South Korea's Personal Information Protection Act

 

South Korea's Personal Information Protection Act

In light of the Fourth Industrial Revolution, it is imperative to establish societal norms concerning the secure utilization of personal information and the advancement of emerging industries such as Artificial Intelligence (AI), Cloud Computing, and the Internet of Things (IoT), all of which rely on data as their fundamental resource. Consequently, the regulations entail guidelines for processing personal information that align with global standards, encompassing both public and private sectors. These regulations aim to safeguard the sanctity of individuals' private lives by reinforcing measures to alleviate harm resulting from personal information breaches, as well as ensuring the right to personal information and profitability.

This legislation embodies principles for handling personal data that are widely recognized internationally. The legislation drew upon eight principles of personal information protection from the 1980 「OECD Privacy Guidelines」, the 「Personal Information Protection Directive」 (95/46/EC, 1995) which established the legislative standards for EU member states, and the 2018 「General Personal Information Protection Act」 (GDPR). The legislation also considered the 2004 「APEC Privacy Principles」, for which Korea played a crucial role in the enactment process. Moreover, the legislation referred to the detailed principles of personal information protection in the 「Personal Information Protection Acts」 of the United Kingdom, Sweden, Canada, Hong Kong, Australia, and New Zealand.

The objective of this Act is to safeguard the freedom and rights of individuals by specifying matters concerning the processing and protection of personal information and to promote the dignity and worth of individuals. To this end, the legislation outlines fundamental principles of personal information processing, including the collection, use, and provision of personal information, procedures and methods for handling personal information, restrictions on personal information processing, management and supervision for safe processing of personal information, rights of information subjects, and remedies for personal information rights infringement. The Constitutional Court of the Republic of Korea has recognized the protection of personal information as a fundamental right derived from the first sentence of Article 10 of the 「Constitution of the Republic of Korea」, which ensures human dignity and worth, the right to pursue happiness, and privacy and freedom guaranteed under Article 17. Additionally, the Constitution guarantees the 'right to self-determination of personal information' as a basic right.

• Constitution Of The Republic Of Korea
• Article 10: All citizens shall be assured of human worth and dignity and have the right to pursuit of happiness. It shall be the duty of the State to confirm and guarantee the fundamental and inviolable human rights of individuals.
• Article 17: The privacy of no citizen shall be infringed.

The complete text of the Korea Personal Information Protection Act is accessible at the following website: https://elaw.klri.re.kr/kor_service/lawView.do?hseq=53044&lang=ENG.