WORKING PAPER • VOL. 2 • N° 7 • OCTOBER 2016
by Haksoo Ko, John Leitner, Eunsoo Kim and Jong-Gu Jung
South Korea’s data privacy law has evolved rapidly, in particular during the past several years, despite a short history of relevant legislation and enforcement. South Korea’s data privacy law has exceedingly stringent consent requirements. In addition to consent, there are many other statutory provisions with onerous requirements, arguably making the overall data privacy law regime in South Korea one of the strictest in the world. South Korea’s data privacy law, in particular the Personal Information Protection Act (the PIPA), has a similar structure to the EU’s data privacy law. However, the overall legal regime for data privacy and also its enforcement mechanism reveal South Korea’s unique characteristics and its weaknesses. In terms of the overall legal regime for data privacy, one interesting characteristic is that, in addition to the PIPA, an omnibus data privacy statute, there are multiple additional statutes governing data privacy issues for specific sectors or industries. In terms of the enforcement of data privacy law, a multitude of government agencies and institutions are in charge. Thus, depending on applicable statutes and other factors, different agencies or institutions could be in charge. Issues on data privacy has gained notable traction in recent years in South Korea and, perhaps reflecting this phenomenon, relevant laws and regulations have been amended frequently. A notable trend is to strengthen penalty provisions and, in particular, the maximum amount of administrative fine is now set at 3% of relevant sales revenue. It remains to be seen if heightened penalty provisions will indeed help addressing data privacy concerns in a meaningful manner.
Keywords: Data privacy, South Korea’s data privacy law, Personal Information Protection Act
Copyright © Brussels Privacy Hub