SOUTH KOREA Law and Practice Contributed by: Brian Tae-Hyun Chung, Haewon Han, Ari Yoon and Jisoo Yoo, Kim & Chang
Kim & Chang 39, Sajik-ro 8-gil Jongno-gu Seoul 03170 Korea Tel: +82 2 3703 1114 Fax: +82 2 737 9091/9092 Email: lawkim@kimchang.com Web: www.kimchang.com
1. Legal and Regulatory Framework 1.1 Overview of Data and Privacy- Related Laws The Personal Information Protection Act (PIPA) is the overarching privacy legislation in Korea. Other statutes governing particular types of per - sonal information include the Credit Information Use and Protection Act (the “Credit Information Act”) and the Act on the Protection and Use of Location Information (the “Location Information Act”). The Act on Promotion of Information and Communications Network Utilisation and Infor - mation Protection, etc (the “Network Act”) also deals with some privacy issues, such as sending advertising information, appointing a Chief Infor - mation Security Officer and issuing certification for information security management systems. While Korean constitutional law does not expressly guarantee rights related to personal information, the Constitutional Court’s position is that the right to self-determination of person - al information derives from general personality rights and the right to privacy and freedom and is thus protected under the Constitution.
The National Assembly passed the proposed bill for the Framework Act on the Development of Artificial Intelligence and the Establishment of a Foundation for Reliability (the “AI Framework Act”), which is set to take effect in the first half of 2026. This statute is Korea’s first foundational law in the field of artificial intelligence, aiming to ensure transparency and safety by imposing various obligations on AI service providers. 1.2 Regulators The key regulators are as follows: • Personal Information Protection Commission (PIPC) (in charge of enforcing the PIPA) • Korea Communications Commission (KCC) (in charge of enforcing the Network Act and the Location Information Act); • Korea Internet & Security Agency (KISA) (con - ducts tasks related to information security as delegated by the PIPC and the KCC); • Financial Services Commission (FSC) (in charge of enforcing the Credit Information Act); and • Ministry of Science and ICT (MSIT) (in charge of enforcing the AI Framework Act).
388 CHAMBERS.COM
Powered by FlippingBook