SOUTH KOREA Law and Practice Contributed by: Brian Tae-Hyun Chung, Haewon Han, Ari Yoon and Jisoo Yoo, Kim & Chang
Location Information Issues In Korea, the use of location information is gov - erned by the Location Information Act. The Location Information Act is particularly relevant when collecting and using location data in IoT services, such as connected cars. • Location Information Business (LIB): This refers to businesses that directly collect loca - tion information and provide it to location- based service providers, such as mobile carriers and mobile OS providers. Businesses that collect personal location information and supply it to LBS operators must register as LIBs. • Location-Based Services (LBS): These are services provided based on location informa - tion obtained from an LIB operator. Examples include app service providers that use loca - tion data already collected by an LIB. Service providers using personal location information must report their activities as LBS. Both LIBs and LBSs are required to obtain consent for processing personal location infor - mation and implement protective measures to safeguard this information, as mandated by the Location Information Act. 3.2 Interaction of Data Regulation and Data Protection With the rapid advancement of technologies and the emergence of new challenges, South Korean legal and regulatory bodies are actively working to maximise the opportunities these technolo - gies offer while minimising the associated risks to personal information. These efforts are taking place on multiple levels. • Guideline development: Regulatory bodies strive to maintain legal stability and predict - ability by developing issue-specific guide -
and Promotion of Use allows the government to support the establishment of data distribu - tion and transaction systems. • General laws (eg, PIPA) will apply for other issues. • Sensitive information processing: The PIPA identifies biometric information, a type of sensitive information, as requiring special handling. This includes information gener - ated to identify specific individuals through technical means, such as fingerprints. The PIPA requires separate consent for process - ing such information and mandates enhanced protections like encryption. Companies using biometric data for IoT services must adhere to these requirements. The PIPC is actively working on improving sys - tems to balance protection and use of biometric information, so it is important to stay updated on regulatory changes. • Issues such as wiretapping: Korean law restricts recording and listening to conversa - tions among unspecified individuals. IoT ser - vices need to ensure compliance with these restrictions to avoid violations. (a) Protection of Communications Secrets Act: Prohibits unauthorised wiretapping and recording of undisclosed conversa - tions. (b) Network Act: Forbids damaging, misap - propriating, or divulging others’ informa - tion processed through a communications network. (c) Korean Criminal Code: Deems it illegal to obtain confidential documents or elec - tronic records through technical means without authorisation.
394 CHAMBERS.COM
Powered by FlippingBook