University of New South Wales Faculty of Law Research Series
Last Updated: 10 December 2012
Korea rolls back ‘real name’ and ID number surveillance
Whon-il Park, Kyung Hee University
Graham Greenleaf, University of New South Wales
This paper is available for download at Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2187232
This paper was published in Privacy Laws & Business International Report, Issue 119: 20-1, October 2012. This paper may also be referenced as  UNSWLRS 57.
South Korea’s online ‘real name’
statute - Article 44-5 of the Act on Promotion of Information and Communications
Network Utilization and Data Protection, etc. (the “ICN Act”) was
enacted in 2007 in response to such things as posted
describing fictitious sex scandals and plastic surgery operations concerning
celebrities, and a number of suicides
of celebrities. It required large-scale
portal sites with more than 100,000 visitors on average a day to record the real
of visitors posting comments, usually via the poster's resident
registration number (RRN). One result was that many South Koreans
commentators started to use overseas websites which allowed anonymous posting,
such as Google and Twitter, and some therefore
argued the law discriminated
against domestic Internet services. A series of security breaches resulting in
leaks of of personal
data concerning millions of South Koreans from those
websites that were required to adopt real-name policy also occurred over the
last couple of years.
In August 2012 South Korea’s Constitutional Court unanimously held that the ‘real name’ statute is unconstitutional because the public gains achieved had not been substantial enough to justify restrictions on individuals' rights to free speech. The two cases decided by the Court were brought by individuals who were required to provide their real names in order to make postings, and also by an online Internet publisher required by the law to verify the names of those posting. This article analyses the Court’s reasoning, in the context of other decisions concerning freedom of speech, and the overall relaxation of South Korea’s previously very restrictive Internet environment.
Legislative reform has occurred in parallel. The RRN was previously compulsory in almost all dealings with government and many organisations in the private sector. Abuse of the RRN accounted for over 20% of all complaints about misuse of personal information. Under Korea’s new Personal Information Protection Act of 2011, unique identifiers the including RRN may not be processed without consent and explicit legislative approval. Alternative means of identification other than the RRN must now be provided by processors where individuals are subscribing to web-based services.
The article concludes with parallels between developments in Korean and European data protection.