SOUTH KOREA Law and Practice Contributed by: Brian Tae-Hyun Chung, Haewon Han, Ari Yoon and Jisoo Yoo, Kim & Chang
• In 2022, the PIPC imposed an administra - tive penalty totalling approximately KRW100 billion on two online platforms for failing to obtain legitimate user consent when process - ing personal information for targeted advertis - ing. • In 2023, the KCC issued a corrective order and an administrative fine totalling KRW16.5 million to five child monitoring app provid - ers. These services, which track children’s locations for parents, violated the Location Information Act by not obtaining consent from children under 14 themselves or notify - ing them of the provision details. The PIPA, which has similar consent requirements, was interpreted to not necessitate consent from children under 14, leading to no penalties being imposed under the PIPA to prevent misguiding businesses. • In May 2024, the PIPC imposed an admin - istrative penalty of approximately KRW7.5 billion and an administrative fine of KRW5.4 million in a case where personal information of over 2.21 million users was leaked. Addi - tionally, an administrative penalty of approxi - mately KRW15.1 billion and an administrative fine of KRW7.8 million were imposed in a case involving leaks of anonymous chat room users’ information. These cases involved the application of the amended PIPA, which raised penalty limits, with the latter case marking the largest fine ever imposed for a personal information leak by PIPC. • In July 2024, the PIPC fined a Chinese e-commerce service provider an administra - tive penalty of approximately KRW2 billion and an administrative fine of KRW7.8 million for failing to secure user consent for overseas transfers of personal information and not including necessary data protection measures in seller agreements. This case highlighted that overseas providers are subject to the
level of regulation required of domestic ser - vice providers to ensure robust protections for managing personal information. 1.5 AI Regulation The AI Framework Act was passed by the National Assembly on 26 December 2024. This legislation establishes obligations for providers of high-impact, production-type, and high-per - formance AI services to ensure safety and trans - parency. Key provisions include the following. • Extraterritorial regulation and domestic agent system: The AI Framework Act can apply to actions taken outside Korea if they affect the Korean market or users. AI service providers without a business presence in Korea must designate a domestic agent and report to the Minister of Science and ICT if they meet certain criteria. • Obligations for high-impact AI: AI business operators providing high-impact AI prod - ucts or services using such technology are required to pre-assess their AI technology to determine whether it is high-impact, give advance notice to users, implement com - prehensive safety and reliability measures to ensure no undue risk, and possibly conduct an impact assessment on individuals’ fun - damental rights and provide explanations to individuals affected by high-impact AI of the logic and principles behind AI-generated outcomes. • Obligations for generative AI: AI business operators which offer products or services using generative AI technology are required to give advance notice to users that the prod - ucts or services are powered by generative AI, label products or services as being cre - ated by generative AI, and clearly label deep fake content.
390 CHAMBERS.COM
Powered by FlippingBook