed for Korea in Chambers Global 2020.
VIEW MORE -
Winner of “Korea Law Firm of the Year” for Seventh Consecutive Year
At the ALB Korea Law Awards 2019 on November 15, 2019, Kim & Chang won “Korea Law Firm of the Year” for the seventh year in a row.
VIEW MORE -
Only Korean Firm Among the World’s Top 100 Law Firms
According to The American Lawyer’s “The Global 100,” Kim & Chang ranked among the world’s top 100 law firms for the sixth year in a row.
VIEW MORE