Privacy in South Korea: overview

A Q&A guide to privacy in South Korea.

The Q&A guide gives a high-level overview of privacy rules and principles, including what national laws regulate the right to respect for private and family life and freedom of expression; to whom the rules apply and what privacy rights are granted and imposed. It also covers the jurisdictional scope of the privacy law rules and the remedies available to redress infringement.

To compare answers across multiple jurisdictions, visit the Privacy Country Q&A tool.

This article is part of the global guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-guide.

Contents

Legislation

1. What national laws (if any) regulate the right to respect for private and family life and freedom of expression?

The Constitution of Korea (Constitution) protects the following rights from infringement:

  • Liberty and secrecy with respect to one's private life.

  • Freedom of residence.

  • Secrecy of communications.

  • Authority regarding an individual's personal information (that is, the right to decide the timing, scope, and identity of recipients with respect to the sharing and use of personal information).

  • Freedom of expression.

Under the Constitution, the following are only allowed under a warrant issued by a court in response to a request made by the prosecutor's office:

  • Arrest.

  • Prosecution.

  • Search and seizure.

The Criminal Procedure Act includes detailed regulations regarding issuing a warrant. The Act can also be viewed as a national law that regulates the right to respect for private and family life and freedom of expression.

In addition, the following statutes prohibit certain conduct that may constitute an infringement of the rights protected under the Constitution, and prescribe penalties for violations, including criminal liability:

  • The Criminal Code.

  • The Communications Secrecy Act.

  • The Personal Information Protection Act (PIPA).

  • The Act on the Promotion of IT Network Use and Information Protection (Network Act).

  • The Use and Protection of Location Information Act.

These statutes can be viewed as national laws that regulate the right to respect for private and family life and freedom of expression.

 
2. Who can commence proceedings to protect privacy?

In most cases, individuals can commence proceedings to protect privacy. For example, if an individual believes that his privacy was infringed by the conduct of an individual or entity, he can commence litigation and claim damages and/or request a court order to stop the infringing conduct. If the infringing conduct is prohibited by statute and therefore constitutes a crime, the individual can file a report with investigative authorities (such as the police).

If an individual believes that his fundamental rights were infringed by a particular legal provision or the exercising (or failure to exercise) of governmental authority, he can request the Constitutional Court to determine whether fundamental rights were infringed under administrative law. In addition, if the conduct constitutes a crime under applicable laws, investigative authorities (such as the police) can commence an investigation to protect privacy, either on its own initiative or following a report made by a third party who is aware of the conduct.

A national or public institution can also commence procedures to protect the privacy of Korean citizens by enacting or enforcing necessary policies, or beginning the process of amending a relevant regulation.

 
3. What privacy rights are granted and imposed?

The following privacy-related rights are expressly protected from infringement under the Constitution as fundamental rights:

  • Freedom of residence.

  • Liberty and secrecy with respect to an individual's private life.

  • Secrecy of communications.

The Constitutional Court has also interpreted the following as fundamental rights under the Constitution relating to privacy:

  • Authority over an individual's personal information (that is, the right to decide the timing, scope, and identity of recipients with respect to the sharing and use of personal information).

  • Freedom of expression.

In addition, the following statutes include provisions that protect privacy:

  • Criminal Code. The opening of a letter or document that is sealed (that is, protected from access through physical means, such as a locking device, or the installation of a password), and the use of technical means to access the contents of a letter, document, or electronic records that are sealed, are subject to criminal penalties.

  • Communications Secrecy Act. The following, among others, are subject to criminal penalties under the Act:

    • censoring of a letter or document without a warrant issued by a court;

    • wiretapping of telecommunications;

    • recording and/or listening to private communications.

  • Personal Information Protection Act ( PIPA) . The PIPA includes provisions on the data subjects' rights with respect to the access, correction, deletion, and suspension of processing of their personal information, as well as provisions on applicable penalties that apply to violations of the PIPA.

  • The Act on the Promotion of IT Network Use and Information Protection (Network Act) . The Network Act regulates the protection of personal information belonging to individuals who use telecommunications services. The Act includes provisions on the:

    • right to withdraw consent;

    • right to request access;

    • right to correct errors relating to the processing of a data subjects' personal information;

    • corresponding penalties for violations.

  • Use and Protection of Location Information Act. This law regulates the protection of location information of living individuals or moveable objects. The Act includes provisions:

    • on the right to withdraw consent;

    • on the right to request the cessation of collection, use and transfer of personal location information;

    • penalties for any violations.

 
4. What is the jurisdictional scope of the privacy law rules?

Korean privacy laws do not specifically address their jurisdictional scope or whether they apply to foreign organisations or conduct that occurs overseas.

However, Korean regulatory authorities actively take measures to ensure compliance with privacy laws. In January 2014, the Korea Communications Commission (KCC), which is the regulatory authority for the Act on the Promotion of IT Network Use and Information Protection (Network Act), fined a multinational corporation approximately KRW 200 million for collecting Korean users' personal information without properly obtaining their consent.

 
5. What remedies are available to redress the infringement of those privacy rights?

Under the Civil Code, individuals can claim damages for the infringement of privacy rights, or request a court order that expressly prohibits the infringing conduct.

Other criminal and administrative penalties (such as corrective orders and fines) are available to redress the infringement of privacy.

 
6. Are there any other ways in which privacy rights can be enforced?

There are no other ways in which privacy rights can be enforced.

 

Contributor profiles

Jin Hwan Kim, Senior Attorney

Kim & Chang

T +82 2 3703 1291
F +82 2 737 9091
E jhkim4@kimchang.com
W www.kimchang.com

Professional qualifications. Member of the Korean Bar Association, 1995; Member of the New York Bar Association, 2006

Areas of practice. Privacy; data security

Languages. Korean, English

Professional associations/memberships. Korean Bar Association

Brian Tae-Hyun Chung, Senior Foreign Attorney

Kim & Chang

T +82 2 3703 1078
F +82 2 737 9091
E thchung@kimchang.com
W www.kimchang.com

Professional qualifications. Member of the New York Bar Association, 1997

Areas of practice. Privacy; TMT; antitrust.

Languages. English, Korean

Professional associations/memberships. New York Bar Association

Jennifer S. Keh, Foreign Attorney

Kim & Chang

T +82 2 3703 1779
F +82 2 737 9091
E jennifer.keh@kimchang.com
W www.kimchang.com

Professional qualifications. Member of the California Bar Association, 2007

Areas of practice. Privacy; anti-trust and competition; cross-border disputes.

Languages. English, Korean

Professional associations/memberships. California Bar Association

Publications. The Privacy, Data Protection and Cybersecurity Law Review (Edition 1): "Korea" chapter (Co-author, Law Business Research, 2014) .

In Hwan Lee, Attorney

Kim & Chang

T +82 2 3703 1827
F +82 2 737 9091
E inhwan.lee@kimchang.com
W www.kimchang.com

Professional qualifications. Member of the Korean Bar Association, 2007

Areas of practice. Privacy; health; antitrust & competition.

Languages. Korean, English

Professional associations/memberships. Korean Bar Association

Publications. The Privacy, Data Protection and Cybersecurity Law Review (Edition 1): " Korea" chapter (Co-author, Law Business Research, 2014)


{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1248038034681", "objName" : "Privacy in South Korea overview", "userID" : "2", "objUrl" : "http://us.practicallaw.com/cs/Satellite/us/resource/6-579-7825?null", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "2-40e00097:15b1608731c:5051", "analyticsSessionCookie" : "2-40e00097:15b1608731c:5052", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }