The capacity for gathering and storing personal information has significantly improved due torecent developments in Internet service and information and communications technology. In light ofsuch improvement, there is an increasing demand for companie...
The capacity for gathering and storing personal information has significantly improved due torecent developments in Internet service and information and communications technology. In light ofsuch improvement, there is an increasing demand for companies to utilize personal information formarketing purposes. Consequently, many countries, including Korea, are amending their privacyprotections acts. With regards to Korean privacy laws, the “Act on the Protection of Personal InformationMaintained by Public Agencies”applies to the public sector while the “Act on Promotion ofInformation and Telecommunications Network Use and Protection of Information”(“APITN”)applies to the private sector. In addition, the “Use and Protection of Credit Information Act”(“CreditInformation Act”) protects credit information relating to financial transactions. Such laws that serveto protect personal information are based on the individual’s right to control his/her own personalinformation, a right to personal privacy and freedom detailed in Article 17 of the Korea Constitution.With respect to privacy laws in the United States, despite the establishment of privacy acts such asthe Privacy Act of 1974 and the Electronic Communication Privacy Act of 1986, such laws onlyobligate a company to publicize privacy policies pursuant to such laws; the laws do not regulate thecontent of a company’s privacy policy. In this regard, there is a significant disparity betweenKorean and American privacy acts. While American privacy acts do not regulate the content ofprivacy policy, Korean privacy acts not only dictate the collection, use and provision of personalinformation but also regulate the content of privacy policy.My opinions regarding key issues in Korean privacy laws today are as follows. ①First, withregard to the relationship between the APITN and the Credit Information Act, some advocate theview that the APITN is a special law in relation to the Credit Information Act, and therefore shouldtake precedence. However, in my opinion, both the APITN and the Credit Information Act can beapplied simultaneously since the purpose, object, measure and method of the APITN are differentfrom those of the Credit Information Act. ②Second, providing personal information to a third partyestablishes a new legal relationship with the third party, while entrusting a trustee with personalinformation obligates the trustee to assist or act as an agent in the performance of the provider’slegal relations. ③Third, the compensation for damages incurred by the improper dissemination ofpersonal information should, in principle, be limited to property damages, but mental damages canalso be compensated for if users are able to specifically prove facts relating to the mental damages. ④According to Article 26 of APITN, telecommunication service providers should notify the nameof transferee etc. when transferring personal information for both business transfers as well asmergers. From a legislative perspective, however, I believe there is a need to amend such articlethat provides that it is sufficient only to notify users when there is a business transfer, because thecompany should obtain consent from users on an individual basis for business transfers unlikemergers. The Korean Government has recently submitted the “Act on Protection of PersonalInformation,”a bill applying to both public sector and private sector, for consideration by theNational Assembly. It appears likely that if such an act is established, there will be a significantchange in Korean privacy law system. However, I believe an in-depth study regarding the relationbetween this law and other privacy laws such as APITN and the jurisdiction of these laws will benecessary.