AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1999 >> [1999] PrivLawPRpr 46

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Chung, Chan-Mo --- "Korea's recent legislation on online data protection" [1999] PrivLawPRpr 46; (1999) 6(3) Privacy Law & Policy Reporter 38

Korea’s recent legislation on online data protection

Chan-Mo Chung

On 8 February 1999, Korea enacted the Act on the Promotion and Protection of the Information Infrastructure (Reg No 5835) (the 1999 Act). Chapter 4 of the 1999 Act contains provisions on the protection of personal data over the networks (arts 16, 17 and 18), which closely follows the 1980 OECD Privacy Guidelines.[1]

Before the enactment of this legislation, the Korean legal regime of data protection consisted of the following.

General rules to be applied to the private sector processing of the personal data do not exist. However, the 1999 Act is dealing with an increasingly important part of data compiling in the private sector. This law applies to the telecommunications business operators and others who provide data or facilitate the provision of data over telecommunications networks (the processor). Electronic commerce among other information and communication services is the area at which the provisions are aimed.

Article 19(3) of the 1999 Act also prohibits unsolicited spam mail.

Principles of data protection in the 1999 Act

  1. The processor should obtain as little amount of personal data as required for the provision of the services (art 16(1)).
  2. Unless data processing is necessary for the execution of a contract and billing for the service provided, consent of data subject for the data processing is required (art 16(2)).
  3. Personal data file should be deleted when the processor has already obtained the purpose of data processing

    (art 17(3)).

  4. Technical measures should be taken to safeguard the security of data processing (art 16(4)).
  5. The purpose of the data processing and the party to whom the data is transferred should be notified to the data subject (art 16(3)).
  6. The data subject has the right of access to the personal data about him or her and the right to request correction of any incorrect data (art 18(2)).
  7. The processor cannot use the incorrect data challenged by the data subject without correction (art 18(4)).
  8. The processor should designate a controller of personal data (art 17(4)).


The privacy provisions of the 1999 Act enter into force on 1 January 2000. Criminal and administrative penalties shall be imposed on those who breach the principles of data protection:

No independent watchdog

The 1999 Act does not establish a Data Commissioner. This reflects the drafters’ intention not to create a

new bureaucratic body. The efficacy of the online data protection provisions, therefore, depends on the data subject’s recognition of its rights and its willingness to exercise them. However, considering the lack of long tradition of the protection of personal data in Korea, it would be advisable to appoint a Data Commissioner to promote voluntary privacy appliance and to review the implementation of the principles of data protection.

Chan-Mo Chung, D Phil, Korea Information Society Development Institute, <>.

[1] Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, Paris, 1981).

[2] Article 54 (Protection of Communication Secrecy):

(1) No person shall encroach upon or divulge communication secrecy held by telecommunications business operator.

(2) The one engaged or [who] has been engaged in telecommunication service shall not divulge others’ communication secrets obtained while in office.

(3) When related authorities ask for perusal or submission of documents regarding telecomm-unication service for investigation needs in writing, then telecommunication business operator or the one entrusted with partial treatment of telecomm-unication service under art 12 may accede to [this request].

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback