South Korea: Privacy and Data Protection-related Laws

The legal framework of privacy in South Korea consists of:

  • The Personal Information Protection Act (PIPA), as the overarching law accompanied by various industry-specific laws, including the following key legislation:

  • The Act on Promotion of Information and Communications Network Utilization and Information Protection (“IT Network Act”, which generally regulates the processing of personal information collected online

  • The Act on the Protection, Use etc. of Location Information, which regulates the location information of things and natural persons

  • The Use and Protection of Credit Information Act (‘UPCIA’) which regulates the use and disclosure of Personal Credit Information, defined as credit information which is necessary to determine the credit rating, credit transaction capacity, etc. of an individual person. The UPCIA primarily applies to Credit Information Providers/Users, defined under Article 2.7

  • The Act on Real Name Financial Transactions and Guarantee of Secrecy (‘ARNFTGS’) which applies to information obtained by financial or financial services institutions.

  • The Electronic Financial Transactions Act. The Act is to establish the rights and liabilities of consumers and other participants in the electronic financial transactions thereby to ensure their safety and reliability. Under the Act, the electronic financial transactions mean the transactions in which financial institutions and electronic financial service providers provide financial products and services by means of electronic devices, and consumers can process such transactions in an automatic manner without face-to-face relationship or communications with the personnel of such financial institutions and electronic financial service providers.

  • The Act of the Development of Cloud Computing and Protection of Its Users (Cloud Computing Act). Processing of personal information in the cloud is permitted.However, as this legislation is aimed at protecting cloud service users by regulating cloud service providers, a data handler, who is itself a cloud service user, is not subject to any specific regulations of the Cloud Computing Act. Thus, data processing in the cloud is subject to the basic principles of data protection, specifically in terms of the notice and consent process.

  • The Digital Signature Act. Defines principles of authentification and verification of electronic documents and transactions.

Regulatory authorities:

  • Personal Information Protection Commission (“PIPC”, Article 7 of the PIPA)

  • Ministry of the Interior and Safety (“MOIS”) Article 61-67 of the PIPA

  • Korea Communications Commission (“KCC” Article 3, 63, 63 of the IT Network Act)

  • Financial Services Comission (“FSC”), Articles 45-48 of the Enforcement Rules for the Use and Protection of Credit Information Act

  • Korea Internet & Security Agency (KISA)

MOI and PIPC are responsible for the affairs concerning general data protection issues KCC is responsible for the affairs between online services providers and users under IT Network Act. FSC is responsible for the affairs relating to financial services under the Credit Information Act.

All cryptocurrency investors need to establish an account under their legal name at one of six banks rather than anonymous cryptocurrency accounts to trade on a domestic cryptocurrency exchange. The so-called real-name system is part of efforts to establish measures similar to the Know Your Customer (KYC) verification system in the U.S. The Korea Blockchain Association’s member exchanges had already self-imposed an ID verification system for users who create new accounts as of Jan. 1, but this will be replaced by the government’s regulation.

Cryptocurrency exchanges will be required to share users’ transaction data with banks, and regulators will monitor whether banks halt anonymous transactions if exchanges refuse to provide that information.


Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus