Digital business in South Korea: overview

A Q&A guide to digital business in South Korea.

The Q&A gives a high level overview of matters relating to regulations and regulatory bodies for doing business online, setting up an online business, electronic contracts and signatures, data retention requirements, security of online transactions and personal data, licensing of domain names, jurisdiction and governing law, advertising, tax, liability for content online, insurance, and proposals for reform.

To compare answers across multiple jurisdictions, visit the Digital Business Country Q&A tool.

This Q&A is part of the global guide to digital business law. For a full list of jurisdictional Q&As visit www.practicallaw.com/digital-business-guide.

Contents

Regulatory overview

1. What are the relevant regulations for doing business online (for business-to-business and business-to-customer)?

The Act on Consumer Protection in Electronic Commerce (E-Commerce Act) is the primary law regulating e-commerce businesses. Under the E-Commerce Act, any person that sells goods or services and solicits offers to purchase from customers by means of mail or telecommunication facilities (online retailer) must comply with various requirements that are intended to protect the interest of consumers. An e-commerce business can also be subject to comprehensive privacy requirements under the Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) when collecting, using or transferring personal information online.

The following regulations are also relevant:

  • The Fair Labelling and Advertising Act (Labelling Act), which regulates false, exaggerating, deceptive, unduly comparative, and slanderous labelling and advertising.

  • The Regulation of Standardised Contracts Act (RSCA), which regulates unfair clauses in standardised contracts.

  • The Framework Act on Consumers, which sets out consumer dispute resolution standards and product recalls.

  • The Electronic Financial Transaction Act, which governs the engagement of payment gateway service providers and requires registration with the Financial Services Commission.

  • The Monopoly Regulation and Fair Trade Law (Fair Trade Law), which may apply to the relationship between suppliers of products for sales online.

Finally, there are ongoing discussions within the Korea Fair Trade Commission (KFTC) about the possibility of also applying the Fair Transaction in Large-Scale Distribution Act, which poses more obligations on the distributor (online retailer) than the Fair Trade Law.

 
2. What regulatory bodies are responsible for passing legislation in this area?

The primary regulatory authorities responsible for passing legislation in the e-commerce industry are the Korea Communications Commission (KCC) and the Korea Fair Trade Commission (KFTC). Both authorities, having governance over the Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) and the Act on Consumer Protection in Electronic Commerce (E-Commerce Act) respectively, actively enforce the relevant regulations through corrective orders or fines.

 

Setting up a business online

3. What are the common steps a company must take to set up an existing/new business online?

Companies planning to set up a business online should first consider whether an onshore model (that is, a local distribution model) or an offshore model (that is, a cross-border online sale model) best meets their business needs. If the company intends to target Korean customers and actively conduct business in Korea (for example, local marketing activities and Korean language website), then the Korean regulators have taken the position that the business should comply with Korean regulations, requiring an onshore model. The common procedures necessary for setting up online business in Korea (that is, an onshore model) include:

  • Licensing requirements. An online retailer must file:

    • an online retailer report to either the local government having jurisdiction over the principal office of the online retailer or the Korea Fair Trade Commission (KFTC); and

    • a Value-Added Telecommunications Service Provider (VSP) report to the regional Radio Management Office in Korea. As it is generally understood that a foreign entity located outside Korea is not eligible to file such reports, the online retailer must first establish a local branch or subsidiary in Korea and then submit the VSP report in the name of the local branch or subsidiary.

  • Engagement of a payment service provider. In order to accept payment via wire transfer, debit or credit card, mobile billing, or direct carrier billing, online retailers must enter into a contract with a third party payment gateway (PG) service provider or carrier billing (CB) service provider. With prepaid transactions, online retailers must also enter into a contract with an escrow service provider or consumer damage compensation insurance company (except if only credit card payments are accepted).

  • Localised terms and conditions, refund policy and privacy policy. The terms and conditions (including the terms of sale), refund policy and privacy policy must be localised to comply with Korean regulations and must be disclosed to the user. A hyperlink to the privacy policy and any amendment of it must also be disclosed on the default (first) webpage of the online retailer.

  • Localised user interfaces. The Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) and Act on Consumer Protection in Electronic Commerce (E-Commerce Act) provide extensive requirements that online retailers must comply with in dealing with customers and fulfilling transactions. For example, the default page or the initial landing page must disclose the following mandatory items:

    • trade name and name of the representative;

    • address, phone number and email address;

    • terms and conditions;

    • privacy policy;

    • tax registration number;

    • online retailer report number (together with hyperlink to the Korea Fair Trade Commission's (KFTC) website where consumers can search for information regarding online retailers); and

    • trade name of the hosting service provider.

    The product pages must also disclose the required information under the E-Commerce Act. Finally, when collecting, using or transferring personal information from customers online, the online retailer must make certain disclosures to, and obtain certain consents from the customer in accordance with the Network Act.

     
    4. What are the relevant parties that an online business can expect to contract with?

    When providing payment options, online retailers must enter into a contract with service providers having a payment gateway (PG) or carrier billing (CB) service licence, unless they obtain the licences themselves, and with prepaid transactions, with an escrow service provider or consumer damage compensation insurance company (see Question 3). Online retailers also commonly need to enter into outsourcing contracts for delivery, logistics, inventory, supply chain management or call-centre services when operating their online businesses.

     
    5. What are the procedures for developing and distributing an app?

    There are no special procedures specifically applicable to the development and distribution of apps, but mobile businesses are also governed by the:

    • Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act).

    • Act on Consumer Protection in Electronic Commerce (E-Commerce Act).

    For the E-Commerce Act, the Korea Fair Trade Commission (KFTC) has issued guidelines to help mobile businesses to better understand and comply with the E-Commerce Act, especially with respect to displaying the prescribed information on small mobile screens.

     

    Running a business online

    Electronic contracts

    6. Is it possible to form a contract electronically? If so, what are the requirements for electronic contract formation?

    The Framework Act on Electronic Documents and Transactions (FEDT) stipulates that an electronic document cannot be denied its validity merely because it is in electronic form, unless otherwise provided in other laws. Since the law does not require any specific formalities for executing an agreement, there are no specific requirements to form and enter into an electronic contract.

    However, if the electronic contract is a standardised contract, the validity and effectiveness of the contract will continue to be subject to the requirements under the Regulation of Standardised Contracts Act (RSCA) (see Question 7). The following requirements under the Act on Consumer Protection in Electronic Commerce (E-Commerce Act) also apply:

    • A seven day cooling-off period to allow for cancellations at will.

    • A three month or 30 day cooling-off period for cancellations due to defect.

    • A refund policy that must be included in the electronic contract terms and conditions and must be disclosed to the user at the product description page.

     
    7. What laws govern contracting on the internet?

    The Act on Consumer Protection in Electronic Commerce (E-Commerce Act), intended to protect consumers in online transactions, is the main law that governs contracting on the internet with consumers. Standardised general terms and conditions (applicable to the general consumer of a product) are also governed by the Regulation of Standardised Contracts Act (RSCA). Under the RSCA, the business entity that prepared the standardised contract or contract of adhesion is prevented from claiming any rights or benefits under the general terms and conditions if it failed to disclose properly and explain the "important items" in the general terms and conditions. The Korean Supreme Court has ruled that "important items" means the contractual terms that would typically affect a reasonable consumer's decision to enter into a contract or how prices are set for the concerned transaction (for example, product warranty or disclaimer of liability). Also, the RSCA generally provides that unfair provisions in standardised contracts are invalid and also provides a non-exhaustive list of specific provisions that, if included within the standardised contract, will be invalid.

    For business-to-business contracts, the E-Commerce Act, in principle, does not apply because it was enacted for the protection of consumers in e-commerce contracts. However, the RSCA and the Fair Trade Law still apply to business-to-business contracts regardless of whether the contract is entered into online or not.

     
    8. Are there any limitations in relation to electronic contracts?

    An electronic document cannot be denied its validity just because it takes electronic form, unless otherwise provided in other laws (Article 4 (1), Framework Act on Electronic Documents and Transactions (FEDT)). There are generally no restrictions on the enforceability of contracts that were executed via electronic documents. Contracts in the form of electronic documents are also admissible as evidence in civil procedures, since there is no restriction on the admissibility of such evidence under the Korean Civil Procedure Act.

     
    9. Are there any data retention requirements in relation to the formation of electronic contracts?

    Online retailers must retain the following data and records regarding e-commerce transactions during the following periods:

    • Labelling and advertisements: six months.

    • Execution of contracts or cancellations: five years.

    • Payment or supply of goods and services: five years.

    • Consumer complaints or disputes: three years.

    Online retailers must also provide methods for the consumers to access and retain their data and records related to e-commerce transactions.

     
    10. Are there any trusted site accreditations available?

    There are four types of important accreditations:

    • The eTrust accreditation is granted to online retailers that are considered excellent and reliable after a fair and thorough review of the retailer's website in terms of consumer protection, privacy policy and the entire purchasing system process.

    • The web accessibility accreditation certifies quality accessibility of the service provided by the website, and is used to promote accessibility of information and user convenience for the disabled and the elderly.

    • The Personal Information Management System (PIMS) accreditation is granted to entities that have established a protective measure system of a certain level sufficient to systematically and continuously protect personal information. Companies with PIMS can reduce administrative fines or penalties for a privacy breach incident.

    • The Information Security Management System (ISMS) accreditation is required for e-commerce companies whose online sales revenues are KRW10 billion or more. The ISMS guarantees the suitability of the management and operation system in protecting data information.

    The first three accreditations are optional under the law for online retailers in order to help build business credibility and reduce sanctions, but the last accreditation is mandatory for online retailers meeting the relevant condition.

     
    11. What remedies are available for breach of an electronic contract?

    Other than the common dispute resolution methods (for example civil action and arbitration) that generally can be used to pursue applicable remedies for breach of contract, an injured party can file a complaint with the Korea Fair Trade Commission (KFTC) or the Korea Consumer Agency. The KFTC can then investigate the issue and impose sanctions (for example, corrective order or penalty) if the breach also violates any relevant acts for consumer protection and fair trade. The KFTC can request mediation or intervention from the Consumer Dispute Settlement Commission or the E-Commerce Mediation Committee.

    E-signatures

    12. Does the law recognise e-signatures?

    Applicable legislation

    The Korean Electronic Signature Act (ESA) covers the law on e-signatures.

    Definition of e-signatures

    The ESA defines an "e-signature" as an electronic record that is:

    • Used to identify a signer and confirm the signer's signature in a relevant electronic document.

    • Attached or logically associated with the electronic document.

    In comparison to other jurisdictions, the definition of "e-signature" is broadly defined and does not require the use of specific technical methods. Therefore, there is still controversy concerning differentiation of e-signatures and bare indication(s) of the signer that lack technical measures or methods to guarantee the authenticity or integrity of electronic documents.

    Format of e-signatures

    There are two formats of e-signatures under the ESA:

    • Official e-signatures.

    • Other e-signatures.

    The ESA provides for the so-called "official e-signature", which is recognised as prima facie evidence of the authenticity and integrity of an electronic document. The "official e-signature" under the ESA means an e-signature for which a public certification authority issues an official certificate and meets the following conditions:

    • There is a private key, which is used to create the signature and is only attributable to the signatory.

    • The private key must be managed and controlled by the signatory when the signature is created.

    • It is possible to confirm any changes to an electronic document and an e-signature after execution.

    For e-signatures that do not technically qualify as "official e-signatures", no formalities are required. However, those who wish to prove the effectiveness of an electronic agreement that does not use an "official e-signature" bear the burden of proof to establish the authenticity and integrity of the agreement where the other party raises an objection.

     
    13. Are there any limitations on the use of e-signatures?

    In principle, there are no limitations on the use of e-signatures. E-signatures have the same legal effect as a signature under an agreement between parties, meaning that if there is a valid agreement regarding the authenticity and integrity of e-signatures, the document signed with digital signature is valid and effective.

     

    Implications of running a business online

    Cyber security/privacy protection/data protection

    14. Are there any laws that regulate the collection or use of personal data? To whom do the data protection laws apply?

    The Personal Information Protection Act (PIPA) is the primary law that regulates the collection and use of personal information in both the public and private sectors. However, the Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) specifically addresses privacy and personal data issues for online service providers, including online retailers, and takes precedence over PIPA in these cases. The Network Act covers various matters, including:

    • The collection, use and transfer of personal information.

    • Privacy policy.

    • Technical and organisational measures.

    For further information on data protection laws in South Korea, see Data Protection in South Korea: overview.

     
    15. What data is regulated?

    The term "personal information" under the Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) includes any information pertaining to any individual who is alive, which contains code, letter, voice, sound, image, and so on, that makes it possible to identify such individual by his name and resident registration number, and so on, (including the information which, if not by itself, makes it possible to identify any specific individual if combined with other information). While corporate information such as a company name, internet URL and company registration number are not protected under the Network Act, information relating to a natural person (for example, a customer or an employee), could fall within the scope of personal information protected under the Network Act.

     
    16. Are there any limitations on collecting personal data? Are there any specific limitations on storage of personal data in the cloud?

    Under the Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act), the online retailer must disclose the following items and obtain consent when collecting personal information:

    • Purpose of collection and use.

    • Details regarding the information to be collected.

    • Period of retention and use.

    Collection and use of a customer's Korean resident registration number is strictly prohibited unless permitted by other laws (for example, Act on Real Name Financial Transactions and Confidentiality, Electronic Financial Transactions Act, Value-Added Tax Act, Income Tax Act, Telecommunications Business Act, and so on).

    With storage of personal data in the cloud, there is no separate or specific limitation on such storage. The Cloud Computing Act (which becomes effective on 28 September 2015) provides that protection of personal information in the cloud must follow the provisions under Personal Information Protection Act (PIPA), the Network Act or other relevant laws. Accordingly, online retailers must obtain consent regarding:

    • Collection and use of personal information.

    • Overseas transfer of personal information, if applicable, in accordance with the Network Act.

     
    17. Is the use of cookies allowed? If so, what conditions apply to their use that impact system design?

    While consent is generally not required for the collection of cookies, details on the installation and operation of cookies, and how cookies can be rejected, must be included in the applicable privacy policy. If online retailers use cookies for a purpose other than the proposed service (for example, target marketing for individuals) then separate consent from the customer must be obtained before the collection of cookies. Consent can be obtained through a checkbox prepared in the webpage.

     
    18. What measures must be taken by companies or the internet providers to guarantee the security of internet transactions?

    The Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) requires the provision of a certain level of security in processing personal information collected online. Online retailers must implement technical and managerial measures necessary to prevent personal information from being lost, stolen, unlawfully leaked, altered or damaged. In this regard, regulatory guidance provides detailed technical and managerial measures including:

    • Establishing a plan for personal information protection.

    • Controlling access to the personal information system.

    • Preventing forgery of the log records for the personal information system.

    • Encrypting personal information.

    • Preventing computer viruses.

    • Restricting the copying and printing of the records on the personal information system.

     
    19. Is the use of encryption required or prohibited in any circumstances?

    The Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) and its subordinate regulations provide the following encryption standards:

    • Passwords and biometric information must be one-way encrypted to prevent decoding if and when they are stored.

    • Resident registration numbers, credit card numbers and bank account numbers must be encrypted using a secure algorithm if and when they are stored.

    • Personal information must be encrypted when it is transmitted through information and communication networks, or stored in personal computers.

     
    20. Can government bodies access or compel disclosure of personal data in certain circumstances?

    Under various laws, government bodies and agencies can request a company to submit relevant documents or information, including the personal information of individuals.

    For example, the Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) has a general provision that authorises the Korea Communications Commission (KCC) or the Ministry of Science, ICT and Future Planning (MSIP) to request relevant information or materials when the KCC or MSIP become aware of violation or alleged violation of the Network Act. A company that receives a request from the KCC or MISP must provide the requested information or documents, even if it contains personal information. Law enforcement agencies, such as the police and the public prosecutor's office, can also request personal information under a court warrant.

     
    21. Are there any regulations in relation to electronic payments?

    There is no obligation under the law for online retailers to accept certain methods of payment such as cash payments, credit card payments, payments by debit card or by cheque. Online retailers can allow consumers to pay through electronic payment companies with requisite licences (for example payment gateway (PG) or carrier billing (CB)). Where pre-payment is made (except for credit card transactions), the online retailer must subscribe for an escrow service or maintain consumer damage compensation insurance under the Act on Consumer Protection in Electronic Commerce (E-Commerce Act). Electronic payment companies must satisfy several requirements regarding its paid-in capital, manpower and IT facilities and are subject to various applicable financial regulations.

    The online retailer must keep records regarding the payment or supply of goods or services for five years.

     

    Linking

    22. Are there any limitations on linking to a third party website and other practices such as framing, caching, spidering and the use of metatags?

    There are no limitations on linking to a third party website.

     

    Domain names

    23. What regulations are there in relation to licensing of domain names?

    The registrant of country-specific domain names, such as ".kr" or ".co.kr", must be a Korean resident.

    The Internet Address Resource Act prohibits registering or using a domain name for the purposes of impeding the domain name registration of a person that has legitimate interests in the domain name or gaining unjust profits from such person.

    The Unfair Competition Prevention and Trade Secret Protection Act (UCPA) prohibits registering, maintaining, transferring or using a domain name similar to another party's name, trade name, trade mark or other widely known identifier for the purpose of:

    • Selling or renting the domain name to the rightful owner.

    • Interfering with the rightful owner's registration and use of the domain name.

    • Obtaining a commercial gain.

    Under the UCPA, use of a domain name identical with or similar to the trade name, trade mark, or other mark of another person that is widely known in Korea by any person that holds no justifiable title to use, can be an unfairly competitive act.

     
    24. Do domain names confer any additional rights (in relation to trade marks or passing off) beyond the rights that are vested in domain names?

    There is no regulation stating whether domain names constitute property rights or not, and this issue has not been conclusively settled in Korea. However, it is generally accepted that a right to use a domain name can be an object of attachment.

    A domain name can be protected by the Trade Mark Act or Unfair Competition Prevention and Trade Secret Protection Act (UCPA). Under these Acts, if a domain name has been registered as a trade mark or is widely known as a business identifier in Korea, then third parties cannot use a mark that is identical or similar to the domain name as its business identification.

     
    25. What restrictions apply to the selection of a business name, and what is the procedure for obtaining one?

    Generally, an individual or a company can freely choose its business name. However, under the Korean Commercial Code, registering a business name that is identical to a business name already registered within the same administrative jurisdiction with same type of business is prohibited. Certain types of businesses (for example, securities business and trust business) must also use words representing its business in its business name, while some business names are considered to "represent" a certain type of business (for example, investment and insurance), which cannot be used by other businesses.

    A business name can be registered with the applicable court registrar's office, and is considered for legal purposes to be the official name of the company. The name must be in Korean in order to be registered, even though an English version can be filed in parallel.

     

    Jurisdiction and governing law

    26. What rules do the courts apply to determine the jurisdiction for internet transactions (or disputes)?

    The issue of international jurisdiction in cyberspace has not been conclusively resolved in Korea. Issues and theories relating to international jurisdiction in cyberspace, such as the following, have been debated by legal commentators in Korea:

    • Territoriality principles.

    • Nationality principles.

    • Effects principles.

    • Protective principles.

    • Universality principles.

    No bright-line test has currently been established by the courts to determine the circumstances under which it would be appropriate for regulators and courts to exercise jurisdiction in cyberspace.

    In practice, however, regulators, including the Korea Communications Commission (KCC) and the Korea Fair Trade Commission (KFTC), have applied and enforced Korean regulations over offshore server operations without necessarily fully considering the delicate issue of international jurisdiction. Korean regulators typically justify their application of Korean regulations based on some particular feature or mode of operation of the website at issue, such as the use of the Korean language or marketing activities by the operator in the Korean territory. In particular, the key criterion considered by Korean regulators in determining whether or not to exercise jurisdiction is whether the operations of the offshore server can be viewed as "doing business within the Korean territory".

    Also, under the RSCA, a choice of venue provision requiring consumers to agree to a venue that is unreasonably disadvantageous to the consumers (for example, far from the residence of the consumer and close to the online retailer), can be considered invalid.

     
    27. What rules do the courts apply to determine the governing law for internet transactions (or disputes)?

    To determine the governing law, the Korea Private International Law (KPIL) is applicable, but there is no specific rule for internet transactions. In principle, the KPIL allows the parties to freely choose the governing law of the contract, so long as the choice of law has some nexus with the parties or transaction. While the choice of law (including choice of foreign law) as agreed by the parties is generally respected by the courts, a court cannot exclude mandatory Korean laws (for example, Fair Trade Law), and will not apply the selected foreign law to the extent that the foreign law violates Korean public order and good morals, under the KPIL. The parties can stipulate foreign law as the governing law of the contract, but it is still subject to Korean mandatory laws, public order and good morals.

     
    28. Are there any ADR/ODR options available to online traders and their customers? What remedies are available from the ADR/ODR methods?

    A party to an e-commerce transaction can file a mediation application with the E-Commerce Mediation Committee, if it requires meditation. However, this procedure is voluntary, and the respondent can choose not to participate in the mediation, in which case the mediation proceedings will not occur. See Question 11 for further explanation on this issue.

     

    Advertising/marketing

    29. What are the relevant rules on advertising goods/services online/via social media?

    The Labelling Act prohibits labelling or advertising that is:

    • False or exaggerated.

    • Deceptive.

    • Unfairly comparative.

    • Slanderous.

    According to the Korea Fair Trade Commission (KFTC) Review Guideline on Labelling and Advertising of Recommendations and Guarantees, if a person promotes or recommends products via social media platforms and receives monetary compensation for the promotion or recommendation, then the failure to disclose such commercial arrangement with the advertiser is deemed as a deceptive labelling or advertisement.

    The Act on the Promotion of Information and Telecommunications Network Use and Information Protection also prohibits the circulation of illegal information (for example, obscene content). If a company advertises or promotes illegal or harmful information or content, the Korea Communications Standards Commission can issue a corrective request.

     
    30. Are there any types of services or products that are specifically regulated when advertised/sold online (for example, financial services or medications)?

    The following cannot be sold online:

    • Tobacco.

    • Drugs (narcotics).

    • Medicines.

    • Pseudo firearms.

    • Dioptric glasses, contact lenses or sunglasses.

    • Electronic products or industrial products without safety certification.

    • Pornography.

    • Products infringing the intellectual property of others.

    Online selling of the following articles is restricted and requires prior registration, approval, or report to the relevant authority:

    • Firearms, swords or explosives.

    • Harmful chemical substances.

    • Health functional foods (in this context, "health functional foods" are foods that specifically improve the body's immunity or biological activity using certain prescribed food materials).

    • Medical devices.

    • Liquor.

    • Media or chemical substances harmful to children.

    Advertising is regulated for various items including:

    • Health functional foods.

    • Games.

    • Marriage brokerage services.

    • Mutual aid services.

    • Financial investment goods.

    • Tobacco.

    • Money lending services.

    • Real estate or real estate development.

    • Speculation investment services.

    • Life insurance.

    • Indemnity insurance.

    • Agricultural products, fishery products, drinkable water, foods for infants, weight control food, and so on.

    • Movies and videos.

    • Medical and hospital services.

    • Medical devices.

    • Medicine, medical supplies and sanitary aids.

    • Alcohol.

    • Cosmetics.

     
    31. Are there any rules or limitations in relation to text messages/spam emails?

    For all methods of delivering spam, including phone calls, SMS or MMS, fax, emails and any other form of electronic transmission media, the Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) takes an "opt-in" approach, which means that in principle, a person must obtain prior consent from potential recipients before sending communication by these methods.

    The Network Act provides further detailed obligations regarding marketing emails, including:

    • Contents of email. The email must include:

      • The name (name of the company is sufficient), email address, telephone number and address of the sender.

      • A technical method (usually a link to unsubscribe) enabling recipients to easily opt-out, and instructions regarding how to opt-out. This must be in English and Korean.

      • The subject line must contain Kwang-go (advertisement).

    • Follow-up notification requirements after opt-in consent or opt-out request. Within 14 days of obtaining a user's opt-in consent or opt-out request, a company must inform (as a follow up) the user (for example, via email) of the following items:

      • The name of the sending party (that is, the entity making this disclosure).

      • The date of the opt-in or opt-out.

      • How the company processed the opt-in or opt-out requests.

    • Renewing consent. Since the opt-in consent obtained from users is not perpetual, a company must "renew" the consent every two years. A company should disclose the following items when confirming the user's consent (for example, via email):

      • The name of the sending party (that is, the entity making this disclosure).

      • The date of the opt-in, including a statement to the effect that the user had opted in from a certain date.

      • The method of either giving or revoking its consent.

     
    32. Are there any language requirements in your jurisdiction for a website that targets your particular jurisdiction or whose target market includes your jurisdiction?

    Under the Regulation of Standardised Contracts Act (RSCA), a business must prepare its terms and conditions in the Korean language so that Korean consumers can easily understand the terms and conditions. Although there is no penalty for violating this provision, it is still advisable for the business to prepare a Korean version of its terms and conditions to reduce the risk of legal challenge by customers or the Korea Fair Trade Commission (KFTC).

     

    Tax

    33. Are sales concluded online subject to taxation?

    In principle, an online retailer of goods and services must collect 10% VAT from its customers in Korea in accordance with the Value-Added Tax Act (VAT Act).

    From 1 July 2015, VAT also applies to digital content, including games, software, music and movie files (electronic services) provided in Korea by a foreign company or a non-resident without a Korean permanent establishment. When a foreign digital content provider directly sells digital content to a Korean user, it must file VAT returns and pay VAT. If a foreign intermediary, such as an online open marketplace, is used to provide digital content, then instead of the foreign digital content provider, the foreign intermediary must file VAT returns and collect and pay VAT. However, in both cases neither the foreign digital content provider nor the foreign intermediary must issue VAT invoices to Korean customers.

     
    34. Where and when must online companies register for VAT and other taxes? Which country's VAT rate will apply?

    According to the Value-Added Tax Act (VAT Act), a company that starts an online business must register the required particulars of each business place with a tax office within 20 days from the business commencement date. If a company fails to register its business within 20 days from the business commencement date, a penalty tax in the amount equivalent to 1% of the value of the supplied goods and services provided by the non-registered business place is added to the tax amount payable.

     

    Protecting an online business

    Liability for content online

    35. What laws govern liability for website content?

    The Act on the Promotion of Information and Telecommunications Network Use and Information Protection (Network Act) primarily governs website content by restricting content harmful to children and obscene and defamatory content. For labelling and advertising issues, the Act on Consumer Protection in Electronic Commerce (E-Commerce Act), together with the Labelling Act, prohibit labelling and advertising that is:

    • False.

    • Exaggerating.

    • Deceptive.

    • Unduly comparative.

    • Slanderous.

    The Juvenile Protection Act also prohibits harmful content to children from being sold or distributed to children for profit.

    The Game Industry Promotion Act, Music Industry Promotion Act and Film and Video Promotion Act also govern their respective content types. The Copyright Law and the Trade Marks Law, which govern liability for infringement of a copyright or trade mark right, provide that an application for an infringement can be made through content uploaded on the website.

     
    36. What legal information must a website operator provide?

    Korea has stringent privacy and mandatory labelling regulations required to be provided on the website homepage and on each product description page. For example, the Act on Consumer Protection in Electronic Commerce (E-Commerce Act) and the Act on the Promotion of Information and Telecommunications Network Use and Information Protection requires links to terms and conditions and privacy policy, respectively, to appear on the homepage.

    Under the E-Commerce Act, the description page of the products for sales on the website must include the following:

    • Supplier or seller information.

    • Product information and labelling.

    • Price and payment term.

    • Shipping information.

    • Cancellation of order.

    • Exchange, refund and warranty.

    • Complaint handling.

    • Hyperlink to terms and conditions.

    • Insurance policy or escrow.

    • Additional charges.

    • Restrictions related to the sales conditions.

    The Korea Fair Trade Commission's (KFTC) Notification on Provision of Product Information in E-Commerce also stipulates the individual product group information that must be disclosed for a relevant product.

     
    37. Who is liable for the content a website displays (including mistakes)?

    In principle, it is the uploader of the content on the website that bears liability for the uploaded content. For example, the user of the website may be subject to criminal sanction for uploading content harmful to juveniles without taking appropriate measures provided by law, or defamatory content under the Act on the Promotion of Information and Telecommunications Network Use and Information Protection.

    However, the courts have found platform operators liable for the content posted by other parties under various legal theories, such as aiding and abetting. For example, the courts have ruled that if the uploaded content on a platform is illegal, the platform operator was aware or should have been aware of such illegal content, and the platform operator has the means to manage and control such content, then the platform operator must take appropriate measures to take down or block the illegal content. Failure to take such measures can render the service provider jointly liable with the uploader.

     
    38. Can an internet service provider (ISP) shut down a website, remove content, or disable linking due to the website's content and without permission?

    An internet service provider can block access to a website, remove content, or disable linking under a Korea Communications Commission's (KCC) corrective order or the Korea Communications Standards Commission's corrective request where illegal or harmful information or content exists.

    The Act on the Promotion of Information and Telecommunications Network Use and Information Protection also provides that a person whose right is infringed by the uploaded content can request the service provider of the website to remove the content. The service provider receiving the request must immediately take necessary measures (for example, removal or taking temporary measures), and then notify both the applicant and the uploader of the measures taken on the content. The fulfilment of this obligation to take necessary measures can lessen or relieve service provider's liability.

     

    Insurance

    39. How should an online business be insured?

    Under the Act on Consumer Protection in Electronic Commerce, with prepaid transactions, online retailers must obtain consumer damage compensation insurance unless it provides an escrow service to the customer.

     

    Reform

    40. Are there any proposals to reform e-commerce law in your jurisdiction?

    There is a pending legislative bill for the Act on Consumer Protection in Electronic Commerce (E-Commerce Act), which aims to clarify the current law and further protect consumers by revising the language of the Act. The amendment to the Korea Fair Trade Commission's (KFTC) Guidelines for Consumer Protection in E-Commerce was also announced in February 2015, which provides explanations and examples for further understanding of the E-Commerce Act, and recommendations for new types of websites, such as social commerce and price comparison services.

     

    Online resources

    Korea Fair Trade Commission

    W http://eng.ftc.go.kr

    Description. The English version of the official website of the Korea Fair Trade Commission (KFTC) that provides laws, regulations, decisions and legislation regarding E-Commerce. This website does not reflect all up-to-date changes and amendments on laws, and regulations.

    Korea Communications Commission

    W http://eng.kcc.go.kr/user/ehpMain.do

    Description. The English version of the official website of the Korea Communications Commission (KCC) that provides laws, regulations, decisions and legislation regarding e-commerce. This website does not reflect all up-to-date changes and amendment on laws, and regulations.

    Elaw

    W http://elaw.klri.re.kr/kor_service/main.do

    Description. The website that provides English translation of Korean laws and regulations (registration is required). This website does not reflect all up-to-date changes and amendments on laws, and regulations.



    Contributor profiles

    Dong Shik Choi, Senior Attorney

    Kim & Chang

    T +82 2 3703 1121
    F +82 2 737 9091 or 9092
    E dschoi@kimchang.com
    W www.kimchang.com

    Professional qualifications. Korea, Lawyer, 1982; New York, Lawyer, 1991

    Areas of practice. Technology; media and telecommunications; mergers and acquisitions; corporate governance; foreign direct investment; entertainment; sports and leisure.

    Languages. Korean, English

    Professional associations/memberships. Korean Bar Association; New York State Bar Association.

    Publications. E-Commerce Law & Policy Magazine (January 2014) "South Korea's Highly Regulated E-Commerce Market Thrives".

    Richard J. Lee, Senior Foreign Attorney

    Kim & Chang

    T +82 2 3703 1490
    F +82 2 737 9091 or 9092
    E rjlee@kimchang.com
    W www.kimchang.com

    Professional qualifications. California, Lawyer, 1998

    Areas of practice. Anti-trust and competition; mergers and acquisitions; foreign direct investment; private equity; technology; media and telecommunications; corporate governance.

    Languages. English, Korean

    Professional associations/memberships. California Bar Association.

    Seong Hyeon Bang, Attorney

    Kim & Chang

    T +82 2 3703 1622
    F +82 2 737 9091 or 9092
    E shbang@kimchang.com
    W www.kimchang.com

    Professional qualifications. Korea, Lawyer, 2007

    Areas of practice. Anti-trust and competition; technology; media and telecommunications; privacy; mergers and acquisitions; foreign direct investment.

    Languages. Korean, English

    Professional associations/memberships. Korean Bar Association.

    Tae Young Roh, Attorney

    Kim & Chang

    T +82 2 3703 1944
    F +82 2 737 9091 or 9092
    E taeyoung.roh@kimchang.com
    W www.kimchang.com

    Professional qualifications. Korea, Lawyer, 2012

    Areas of practice. Corporate; mergers and acquisitions; litigation; technology; media; telecommunications.

    Languages. Korean, English

    Professional associations/memberships. Korean Bar Association.


    { "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1248217995079", "objName" : "Digital Business in South Korea", "userID" : "2", "objUrl" : "http://us.practicallaw.com/cs/Satellite/us/resource/6-618-1666?null", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "22e97be00:15b005f1318:-548b", "analyticsSessionCookie" : "22e97be00:15b005f1318:-548a", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }