Advanced Search

Act On Promotion Of Information And Communications Network Utilization And Information Protection, Etc.


Published: 2012-02-17

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
CHAPTER I GENERAL PROVISIONS
law view
 Article 1 (Purpose)   print
The purpose of this Act is to contribute to the improvement of citizens‘ lives and the enhancement of public welfare by facilitating utilization of information and communications networks, protecting personal information of people using information and communications services, and developing an environment in which people can utilize information and communications networks in a sounder and safer way.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 2 (Definitions)   print
(1) The definitions of terms used in this Act shall be as follows: <Amended by Act No. 7139, Jan. 29, 2004; Act No. 8289, Jan. 26, 2007; Act No. 8778, Dec. 21, 2007; Act No. 9119, Jun. 13, 2008; Act No. 10166, Mar. 22, 2010>
1. The term "information and communications network" means an information and communications system for collecting, processing, storing, searching, transmitting or receiving information by means of telecommunications facilities and equipment under subparagraph 2 of Article 2 of the Telecommunications Business Act or by utilizing computers and applied computer technology along with such telecommunications facilities and equipment;
2. The term "information and communications services" means the telecommunications services under subparagraph 6 of Article 2 of the Telecommunications Business Act and services of providing information or intermediating the provision of information by utilizing such telecommunications services;
3. The term "providers of information and communications services" means the telecommunications business operators under subparagraph 8 of Article 2 of the Telecommunications Business Act and other persons who provide information or intermediate the provision of information for profit by utilizing services rendered by a telecommunications business operator;
4. The term "users" means the persons who use information and communications services rendered by providers of information and communications services;
5. The term "electronic document" means data prepared and transmitted, received, or stored electronically in a standardized form of document by a device capable of processing information, such as a computer;
6. The term "personal information" means the information pertaining to an individual alive, which contains information identifying a specific person with a name, a national identification number, or similar in a form of code, letter, voice, sound, image, or any other form (including information that does not, by itself, make it possible to identify a specific person but that enables to identify such person easily if combined with another information);
7. The term "intrusion" means an event that occurs due to an attack to an information and communications network or an information system related to such a network by means of hacking, computer viruses, logic bombs, mail bombs, denial of service, high-power electromagnetic wave, etc.;
8. The term "information protection industry" means businesses for the development, production, or distribution of products for information protection or an industry related to consulting services, etc. for information protection;
9. The term "open message board" means, regardless of its name, a computer program or a technical device with which users can publish information in a form of code, letter, voice, sound, image, motion picture, or any other form purposely to disclose the information to the public by using an information and communications network;
10. The term "telecommunications billing services" means information and communications services to perform the following business activities:
(a) Business activities of billing and collecting prices for goods or services sold or rendered by other person (hereinafter referred to as "goods or services") together with charges for the telecommunications services rendered by oneself;
(b) Business activities of transmitting and receiving information of transactions electronically so that prices for goods or services sold or rendered by other person can be billed or collected together with charges for the telecommunications services rendered by oneself, or settling, on behalf of another person, or intermediating payments for such prices;
11. The term "provider of telecommunications billing services" means a person who renders telecommunications billing services with the registration under Article 53;
12. The term "user of telecommunications billing services" means a person who purchases or uses goods or services by using telecommunications billing services rendered by a provider of telecommunications billing services.
(2) Except as provided for in paragraph (1), definitions of terms used in this Act shall be governed by the Framework Act on Informatization Promotion. <Amended by Act No. 9119, Jun. 13, 2008>
law view
 Article 3 (Responsibilities of Providers and Users of Information and Communications Services)   print
(1) Every provider of information and communications services shall contribute to protection of rights and interests of users and enhancement of abilities to use information by protecting personal information of users and providing information and communications services in a sounder and safer way.
(2) Every user shall make efforts to help to establish a healthier information society.
(3) The Government may provide support to organizations composed of providers or users of information and communications services for their activities for protecting personal information and protecting juvenile in information and communications networks.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 4 (Preparation of Policy on Promotion of Utilization of Information and Communications Networks and Protection of Information)   print
(1) The Minister of Knowledge Economy or the Korea Communications Commission shall prepare a policy for establishing a solid foundation for an information society through the promotion of utilization of information and communications networks, the stable management and operation of such networks, the protection of personal information of users, and other related activities (hereinafter referred to as "promotion of utilization of information and communication networks, the protection of information, or other related matters"). <Amended by Act No. 10465, Mar. 29, 2011>
(2) The policy under paragraph (1) shall contain descriptions of the following matters:
1. Development and dissemination of technology related to the information and communications networks;
2. Standardization of information and communications networks;
3. Promotion of the use of information and communications networks, including the development of contents of information and applied service for information and communications networks under Article 11;
4. Facilitation of sharing information through information and communications networks;
5. Promotion of use of internet;
6. Protection of personal information collected, processed, stored and used via information and communications networks, and development and dissemination of technology related thereto;
7. Protection of juvenile in information and communications networks;
8. Enhancement of safety and reliability of information and communications networks; and
9. Other matters necessary for the promotion of utilization of information and communications networks, the protection of information, or other related matters.
(3) The Minister of Knowledge Economy or the Korea Communications Commission shall, when he/she prepares the policy under paragraph (1), ensure that the policy conforms to the basic plan for facilitation of informatization under Article 5 of the Framework Act on Informatization Promotion. <Amended by Act No. 10465, Mar. 29, 2011>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 5 (Relations to Other Acts)   print
Except as otherwise provided for in any other Act, the promotion of utilization of information and communications networks, the protection of information, or other related matters shall be governed by the provisions of this Act: Provided, That this Act shall take precedence over the Electronic Financial Transactions Act, in cases where a provision of this Act and a provision of the Electronic Financial Transactions Act are applicable to the telecommunications billing service under Chapter VII.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
CHAPTER II PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK
law view
 Article 6 (Promotion of Development of Technology)   print
(1) The Minister of Knowledge Economy may engage the relevant research institute, as prescribed by Presidential Decree, to carry out a project for research and development, technical cooperation, transfer of technology, technical guidance, or similar, in order to promote the development of technology and equipment related to information and communications networks.
(2) The Government may subsidize a research institute that carries out a project for research and development or similar in accordance with paragraph (1) for all or part of the cost and expenses incurred in such project.
(3) Necessary matters concerning the disbursement and management of cost and expenses under paragraph (2) shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 7 (Management and Dissemination of Technology-Related Information)   print
(1) The Minister of Knowledge Economy shall manage, systematically and comprehensively, the information pertaining to technology and equipment related to information and communications networks (hereafter referred to as "technology-related information" in this Article).
(2) The Minister of Knowledge Economy may, if necessary for managing technology-related information systematically and comprehensively, demand the relevant administrative agency and a national or public research institute to furnish him/her with data relevant to technology-related information. In such cases, the head of such agency or institute shall, upon receiving such request, comply with the request, unless any particular reason exists otherwise.
(3) The Minister of Knowledge Economy shall carry out projects for dissemination of technology-related information, so that technology-related information can be utilized promptly and easily.
(4) Necessary matters concerning the scope of technology and equipment related to information and communications networks, which shall be disseminated pursuant to paragraph (3), shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 8 (Standardization and Certification of Information and Communications Networks)   print
(1) The Minister of Knowledge Economy shall establish and publicly notify the standards for information and communications networks in order to promote the use of information and communications networks, and may recommend providers of information and communication services or the persons who manufacture or supply products related to information and communications networks to use the standards: Provided, That the matters for which the Korea Industrial Standards under Article 12 of the Industrial Standardization Act have already been established shall be governed by such standards.
(2) A person who manufactures or supplies a product related to information communications in conformity with the standards publicly notified pursuant to paragraph (1) may put on the product a mark stating that the product conforms to the standards, subject to the prior certification of the certifying institution under Article 9 (1).
(3) In cases where a product falls under the proviso to paragraph (1) and the certification under Article 15 of the Industrial Standardization Act has been already given to the product, the product shall be deemed to have been certified pursuant to paragraph (2).
(4) No person but those who hold the certification under paragraph (2) may put a mark showing that his/her product conforms to the standards or put any similar mark, nor may sell a product with any similar mark or display such a product for purposes of selling it.
(5) The Minister of Knowledge Economy may order a person, who sold a product in violation of paragraph (4) or displays such a product for purposes of selling it, to collect and recall the product or to obtain certification to put such a mark, or may take any other corrective measure as may be necessary.
(6) Necessary matters concerning the subject matters of the standardization, the method and procedure for such standardization, and a mark of certification under paragraphs (1) through (3), and the collection, recall, corrective measures, etc. under paragraph (5) shall be prescribed by Ordinance of the Ministry of Knowledge Economy.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 9 (Designation of Certifying Institutions)   print
(1) The Minister of Knowledge Economy may designate an institution to authorize it to certify products related to information and communications networks (hereinafter referred to as a "certifying institution"), which are manufactured or supplied by a person, and conforming to the standards publicly notified pursuant to the main sentence of Article 8 (1).
(2) The Minister of Knowledge Economy may, if a certifying institution falls under any of the following subparagraphs, revoke the designation or order it to suspend its business for a prescribed period of time not exceeding six months: Provided, That the Minister of Knowledge Economy shall revoke the designation of a certifying institution without an exception, if it falls under subparagraph 1:
1. If the institution obtained the designation by deceit or in any other fraudulent means;
2. If the institution has not continued its certifying business for one year or longer without a justifiable reason; and
3. If the institution fails to meet the standards for designation under paragraph (3).
(3) Necessary matters concerning the standards and procedures for designation of a certifying institution, the criteria for revocation of designation and suspension of business under paragraphs (1) and (2), and other related matters shall be prescribed by Ordinance of the Ministry of Knowledge Economy.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 10 (Support for Development of Contents of Information)   print
With an aim of securing national competitiveness and promoting public interest, the Government may provide support, financial, technical, or otherwise, to the persons who develop contents of information worthwhile to distribute through information and communications networks.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 11 (Promotion of Development of Applied Services for Information and Communications Networks)   print
(1) The Government may provide support, financial, technical, or otherwise as may be necessary, to any State organ, local government, public institution that develops and operates applied services for improving efficiency in processing its business affairs or automatizing or upgrading process of its business affairs by utilizing information and communications network (hereinafter referred to as "applied services for information and communications networks").
(2) The Government may provide support, financial, technical, or otherwise as may be necessary, to private sector with an aim of facilitating the development of applied services for information and communications networks by private sector and shall take the following measures for raising technical human resources necessary in developing applied services for information and communications networks:
1. Support for internet education conducted by schools in various levels and other educational institutions;
2. Extension of internet education for citizens;
3. Support to projects for raising technical human resources specializing in information and communications networks;
4. Establishment of and support to institutions for raising technical human resources specializing in information and communications networks;
5. Support for development and dissemination of educational programs for utilizing information and communications networks;
6. Support for establishment of the technical qualification system related to information and communications networks and support for supply of technical human resources specializing in information and communications networks on demand; and
7. Other matters necessary for raising technical human resources related to information and communications networks.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 12 (Establishment of System for Sharing Information)   print
(1) The Government may encourage information and communication networks to build up a system for sharing information through linked operation and standardization of information and communications networks or in any other way so that the networks can be utilized efficiently.
(2) The Government may provide support, financial, technical, or otherwise as may be necessary, to any person who builds up a system for sharing information under paragraph (1).
(3) Necessary matters concerning the encouragement and support under paragraphs (1) and (2) shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 13 (Projects for Promoting Utilization of Information and Communications Networks)   print
(1) The Minister of Knowledge Economy may implement projects designed to promote efficient utilization and dissemination of technology, equipment, and applied services related to information and communications networks, as prescribed by Presidential Decree, in order to promote the utilization of information and communications networks in various areas of public service, local communities, industry, life, and social welfare and eliminate gaps in accessibility to information.
(2) The Government may provide support, financial, technical, or otherwise as may be necessary, to the persons who participate in the projects under paragraph (1).
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 14 (Proliferation of Internet)   print
The Government shall induce public and private sectors to utilize internet facilities available in public and private sectors so that internet can be proliferated, expand the user base for internet through education and public relations activities on internet, and prepare and enforce a policy to eliminate gaps in accessibility to internet between localities, genders, and ages.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 15 (Improvement of Quality of Internet Service)   print
(1) The Minister of Knowledge Economy shall prepare and enforce a policy to protect rights and interests of users of internet service and to ensure improvement of quality of internet service and stable availability of internet service.
(2) The Minister of Knowledge Economy may, if deemed necessary for enforcing the policy under paragraph (1), prescribe and publicly notify the standards for measuring and assessing the quality of internet service, hearing opinions of organizations of providers and users of information and communications services and others.
(3) Every provider of information and communications services may voluntarily assess the current status of quality of its internet service in accordance with the standards under paragraph (2) and notify the results thereof to users.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Articles 16 and 17 Deleted. <by Act No. 7142, Jan. 29, 2004>   print
CHAPTER III UTILIZATION OF ELECTRO-NIC DOCUMENTS THROUGH ELECTRONIC DOCUMENT RELAY
law view
 Article 18 (Processing of Documents by Electronic Document Relay)   print
(1) The head of a State organ or a local government shall, when he/she intends to process permit, authorization, approval, registration, report, application, or similar provided for in Acts and subordinate statutes (hereafter referred to as "permit or similar" in this Article) by electronic document through a person who runs facilities for relaying electronic documents (hereinafter referred to as "electronic document relay"), prescribe and publicly notify necessary matters, including business affairs concerned and the electronic document relay, as prescribed by Presidential Decree.
(2) An electronic document processed pursuant to paragraph (1), letters representing the name of the issuer in the document, and officially certified digital signature therein under subparagraph 3 of Article 2 of the Digital Signature Act shall be deemed a document under relevant Acts and subordinate statutes and the signature put and seal affixed duly on such electronic document.
(3) A permit or similar processed by electronic document pursuant to paragraph (1) shall be deemed to have been processed in accordance with the procedure prescribed in relevant Acts and subordinate statutes.
(4) Necessary matters concerning the requirements and procedure for designation of an electronic document relay shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 19 (Time of Dispatch or Reception of Electronic Document)   print
(1) It shall be deemed that an electronic document is dispatched at the time when it is input into a computer under control of any person other than the person who prepared the document or an agent of the person who prepared it.
(2) It shall be deemed that an electronic document is received at the time when the document falls under any of the following subparagraphs:
1. When it is input into a designated computer, if there is a computer designated by the addressee for receiving the electronic document: Provided, That it shall be deemed that it is received at the time when the electronic document is output, if it has been input to any computer other than the designated computer; and
2. When it is input into a computer under control of the addressee, if there is no computer designated by the addressee for receiving the electronic document.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 20 (Presumption of Contents of Electronic Document)   print
(1) If a dispute arises between parties or interested parties over contents of an electronic document, it shall be presumed that the electronic document contains the descriptions of the electronic document recorded in the relevant file in the computer of the relevant electronic document relay.
(2) Every electronic document relay shall preserve electronic documents in accordance with Article 19 of the Act on the Management of Public Archives.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 21 (Restriction on Disclosure of Electronic Documents)   print
No electronic document relay may disclose to the public an electronic document processed by its facilities for relaying electronic documents or any record related thereto, unless it discloses it in compliance with due process or there is consent of the sender and addressee of the electronic document.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
CHAPTER IV PROTECTION OF PERSONAL INFORMATION
SECTION 1 Collection, Use, and Provision of Personal Information
law view
 Article 22 (Consent to Collection and Use of Personal Information)   print
(1) A provider of information and communications services shall, whenever it intends to collect personal information of a user purposely to use it, notify the user of the following matters and obtain consent from the user. The same shall apply in cases where it intends to change any of the following matters:
1. Purposes of collection and use of the personal information;
2. Items of personal information that it intends to collect; and
3. Period of time during which it intends to possess and use the personal information.
(2) A provider of information and communications services may collect and use personal information of a user without the consent under paragraph (1) in any of the following cases:
1. If the personal information is necessary in performing the contract on provision of information and communications services, but it is obviously difficult to get consent in an ordinary way due to any economic or technical reason;
2. If it is necessary in settling the payment for charges on the information and communication services rendered; and
3. If a specific provision exists in this Act or any other Act otherwise.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 23 (Restrictions on Collection of Personal Information)   print
(1) No provider of information and communications services may collect personal information of a person, such as ideology, faith, and past medical record, which is anticipated to otherwise intrude seriously upon a right, an interest, or privacy of the person: Provided, That it may collect such personal information if it obtains consent of the user in accordance with Article 22 (1) or it is specifically allowed by any other Act to collect the personal information.
(2) Every provider of information and communications services shall, whenever it collects personal information of a user, limit the extent of collection of personal information to the minimum information required for providing the information and communications services, and shall not refuse to render the information and communications services on the ground that the relevant user does not furnish his/her personal information in addition to the minimum information required.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 23-2 (Restriction on Use of Resident Registration Numbers)   print
(1) Other than the cases falling under any of the following subparagraphs, a provider of information and communications services may not collect/use users’ resident registration numbers: <Amended by Act No. 10560, Apr. 5, 2011>
1. Where the provider is designated as the identification service agency pursuant to Article 23-3;
2. Where collection/use of users’ resident registration numbers is authorized by Acts and subordinate statutes;
3. Where the Korea Communications Commission publicly announces for the provider of information and communications services who inevitably collects/uses users’ resident registration numbers for his/her business purposes.
(2) Even where the collection/use of users’ resident registration numbers is authorized pursuant to paragraph (1) 2 or 3, an identification method without using the users’ resident registration numbers (hereinafter referred to as “alternative method”) shall be provided.
[Wholly Amended by Act No. 11322, Feb. 17, 2012]
law view
 Article 23-3 (Designation of Identification Service Agency, Etc.)   print
(1) The Korea Communications Commission may, after reviewing the matters under each of the following subparagraphs, designate a person as an identification service agency who is deemed competent to safely and reliably perform the affairs of development, provision and administration of the alternative method (hereinafter referred to as “identification affairs”):
1. A plan for physical/technological/administrative measures in order to secure safety of the identification affairs;
2. Technological/financial capability necessary for performing the identification affairs;
3. Appropriateness of scale of the facilities relevant to the identification affairs.
(2) When the identification service agency intends to suspend all or part of identification affairs, it shall determine and notify a suspension period to the users no later than 30 days prior to the intended date of suspension and shall report the same to the Korea Communications Commission. In this case, the suspension period shall not exceed six months.
(3) When the identification service agency intends to discontinue the identification affairs, it shall notify the intention to the users no later than 60 days prior to the intended date of discontinuation and shall report the same to the Korea Communications Commission.
(4) Necessary matters concerning the detailed standards of review and the designation procedure for each item to be reviewed under paragraph (1), suspension or discontinuation of the identification affairs under paragraphs (2) and (3) and other matters shall be determined by Presidential Decree.
[This Article Newly Inserted by Act No. 10560, Apr. 5, 2011]
law view
 Article 23-4 (Suspension of Identification Affairs and Cancelation of Designation of Identification Service Agency)   print
(1) When the identification service agency falls under any of the following subparagraphs, the Korea Communications Commission may determine the period of suspension within six months and order suspension of all or part of the identification affairs, or cancel designation of identification service agency: Provided, That in cases where falling under subparagraph 1 or 2, the Korea Communications Commission shall cancel designation of identification service agency:
1. Where an identification service agency is designated by falsity or other fraudulent methods;
2. Where a person who has received the order for suspension of identification affairs fails to suspend the affairs in violation of the order;
3. Where a person fails to start the identification affairs within six months from the date of being designated, or suspend the affairs continuously for six months or more;
4. Where it becomes not suitable for the standard of designation pursuant to Article 23-3 (4).
(2) Standards and procedures for any dispositions pursuant to paragraph (1) and other necessary matters shall be determined by Presidential Decree.
[This Article Newly Inserted by Act No. 10560, Apr. 5, 2011]
law view
 Article 24 (Restriction on Use of Personal Information)   print
No provider of information and communications services may use personal information collected in accordance with Article 22 and the proviso to Article 23 (1) for any purpose other than the purpose consented by the relevant user or the purpose specified in any subparagraph of Article 22 (2).
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 24-2 (Consent to Provision of Personal Information)   print
(1) Every provider of information and communications services shall, whenever it intends to furnish a third party with personal information of a user, notify the user of all the following matters and obtain consent from the user, except as provided for in Article 22 (2) 2 and 3. The same shall apply in cases where there is a change in any of the following matters:
1. The person to whom the personal information is furnished;
2. Purposes of use of the personal information of the person to whom the personal information is furnished;
3. Items of the personal information furnished; and
4. Period of time during which the person to whom the personal information is furnished will possess and use the personal information.
(2) A person who received any personal information of a user from a provider of information and communications services in accordance with paragraph (1) shall not furnish the personal information to a third party or use it for any purpose other than the purpose originally contemplated at the time when the information was furnished, unless there is consent of the user or there is a specific provision in any other Act otherwise.
(3) When the provider, etc. of information and communications services under Article 25 (1) receives the consent to furnishing user’s information under paragraph (1) and to the entrustment of handling of personal information under Article 25 (1), it shall receive such consent apart from receiving the consent to collection/use of personal information pursuant to Article 22, and shall not refuse provision of its service on the ground of a user’s refusal of aforementioned consent. <Newly Inserted by Act No. 10560, Apr. 5, 2011>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 25 (Entrusted Handling of Personal Information)   print
(1) A provider of information and communications services or a person who received personal information of users from the provider of information and communications services in accordance with Article 24-2 (1) (hereinafter referred to as a "provider of information and communications services or similar") shall, if it intends to entrust a third party with handling of business affairs related to personal information (hereinafter referred to as "entrusted handling of personal information") to let the third party perform collection, safekeeping, use, processing, provision, management, destruction, and similar disposition of the personal information of users (hereinafter referred to as "handling"), notify the users of all the following matters and shall obtain consent of the users. The same shall apply in cases where there is a change in any of the following matters:
1. The person to whom the handling of personal information is to be entrusted (hereinafter referred to as a "trustee"); and
2. Details of the business affairs subject to the entrusted handling of personal information.
(2) A provider of information and communications services or similar may omit the procedure for notification and consent under paragraph (1) for entrusted handling of personal information, in cases where the personal information is required for performing the contract on provision of the information and communications services and where all the matters under subparagraphs of paragraph (1) have been disclosed to the public under Article 27-2 (1) or notified to users in a manner prescribed by Presidential Decree, such as by electronic mails. The same shall apply in cases where there is a change in a matter under any subparagraph of paragraph (1).
(3) A provider of information and communications services or similar shall, when it entrusts the handling of personal information to someone else, define the scope of purposes, in advance, within which the trustee is allowed to handle personal information of users, and the trustee shall not handle the personal information of users in defiance of the scope of purposes.
(4) A provider of information and communications services or similar shall control and supervise the trustee to ensure that the trustee does not violate any provision of this Chapter.
(5) If the trustee violates any provision of this Chapter in connection with the business affairs related to the entrusted handling of personal information and inflicts damages upon a user, the trustee shall be deemed an employee of the provider of information and communications services or similar in determining liability for such damages.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 26 (Transfer of Personal Information Following Transfer of Business)   print
(1) In cases where a provider of information and communications services or similar transfers personal information of users to another person due to transfer of business, in whole or in part, merger, or any similar cause, it shall notify the users of all the following matters by publishing them on its internet homepage or by electronic mail or any other means specified by Presidential Decree:
1. The fact that the personal information is to be transferred;
2. The name (referring to the name of a legal entity, if the person is a legal entity; hereafter the same shall apply in this Article), address, and telephone number of the person to whom the personal information is to be transferred (hereinafter referred to as a "transferee of business or similar"), and other contact information of the person; and
3. The method and procedure available for revocation of consent, in cases where a user does not want his/her personal information transferred to someone else.
(2) A transferee of business or similar shall, upon receiving personal information transferred, notify the users of the fact without delay by publishing it on his/her internet homepage or by electronic mail or any other means specified by Presidential Decree: Provided, That the same shall not apply in cases where the relevant provider of information and communications services or similar has already notified the transfer in accordance with paragraph (1).
(3) A transferee of business or similar may use or furnish personal information only within the scope of purposes originally defined for which any provider of information and communications services or similar uses or furnishes the personal information of users: Provided, That the same shall not apply in cases where it obtain consent from users additionally.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 26-2 (Method Applicable in Obtaining Consent)   print
The method applicable in obtaining the consent under Article 22 (1), the proviso to Article 23 (1), Article 24-2 (1) or (2), Article 25 (1), the proviso to Article 26 (3), or Article 63 (2) (hereinafter referred to as "consent to collection, use, provision, and similar disposition of personal information") shall be prescribed by Presidential Decree, considering media for collection of personal information, peculiarities of each type of business, number of users, and other related factors.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
SECTION 2 Management and Destruction of Personal Information
law view
 Article 27 (Designation of Person Responsible for Management of Personal Information)   print
(1) Every provider of information and communications services or similar shall designate a person responsible for management of personal information so that he/she protects the personal information of users and process complaints from users in connection with the personal information: Provided, That a provider of information and communications services or similar may, if it falls under the criteria prescribed by Presidential Decree for the number of employees, number of users, and other related matters, omit such designation.
(2) If a provider of information and communications services or similar does not designate a person responsible for management of personal information under the proviso to paragraph (1), the business owner or representative of the provider or similar shall be the person responsible for personal information.
(3) The qualification requirements for a person responsible for management of personal information and other matters necessary for designation of such person shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 27-2 (Public Disclosure of Policy on Handling Personal Information)   print
(1) Every provider of information and communications services or similar shall, when it handles personal information of users, establish and disclose its policy on handling personal information to the public in a manner specified by Presidential Decree so that users become aware of the policy easily at any time.
(2) The policy on handling personal information under paragraph (1) shall include descriptions of all the following matters: <Amended by Act No. 11322, Feb. 17, 2012>
1. Purposes of collection and use of personal information, items of personal information collected, and methods of collection;
2. The name of the person (referring to the name of a legal entity, if the person is a legal entity) to whom personal information is furnished, if the personal information is furnished to a third party, purposes of use of the person to whom the personal information is furnished, and items of the personal information furnished;
3. The period of time during which the personal information is possessed and used, and the procedure and method for destruction of the personal information (including the ground for preservation and items of preserved personal information, if it is required to preserve the personal information in accordance with the proviso to the part above subparagraphs of Article 29 (1));
4. Details of business affairs subject to the entrusted handling of personal information and the trustee (they shall be included in the policy on handling, only where this subparagraph is applicable);
5. Rights of users and their legal representatives and methods for the exercise of such rights;
6. Matters concerning installation, operation, and denial of a device that collect personal information automatically, such as an information file for access to internet; and
7. The name and address of the person responsible for management of personal information or the department responsible for business affairs related to the protection of personal information and processing related complaints and other contact information of such person or department.
(3) Every provider of information and communications services or similar shall, when it revises the policy on handling personal information under paragraph (1), give public notice of the reasons for and details of such revision without delay in a manner specified by Presidential Decree, and take measures to make users aware of the details of the revision easily at any time.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 27-3 (Notification/Report on Disclosure of Personal Information)   print
(1) When the provider of information and communications services or similar becomes aware of loss, theft or leakage of personal information (hereinafter referred to as “leakage, etc.”), he/she shall without delay inform the concerned users of all the matters under each of the following subparagraphs and report the same to the Korea Communications Commission: Provided, That other measures in lieu of the aforementioned notification may be made as prescribed by Presidential Decree in cases where users’ contact information is unknown or other justifiable reasons exist:
1. Each item of the personal information exposed to the leakage, etc.;
2. The time when the leakage, etc. occurs;
3. Measures available for users to take;
4. Countermeasures to be taken by the provider of information and communications services or similar;
5. Responsible departments and contact information to be used for the users who seek consultation, etc. to submit their application for such consultation.
(2) Necessary matters for method and procedure, etc. of the notification and report pursuant to paragraph (1) shall be determined by Presidential Decree.
(3) The provider of information and communications services or similar shall prepare countermeasures against the leakage, etc. of personal information, and shall seek for measures to minimize any damage thereof.
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012]
law view
 Article 28 (Protective Measures for Personal Information)   print
(1) Every provider of information and communications services or similar shall, when it handles personal information of users, take the following technical and administrative measures in accordance with the guidelines prescribed by Presidential Decree to prevent loss, theft, leakage, alteration, or mutilation of personal information:
1. Establishment and implementation of an internal control plan for handling personal information in a safe way;
2. Installation and operation of an access control device, such as a system for blocking intrusion to cut off illegal access to personal information;
3. Measures for preventing fabrication and alteration of access records;
4. Measures for security by using encryption technology and other methods for safe storage and transmission of personal information;
5. Measures for preventing intrusion of computer viruses, including installation and operation of vaccine software;
6. Other protective measures necessary for securing safety of personal information.
(2) Every provider of information and communications services or similar shall restrict the persons who may handle users' personal information to the minimum extent.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 28-2 (Prohibition on Disclosure of Personal Information)   print
(1) A person who handles or has ever handled personal information of users shall not mutilate, intrude on, or divulge personal information that he/she learned in the course of performing his/her duty.
(2) No one shall knowingly receive any divulged personal information for profit or any unlawful purpose.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 29 (Destruction of Personal Information)   print
(1) A provider of information and communications services or similar shall, if any of the following events occurs, destroy the relevant personal information without delay: Provided, That the same shall not apply where it is required to preserve the personal information in accordance with any other Act: <Amended by Act No. 11322, Feb. 17, 2012>
1. When the purpose of collection and use of personal information with consent obtained in accordance with Article 22 (1), the proviso to Article 23 (1), or Article 24-2 (1) or (2) or the purpose under any subparagraph of Article 22 (2) has been accomplished;
2. When the period of time during which it is allowed to possess and use personal information with consent obtained in accordance with Article 22 (1), the proviso to Article 23 (1), or Article 24-2 (1) or (2) ends;
3. When the period of time during which it is allowed to possess and use personal information in accordance with Article 27-2 (2) 3 ends, if the personal information has been collected and used without consent of users under Article 22 (2);
4. When the business is permanently closed down.
(2) The provider of information and communications services or similar shall, to
protect personal information of the users who do not use information and communications services for the period prescribed by Presidential Decree, take necessary measures such as destruction of personal information as prescribed by Presidential Decree. <Newly Inserted by Act No. 11322, Feb. 17, 2012>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
SECTION 3 Rights of Users
law view
 Article 30 (Rights of Users)   print
(1) Every user may, at any time, revoke his/her consent given to a provider of information and communications services or similar to allow the provider to collect, use, furnish, or dispose otherwise of his/her personal information.
(2) Every user may demand a provider of information and communications services or similar to allow him/her to inspect, or to furnish him/her with, any of the following matters about him/her, and may also demand the provider to correct an error, if there is any error:
1. Personal information of the user, which the provider of information and communications services or similar possesses;
2. The current status of personal information of the user, which has been used by the provider of information and communications services or similar or furnished to a third party;
3. The current status of personal information of the user, for which the user consented to collection, use, or furnishing of personal information by the provider of information and communications services or similar.
(3) A provider of information and communications services or similar shall, if a user revokes his/her consent in accordance with paragraph (1), take necessary measures without delay, including destruction of collected personal information.
(4) A provider of information and communications services or similar shall, upon receiving a demand for inspection or furnishing of matters in accordance with paragraph (2), take necessary measures without delay.
(5) A provider of information and communications services or similar shall, upon receiving a demand for correction of an error in accordance with paragraph (2), correct the error, notify the user of the reasons why it is unable to correct the error, if it is the case, or take any other necessary measures, and may not use or furnish the relevant personal information to someone else until it completes taking such measures: Provided, That it may furnish the personal information to someone else or use the information, if requested to furnish the personal information pursuant to any other Act.
(6) A provider of information and communications services or similar shall make how to revoke consent under paragraph (1), how to demand to allow inspection of personal information or furnish such information under paragraph (2), or how to demand correction of an error, easier than how to collect personal information.
(7) Paragraphs (1) through (6) shall apply mutatis mutandis to a transferee of business or similar. In such cases, the term "provider of information and communications services or similar" shall be construed as "transferee of business or similar."
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 30-2 (Notification of Details of Using Personal Information)   print
(1) A provider of information and communications services or similar falling under the standards determined by Presidential Decree shall periodically notify to the users the details of using personal information of such users (including details of the provision under Article 24-2 and of the entrustment of handling personal information under Article 25) in accordance with Article 22 and the proviso to Article 23 (1): Provided, That this shall not apply in cases where the provider of information and communications services or similar does not collect any contact information or other personal information that can be notified to users.
(2) Type, period and method of notifying the information to be notified to users pursuant to paragraph (1) and other matters necessary for notification of details of using such personal information shall be determined Presidential Decree.
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012]
law view
 Article 31 (Rights of Legal Representative)   print
(1) A provider of information and communications services or similar shall, if it desires to obtain consent of a chid of less than 14 years on collection, use, furnishing, and other disposition of personal information, obtain consent from his/her legal representative. In such cases, the provider of information and communications services may demand the child to furnish minimum information, such as the legal representative’s name, necessary to obtain consent from the legal representative.
(2) A legal representative may exercise rights of a user under Article 30 (1) and (2) with respect to personal information of the relevant child.
(3) Article 30 (3) through (5) shall apply to a legal representative’s revocation of consent under paragraph (2) and his/her demand for inspection or correction of an error.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 32 (Compensation for Damages)   print
Every user may, if he/she suffers any damage caused by a violation of any provision of this Chapter by a provider of information and communications services or similar, claim the provider of information and communications services or similar to compensate for such damage. In such cases, a provider of information and communications services or similar may not be discharged from liability, unless it proves that there was no intentional act nor negligence on its part.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
SECTION 4 Personal Information Dispute Mediation Committee
law view
 Articles 33 through 40 Deleted. <by Act No. 10465, Mar. 29, 2011>   print
CHAPTER V PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS
law view
 Article 41 (Preparation of Policy on Protection of Juvenile)   print
(1) The Korea Communications Commission shall prepare a policy on the following measures to protect juvenile from unwholesome information for juvenile (hereinafter referred to as "unwholesome information for juvenile"), such as information of obscenities and violence, circulated through information and communications networks:
1. Development and dissemination of content-screening software;
2. Development and dissemination of technology for protection of juvenile;
3. Education and public relations activities for protection of juvenile;
4. Other matters specified by Presidential Decree for protection of juvenile.
(2) The Korea Communications Commission may, in an effort to implement the policy under paragraph (1), support activities conducted by the Korea Communications Standards Commission under Article 18 of the Establishment and Operation of the Korea Communications Commission Act (hereinafter referred to as the "Communications Standards Commission"), organizations of providers or users of information and communications services, and other relevant specialized institutions for protection of juvenile.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 42 (Labeling of Unwholesome Media for Juvenile)   print
A person who provides information to the general public purposely to make it public through telecommunications services rendered by a telecommunications business operator (hereinafter referred to as "information provider") and who intends to provide any unwholesome medium for juvenile as defined in subparagraph 3 of Article 2 of the Juvenile Protection Act among the media under subparagraph 2 (e) of Article 2 of the aforesaid Act shall put a label indicating that the information is an unwholesome medium for juvenile by the labeling method specified by Presidential Decree. <Amended by Act No. 11048, Sep. 15, 2011>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 42-2 (Prohibition on Advertisement of Unwholesome Media for Juvenile)   print
No one may transmit, to a juvenile under subparagraph 1 of Article 2 of the Juvenile Protection Act, any information containing an advertisement of an unwholesome medium for juvenile as defined in subparagraph 3 of Article 2 of the aforesaid Act among the media under subparagraph 2 (e) of Article 2 of the aforesaid Act in the form of code, letter, voice, sound, image, or picture through an information and communications network or display such medium to the general public without taking any measure to restrict access by a juvenile. <Amended by Act No. 11048, Sep. 15, 2011>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 42-3 (Designation of Person Responsible for Protection of Juvenile)   print
(1) A provider of information and communications services shall, if the average number of users per day, sales, and other related factors fall under the criteria prescribed by Presidential Decree, designate a person responsible for protection of juvenile to protect juvenile from unwholesome information for juvenile in the information and communication network.
(2) The person responsible for protection of juvenile shall be chosen from among executives of the relevant business operator or the persons in a position equivalent to the head of a department responsible for business affairs related to protection of juvenile.
(3) The person responsible for protection of juvenile shall block and control unwholesome information for juvenile in the information and communications network, and shall carry out business affairs for protection of juvenile, including establishment of a plan for protection of juvenile from unwholesome information for juvenile.
(4) Necessary matters concerning the designation of a person responsible for protection of juvenile under paragraph (1) shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 43 (Duty of Provider of Visual or Sound Information to Keep Information)   print
(1) An information provider specified by Presidential Decree among those who engage in a business of providing unwholesome media for juvenile as defined in subparagraph 3 of Article 2 of the Juvenile Protection Act among the media under subparagraph 2 (e) of Article 2 of the aforesaid Act in a way to make it impossible to store or record the unwholesome media in a user's computer shall keep relevant information. <Amended by Act No. 11048, Sep. 15, 2011>
(2) The period of time during which an information provider under paragraph (1) is obligated to keep relevant information shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 44 (Protection of Rights in Information and Communications Network)   print
(1) No user may circulate any information violative of other person's rights, including intrusion on privacy and defamation, through an information and communications network.
(2) Every provider of information and communications services shall make efforts to prevent any information under paragraph (1) from being circulated through the information and communications network operated and managed by it.
(3) The Korea Communications Commission may prepare a policy on development of technology, education, public relations activities, and other activities to prevent violation of other persons' rights by information circulated through information and communications networks, including intrusion on privacy and defamation, and may recommend providers of information and communications services to adopt the policy.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 44-2 (Request for Deletion of Information)   print
(1) Where information provided through an information and communications network purposely to make it public intrudes on other persons' privacy, defames other persons, or violates other persons' right otherwise, the victim of such violation may request the provider of information and communications services who handled the information to delete the information or publish a rebuttable statement (hereinafter referred to as "deletion or rebuttal"), presenting it materials supporting the alleged violation.
(2) A provider of information and communications services shall, upon receiving a request for deletion or rebuttal of the information under paragraph (1), delete the information, take a temporary measure, or any other necessary measure, and shall notify the applicant and the publisher of the information immediately. In such cases, the provider of information and communications services shall make it known to users that it has taken necessary measures by posting a public notice on the relevant open message board or in any other way.
(3) A provider of information and communications services shall, if there is any unwholesome medium for juvenile published in violation of the labeling method under Article 42 in the information and communications network operated and managed by it or if a content advertising any unwholesome medium for juvenile is displayed in such network without any measures to restrict access by juvenile under Article 42-2, delete such content without delay.
(4) A provider of information and communications services may, if it is difficult to judge whether information violates any right or it is anticipated that there will probably be a dispute between interested parties, take a measure to block access to the information temporarily (hereinafter referred to as "temporary measures"), irrespective of a request for deletion of the information under paragraph (1). In such cases, the period of time for the temporary measure shall not exceed 30 days.
(5) Every provider of information and communications services shall clearly state the details, procedure, and other matters concerning necessary measures in its standardized agreement in advance.
(6) A provider of information and communications services may, if it takes necessary measures under paragraph (2) for the informations circulated through the information and communications network operated and managed by it, have its liability for damages caused by such informations mitigated or discharged.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 44-3 (Discretionary Temporary Measures)   print
(1) A provider of information and communications services may, if it finds that information circulated through the information and communications network operated and managed by it intrudes on someone's privacy, defames someone, or violates someone's rights, take temporary measures at its discretion.
(2) The latter part of Article 44-2 (2), the latter part of Article 44-2 (4), and Article 44-2 (5) shall apply mutatis mutandis to the temporary measures under paragraph (1).
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 44-4 (Self Regulation)   print
An organization of providers of information and communications services may establish and implement a code of conduct applicable to providers of information and communications services with an objective to protect users and render information and communications services in a safer and more reliable way.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 44-5 (Verification of Identity of Users of Open Message Boards)   print
(1) A person falling under any of the following subparagraphs shall, if it intends to install and operate an open message board, take necessary measures as prescribed by Presidential Decree (hereinafter referred to as "measures for verifying identity of users"), including preparation of a method and procedure for verifying identity of users of the open message board:
1. A State organ, a local government, a public enterprise, a quasigovernment agency under Article 5 (3) of the Act on the Management of Public Institutions, or a local government-invested public corporation or a local government public corporation under the Local Public Enterprises Act (hereinafter referred to as "public institution");
2. A provider of information and communications services who falls under the criteria prescribed by Presidential Decree, where the average number of users of each type of information and communications services rendered by it reaches or exceeds 100,000 person per day.
(2) The Korea Communications Commission may, if a provider of information and communications services falling under the criteria under paragraph (1) 2 does not take any measure for verification of identity, order it to take a measure for verification of identity.
(3) The Government shall prepare a policy to develop a safer and more reliable system for verification of identity under paragraph (1).
(4) A public institution or a provider of information and communications services may have its liability for damages caused by fraudulent use of a user's identity by a third party mitigated or discharged, if it has taken the measure for verification of identity under paragraph (1) with care as a good manager.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 44-6 (Claim to Furnish User's Information)   print
(1) A person who alleges that publishing or circulating information by a specific user has intruded on his/her privacy, defamed him/her, or violated his/her rights may file a claim with the defamation dispute conciliation division under Article 44-10 to demand the relevant provider of information and communications services to furnish the information possessed by the provider of information and communications services about the alleged offender (referring to the minimum information specified by Presidential Decree, including the name and address, necessary for filing a civil or criminal complaint), along with materials supporting his/her allegation of the violation, so that he/she can file a civil or criminal complaint against the alleged offender.
(2) The defamation dispute conciliation division shall, upon receiving a claim under paragraph (1), make a decision on whether to furnish information, hearing the opinion of the relevant user, unless it is impossible to contact the relevant user or there is any particular reason otherwise.
(3) A person who receives information about the relevant user under paragraph (1) may not use the information for any purpose other than the purpose of filing a civil or criminal complaint.
(4) Other matters necessary for the contents of a claim to furnish information of a user and the procedure therefor shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 44-7 (Prohibition on Circulation of Unlawful Information)   print
(1) No one may circulate information falling under any of the following subparagraphs through an information and communications network: <Amended by Act No. 11048, Sep. 15, 2011>
1. Information with an obscene content distributed, sold, rented, or displayed openly in the form of code, words, sound, image, or picture;
2. Information with a content that defames other persons by divulging a fact, true or false, openly and purposely to disparage the person's reputation;
3. Information with a content that arouses fear or apprehensions by reaching other persons repeatedly in the form of code, words, sound, image, or picture;
4. Information with a content that mutilates, destroys, alters, or forges an information and communications system, data, a program, or similar or that interferes with the operation of such system, data, program, or similar without a justifiable ground;
5. Information with a content that falls within an unwholesome medium for juvenile under the Juvenile Protection Act and that is provided for profit without fulfilling the duties and obligations under relevant Acts and subordinate statutes, including the duty to verify the opposite party's age and the duty of labeling;
6. Information with a content that falls within speculative activities prohibited by Acts and subordinate statutes;
7. Information with a content that divulges a secret classified by Acts and subordinate statutes or any other State secret;
8. Information with a content that commits an activity prohibited by the National Security Act;
9. Other information with a content that attempts, aids, or abets to commit a crime.
(2) The Korea Communications Commission may order a provider of information and communications services or a manager or an operator of an open message board to reject, suspend, or restrict handling of information under paragraph (1) 1 through 6, subject to deliberation by the Communications Standards Commission: Provided, That if the information falls under paragraph (1) 2 or 3, the Commission may not issue an order to reject, suspend, or restrict such handling against the intention specifically manifested by the victim of the relevant information.
(3) The Korea Communications Commission shall order a provider of information and communications services or a manager or an operator of an open message board to reject, suspend, or restrict handling of information under paragraph (1) 7 through 9, if the information falls under all the following subparagraphs:
1. There was a request from the head of a related central administrative agency;
2. A demand for correction was made pursuant to subparagraph 4 of Article 21 of the Act on the Establishment and Operation of Korea Communications Commission after deliberation by the Communications Standards Commission within seven days from the date on which the request under subparagraph 1 had been received;
3. The provider of information and communications services or the manager or operator of the open message board has not complied with the demand for correction.
(4) The Korea Communications Commission shall give an opportunity to the provider of information and communications services or the manager or operator of the open message board to whom an order is to be issued pursuant to paragraph (2) or (3), or the relevant user to present his/her opinion in advance: Provided, That the Commission may omit to give an opportunity to present an opinion, if a case falls under any of the following subparagraphs:
1. If it is necessary to make a disposition urgently for public safety and welfare;
2. If there is a ground specified by Presidential Decree to believe that it is obviously difficult or evidently unnecessary to hear an opinion;
3. If a person concerned clearly manifests his/her intent to give up the opportunity to present his/her opinion.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Articles 44-8 and 44-9 Deleted. <by Act No. 8867, Feb. 29, 2008>   print
law view
 Article 44-10 (Defamation Dispute Conciliation Division)   print
(1) The Communications Standards Commission shall have the defamation dispute conciliation division comprised of five members or less to efficiently carry out the business affairs of conciliation of disputes arising in connection with information that intrudes other persons' privacy, defames other persons, or violates other persons' rights, and at least one of the members shall be a person who holds qualification of attorney-at-law.
(2) The members of the defamation dispute conciliation division shall be commissioned by the chairperson of the Communications Standards Commission with consent of the Communications Standards Commission.
(3) Articles 33-2 (2) and 35 through 39 shall apply mutatis mutandis to the procedure for conciliation of disputes by the defamation dispute conciliation division. In such cases, the term "Dispute Mediation Committee" shall be construed as "Communications Standards Commission," and the term "disputes over personal information" as "disputes arising in connection with information that intrudes privacy, defames other persons, or violates other persons' rights among information circulated through information and communications networks."
(4) Necessary matters concerning the installation and operation of the defamation dispute conciliation division and the conciliation of disputes, and other related matters shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
CHAPTER VI SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK
law view
 Article 45 (Securing of Stability of Information and Communications Network)   print
(1) Every provider of information and communications services shall take protective measures to secure the stability of the information and communications network used in providing information and communications services and the reliability of information.
(2) The Korea Communications Commission may prescribe and publicly notify guidelines for measures for protection of information (hereinafter referred to as "information protection guidelines"), specifying details of the protective measures under paragraph (1), and may recommend providers of information and communications services to observe the guidelines. <Amended by Act No. 11322, Feb. 17, 2012>
(3) The information protection guidelines shall contain descriptions of the following matters:
1. Technical and physical protective measures, including installation and operation of an information protection system for preventing or counteracting against access or invasion by a person with no due authorization to an information and communications network;
2. Technical protective measures for preventing unlawful leakage, alteration, or deletion of information;
3. Technical and physical protective measures for securing the state of enabling continuous use of information and communications networks;
4. Administrative protective measures for stabilization of information and communications networks and protection of information, including securing human resources, organization, and expenses and establishing related plans.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 45-2 (Preliminary Examination on Protection of Information)   print
(1) A provider of information and communications services shall, upon intending to newly establish an information and communications network or to provide information and communications services, take the matters on protection of information into account in planning or designing thereof.
(2) The Korea Communications Commission may recommend a person who intends to implement the information and communications services or the electricity and communications businesses falling under any of the following subparagraphs to take protective measures in accordance with the preliminary examination standards as determined by Presidential Decree:
1. The information and communications services or the electricity and communications businesses as determined by Presidential Decree, for which authorization/permission by the Korea Communications Commission should be obtained or registration with or report to the Korea Communications Commission should be made pursuant to this Act or other Acts and subordinate statutes;
2. The information and communications services or the electricity and communications businesses as determined by Presidential Decree and financed by the Korea Communications Commission for all or part of the business expenses thereof.
(3) Standards, methods, procedures, fees for the preliminary examination on protection of information pursuant to paragraph (2) and other necessary matters shall be determined by Presidential Decree.
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012]
law view
 Article 45-3 (Designation, etc. of Chief Information Protection Officer)   print
(1) The provider of information and communications services may designate a chief information protection officer at an executive level for security of information and communications system, etc. and for safe administration of information.
(2) A chief information protection officer shall be responsible for the matters under each of the following subparagraphs:
1. Establishment and administration/operation of an administrative system for information protection;
2. Analysis/evaluation and improvement of the weakness of information protection;
3. Prevention of and response to an intrusion;
4. Preparation of preliminary measures for information protection and designing/realization, etc. of security measures;
5. Review of a preliminary security for information protection;
6. Review of the encryption of an important information and the suitability of a security server;
7. Other matters such as the performance of necessary measures for protection of information pursuant to this Act or other relevant Acts and subordinate statutes.
(3) The provider of information and communications services may establish/operate an association of chief information protection officers comprised of the chief information protection officer under paragraph (1) in order to jointly perform prevention/response in intrusion cases, sharing necessary information and other joint businesses as determined by Presidential Decree.
(4) The Government may subsidize all or part of the necessary expenses for the activities of the association of chief information protection officers pursuant to paragraph (3).
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012]
law view
 Article 46 (Protection of Clustered Information and Communications Facilities)   print
(1) Every business operator who operates and manages clustered information and communications facilities to render information and communications services on behalf of another person (hereinafter referred to as "business operator of clustered information and communications facilities") shall take protective measures as prescribed by Presidential Decree to operate the information and communications facilities stably.
(2) Every business operator of clustered information and communications facilities shall carry insurance as prescribed by Presidential Decree to cover damages that may be caused by destruction or damage of the clustered information and communications facilities or any other trouble in operation.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 46-2 (Emergency Countermeasures of Business Operators of Clustered Information and Communications Facilities)   print
(1) A business operator of clustered information and communications facilities may, if any of the following events occurs, suspend rendering relevant services, in whole or in part, as stipulated in the standardized user agreement: <Amended by Act No. 9637, Apr. 22, 2009>
1. If it is anticipated that an abnormality found in the information system of a person who uses clustered information and communications facilities (hereinafter referred to as "user of facilities") will probably cause a serious trouble to the information system of other users of facilities or clustered information and communications facilities;
2. If it is anticipated that an intrusion from outside will probably cause a serious trouble to the clustered information and communications facilities;
3. If there occurs a serious intrusion and the Korea Communications Commission or the Korea Internet and Security Agency requests to suspend the services.
(2) A business operator of clustered information and communications facilities shall, when it suspends its services in accordance with paragraph (1), immediately notify users of facilities of the suspension of services, specifically stating the reasons for the suspension, the date, time, period, and details of the suspension, and other related matters.
(3) A business operator of clustered information and communications facilities shall, once the event that caused suspension of services terminates, resume its services immediately.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 46-3 Deleted. <by Act No. 11322, Feb. 17, 2012>   print
law view
 Article 47 (Certification of Information Protection and Management System)   print
(1) With respect to the person who has established and operates a comprehensive management system, including administrative and technical protective measures, for securing stability and reliability of an information and communications network (hereinafter referred to as "information protection and management system"), the Korea Communications Commission may certify as to whether he/she meets the standards pursuant to paragraph (3). <Amended by Act No. 9637, Apr. 22, 2009; Act No. 11322, Feb. 17, 2012>
(2) A provider of information and communications services falling under any of the following subparagraphs shall obtain the certification pursuant to paragraph (1): <Newly Inserted by Act No. 11322, Feb. 17, 2012>
1. A person who renders information and communications services as a person who has obtained the permission pursuant to Article 6 (1) of the Telecommunications Business Act;
2. A business operator of clustered information and communications facilities;
3. A person whose annual sales amount or the number of users, etc. meets the standards determined by Presidential Decree.
(3) For the certification of an information protection and management system, the Korea Communications Commission may determine and publicly notify the standards of certification and other necessary matters including administrative, technical, physical protective measures. <Amended by Act No. 11322, Feb. 17, 2012>
(4) The effective term of the certification of the information protection and management system pursuant to paragraph (1) shall be three years: Provided, That the certification under paragraph (1) shall be deemed obtained during the effective term in the case of having obtained the management rating for information protection pursuant to Article 47-5 (1). <Newly Inserted by Act No. 11322, Feb. 17, 2012>
(5) The Korea Communications Commission may authorize the Korea Internet and Security Agency or any institutions designated by the Korea Communications Commission (hereinafter referred to as "certifying institution of the information protection and management system") to perform affairs on the certification pursuant to paragraphs (1) and (2). <Newly Inserted by Act No. 11322, Feb. 17, 2012>
(6) To enhance effectiveness of the information protection and management system, the Korea Internet and Security Agency and the certifying institution of the information protection and management system shall conduct follow-up management and notify results of the management to the Korea Communications Commission at least one time annually. <Newly Inserted by Act No. 11322, Feb. 17, 2012>
(7) A person who has obtained the certification of information protection and management system pursuant to paragraphs (1) and (2) may indicate the obtained certification or advertise details thereof as determined by Presidential Decree. <Amended by Act No. 11322, Feb. 17, 2012>
(8) In cases where the Korea Communications Commission finds causes falling under any of the following subparagraphs, it may revoke the aforementioned certification: <Newly Inserted by Act No. 11322, Feb. 17, 2012>
1. Where a person obtained the certification of information protection and management system, fraudulently or by other unjust methods;
2. Where falling short of the standards of certification pursuant to paragraph (3);
3. Where a person refuses or interfere with the follow-up management pursuant to paragraph (6).
(9) The method, procedure, scope and fee pursuant to paragraphs (1) and (2), the method and procedure of the follow-up management pursuant to paragraph (6), the method and procedure of the revocation of certification pursuant to paragraph (8) and other necessary matters shall be prescribed by Presidential Decree. <Amended by Act No. 11322, Feb. 17, 2012>
(10) Matters necessary for the criteria, procedure and effective term, etc. for designation of a certifying institution of information protection and management system shall be prescribed by Presidential Decree. <Amended by Act No. 11322, Feb. 17, 2012>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 47-2 (Revocation of Designation of Certifying Inspection of Information Protection and Management System)   print
(1) If a legal entity or organization designated as a certifying institution of information protection and management system pursuant to Article 47 falls under any of the following subparagraphs, the Korea Communications Commission may revoke the designation or order it to suspend the relevant business, entirely or partially, for a prescribed period of time not exceeding one year: Provided, That the designation shall be revoked without an exception, if the legal entity or organization falls under subparagraph 1 or 2: <Amended by Act No. 11322, Feb. 17, 2012>
1. If it obtained the designation of the certifying institution of information protection and management system by deceit or in any other fraudulent mean;
2. If it carried on the certification during a business suspension period;
3. If fails to grant certification without justifiable grounds;
4. If it grants certification, in violation of Article 47 (9);
5. If it no longer meets the criteria for designation under Article 47 (10).
(2) Matters necessary for the revocation of designation and suspension of business under paragraph (1) and other related matters shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 47-3 (Certification of Management System for Protection of Personal Information)   print
(1) With respect to a person who established and is operating a comprehensive management system including administrative, technical and physical protective measures in order to systematically and continuously perform the activities for protection of personal information in the information and communications network (hereinafter referred to as “management system for protection of personal Information”), the Korea Communications Commission may certify as to whether the management system meets the standards pursuant to paragraph (2).
(2) The Korea Communications Commission may, for the certification of management system for protection of personal Information pursuant to paragraph (1), determine and publicly announce standards for the certification including administrative, technical and physical protective measures and other necessary matters.
(3) Concerning the institutions which implement the management system for protection of personal Information and the follow-up management, etc., Article 47 (5) through (10) shall apply mutatis mutandis thereto. In this case, the term “paragraphs (1) and (2)” shall be deemed “paragraph (1)”.
(4) Concerning the revocation of designation, etc. of a certifying institution of the management system for protection of personal Information, Article 47-2 shall apply mutatis mutandis thereto.
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012]
law view
 Article 47-4 (Protection of User Information)   print
(1) The Government may prescribe guidelines necessary for protection of information of users to recommend users to observe the guidelines, and may take necessary measures for preventing intrusions and precluding spread of intrusions, such as inspection of weaknesses and technical support.
(2) A major provider of information and communications services may, if it is foreseen that a serious problem is likely to occur in the information system of a user who uses the services, the information and communications network, or similar provided by it because of an occurrence of a serious intrusion on its information and communications network, request the user to take necessary protective measures as stipulated by the standard user agreement, and may place a temporary restriction on access to the relevant information and communications network if the user does not perform as requested.
(3) A software business operator under Article 2 of the Software Industry Promotion Act shall, when he/she produced a program that improves weaknesses in security, notify the Korea Internet and Security Agency of its production, and shall notify users of the software of the production at least twice within one month from the date of production. <Amended by Act No. 9637, Apr. 22, 2009>
(4) Specific details that shall be stipulated by the standard user agreement with respect to the request for protective measures under paragraph (2) and other related matters shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 47-5 (Management Rating for Information Protection)   print
(1) A person who has obtained the certification for information protection and management system pursuant to Article 47 is entitled to receive the management rating for information protection from the Korea Communications Commission in order to enhance level of a corporate’s management of its comprehensive information protection and to secure users’ reliability on information protection services.
(2) The Korea Communications Commission may authorize the Korea Internet and Security Agency to perform the affairs of rating under paragraph (1).
(3) A person who has obtained the management rating for information protection pursuant to paragraph (1) may indicate the obtained rating or advertise details of such rating as determined by Presidential Decree.
(4) In cases where the Korea Communications Commission finds causes falling under any of the following subparagraphs, it may revoke the aforementioned rating:
1. Where a person obtained the management rating for information protection, fraudulently or by other unjust methods;
2. Where falling short of the standards of rating pursuant to paragraph (5).
(5) Standards of review in offering the rating pursuant to paragraph (1), the method, procedure and fee of offering the rating, the effective term of rating, the method/procedure of revocation of rating pursuant to paragraph (4) and other necessary matters shall be prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012]
law view
 Article 48 (Prohibition on Intrusive Acts, etc. on Information and Communications Network)   print
(1) No one shall intrude on an information and communications network without a rightful authority for access or beyond a permitted authority for access.
(2) No one shall mutilate, destroy, alter, or forge an information and communications system, data, program, or similar without a justifiable grounds, nor shall convey or spread a program that is likely to interrupt operation of such system, data, program, or similar (hereinafter referred to as "malicious program").
(3) No one shall cause a trouble to an information and communications network purposely to interfere with stable operation of the information and communications network by sending a large amount of signals or data, letting the network process an illegitimate order, etc.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 48-2 (Countermeasures, etc. against Intrusion Cases)   print
(1) The Korea Communications Commission shall carry out the following business affairs to take proper countermeasures against intrusion, and may have the Korea Internet and Security Agency carry out all or part of the business affairs, if necessary to do so: <Amended by Act No. 9637, Apr. 22, 2009>
1. Collection and spread of information about intrusion;
2. Precaution and warning of intrusion;
3. Emergency measures against intrusion;
4. Other countermeasures against intrusion prescribed by Presidential Decree.
(2) A person falling under any of the following subparagraphs shall furnish the Korea Communications Commission or the Korea Internet and Security Agency with the information related to intrusion cases, including statistics by types of intrusion cases, statistics of traffic of the relevant information and communications network, and statistics of use by access channels, as prescribed by Presidential Decree: <Amended by Act No. 9637, Apr. 22, 2009>
1. A major provider of information and communications services;
2. A business operator of clustered information and communications facilities;
3. Other persons specified by Presidential Decree among those who operate an information and communications network.
(3) The Korea Internet and Security Agency shall analyze the information under paragraph (2) and report it to the Korea Communications Commission. <Amended by Act No. 9637, Apr. 22, 2009>
(4) If a business operator who is obligated to furnish information in accordance with paragraph (2) refuses to furnish information without a justifiable ground or furnishes false information, the Korea Communications Commission may order the business operator to make a correction within a reasonable period of time prescribed by the Commission.
(5) The Korea Communications Commission or the Korea Internet and Security Agency shall use the information furnished in accordance with paragraph (2) properly within the extent necessary for taking countermeasures against intrusion. <Amended by Act No. 9637, Apr. 22, 2009>
(6) The Korea Communications Commission or the Korea Internet and Security Agency may, if necessary to take countermeasures against intrusion, request a person falling under any subparagraph of paragraph (2) to provide human resources for assistance. <Amended by Act No. 9637, Apr. 22, 2009>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 48-3 (Report, etc. on Intrusion Cases)   print
(1) A person falling under any of the following subparagraphs shall, if it discovers an occurrence of intrusion, immediately report it to the Korea Communications Commission or the Korea Internet and Security Agency. In such cases, a notice given in accordance with Article 13 (1) of the Act on the Protection of Information and Communications Infrastructure shall be deemed a report under the foregoing sentence: <Amended by Act No. 9637, Apr. 22, 2009>
1. A provider of information and communications services;
2. A business operator of clustered information and communications facilities.
(2) The Korea Communications Commission or the Korea Internet and Security Agency shall, upon receiving a report of intrusion under paragraph (1) or becomes aware of an intrusion, take necessary measures under subparagraphs of Article 48-2 (1). <Amended by Act No. 9637, Apr. 22, 2009>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 48-4 (Analysis, etc. of Cause of Intrusion Cases)   print
(1) A person who operates an information and communications network, including a provider of information and communications services, shall analyze causes of intrusion and prevent damage from being spread, whenever an intrusion occurs.
(2) The Korea Communications Commission may, when a serious intrusion occurs in an information and communications network operated by a provider of information and communications services, organize a joint private-public investigation team with people who have expertise in protection of information to conduct an analysis on causes of such intrusion in order to preclude spread of damage, take countermeasures against the intrusion, recover from damage and prevent recurrence of such intrusion.
(3) The Korea Communications Commission may, if deemed necessary for analyzing causes of an intrusion pursuant to paragraph (2), order a provider of information and communications services and a business operator of clustered information and communications facilities to preserve relevant data, such as access records of the relevant information and communications network.
(4) The Korea Communications Commission may, if deemed necessary for analyzing causes of an intrusion, demand a provider of information and communications services and a business operator of clustered information and communications facilities to submit data related to the intrusion, and also may order the joint private-public investigation team under paragraph (2) to enter into a place of business of a person involved to conduct investigation into the causes of the intrusion: Provided, That submission of data corresponding to access log data under subparagraph 11 of Article 2 of the Protection of Communications Secrets Act shall be governed by the provisions of the aforesaid Act.
(5) The Korea Communications Commission or the joint private-public investigation team shall not use the information learned through the data submitted and the investigation conducted in accordance with paragraph (4) for any purpose other than analysis of causes of the intrusion and preparation of countermeasures, and shall destroy it immediately after the analysis of causes is completed.
(6) Necessary matters concerning the organization of the joint privatepublic investigation team under paragraph (2) and the protection of data submitted in relation to an intrusion in accordance with paragraph (4), and other related matters shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 49 (Protection of Secrets, etc.)   print
No one shall mutilate another person's information processed, stored, or transmitted through an information and communications network, nor shall infringe, misappropriate, or divulge another person's secret.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 49-2 (Prohibition on Collection, etc. of Personal Information by Fraud)   print
(1) No one shall collect another person's information through an information and communications network by fraud, nor shall entice another person by fraud to furnish information.
(2) A provider of information and communications services shall, whenever it discovers a violation of paragraph (1), immediately report it to the Korea Communications Commission or the Korea Internet and Security Agency. <Amended by Act No. 9637, Apr. 22, 2009>
(3) The Korea Communications Commission or the Korea Internet and Security Agency shall, upon receiving a report under paragraph (2) or becoming aware of a violation of paragraph (1), take the following measures as may be necessary: <Amended by Act No. 9637, Apr. 22, 2009>
1. Collection and spread of the information related to the violation;
2. Precaution and warning of similar damage;
3. Emergency measures for preventing spread of damage, such as requesting the relevant provider of information and communications services to cut off access channels.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50 (Restrictions on Transmission of Advertising Information for Profit)   print
(1) No one shall transmit any advertising information for profit to another person by electronic mails or any other medium specified by Presidential Decree against the addressee's explicit intention to decline reception of the information.
(2) A person who intends to transmit any advertising information for profit by telephone or facsimile of another person shall obtain consent from the addressee in advance: Provided, That the prior consent is not required for any of the following cases:
1. Where a person who has collected an addressee's contact information directly through a transaction of goods, etc. intends to transmit to the addressee any advertising information for profit concerning the goods, etc. handled by him/her;
2. Where the relevant advertising information falls under an advertisement under Article 13 (1) of the Act on the Consumer Protection in the Electronic Commerce Transactions, etc. or a soliciting telephone call under Article 6 (3) of the Door-to-Door Sales, etc. Act.
(3) Notwithstanding paragraph (2), a person who intends to transmit any advertising information for profit through a recipient's telephone or facsimile during the time between nine o'clock in the afternoon and eight o'clock in the morning of the following day shall obtain a prior consent from the recipient separately.
(4) A person who transmits any advertising information for profit by electronic mails or any other medium specified by Presidential Decree shall specifically state the following matters in the advertising information for profit, as prescribed by Presidential Decree:
1. The type and main contents of the transmitted information;
2. The name and contact information of the sender;
3. The source from which the electronic mail address was collected (applicable only when transmitted by electronic mail);
4. Matters concerning the measures and method by which the addressee can express his/her intention to decline reception of the information easily.
(5) A person who transmits any advertising information for profit by a recipient's telephone or facsimile shall specifically state the following matters in the advertising information for profit, as prescribed by Presidential Decree:
1. The name and contact information of the sender;
2. Matters concerning the measures and method by which the recipient can express his/her intention to revoke his/her consent to receive the information easily.
(6) A person who transmits an advertisement for profit shall not take any of the following technical measures:
1. A measure to avoid or impede the addressee's denial of reception of the advertising information or the revocation of his/her consent to receive such information;
2. A measure to generate an addressee's contact information, such as telephone number and electronic mail address, automatically by combining figures, codes, or letters;
3. A measure to register electronic mail addresses automatically with intent to transmit advertising information for profit;
4. Various measures to hide the identity of the sender of advertising information or the source of transmission of an advertisement.
(7) A person who transmits an advertising information for profit shall take necessary measures as prescribed by Presidential Decree to avoid imposing on an addressee the burden of pecuniary expenses, such as telephone charge, incurred when the addressee declines reception of the information or revokes consent to receive the information.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50-2 (Prohibition on Unauthorized Collection of Electronic Mail Addresses)   print
(1) No one may collect electronic mail addresses from an internet homepage without prior consent of the operator or manager of the internet homepage automatically by a program for collecting electronic mail addresses or any other technical device.
(2) No one may sell or distribute electronic mail addresses collected in violation of paragraph (1).
(3) No one may knowingly use an electronic mail address, the collection, sale, and distribution of which are prohibited pursuant to paragraphs (1) and (2), in transmitting information.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50-3 (Commissioned Transmission of Advertising Information for Profit)   print
(1) A person who has commissioned someone to transmit advertising information for profit on his/her behalf shall control and oversee the person to whom the transmission was commissioned to ensure that the person does not violate Article 50 or 50-2.
(2) A person to whom transmission of advertising information for profit has been commissioned under paragraph (1) shall be deemed an employee of the person who has commissioned the transmission of information in determining liability for damages caused by a violation of an Act related to such business affair.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50-4 (Restriction on Rendering Information Transmission Service)   print
(1) A provider of information and communications services may take measures to deny rendering corresponding services in any of the following cases:
1. If transmission or reception of advertising information causes or is likely to cause a trouble in rendering the services;
2. If a user does not want to receive advertising information;
3. If the services rendered by the provider of information and communications services to a user under a user agreement is used for transmitting illegal advertising information.
(2) A provider of information and communications services shall, if it intends to take the measures of denial under paragraph (1), include terms and conditions concerning denial of the relevant services in the terms of conditions of the user agreement made with the user on the relevant information and communications services.
(3) A provider of information and communications services shall, if it intends to take the measures of denial under paragraph (1), notify the user to whom the services have been rendered and interested parties of its measures: Provided, That it shall give notice without delay after taking the measures of denial first, if it is difficult to give notice in advance.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50-5 (Installation of Advertising Program for Profit)   print
A provider of information and communications services shall, when it intends to install a program designed to display advertising information or collect personal information in a user's computer or any other information processing device specified by Presidential Decree, obtain consent from the user. In such cases, it shall notify the purpose of use of the program and the method of deletion.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50-6 (Distribution of Software Designed to Cut Off Transmission of Advertising Information for Profit)   print
(1) The Korea Communications Commission may develop and distribute software or computer programs designed for addressees to conveniently cut off or report any advertising information for profit when it is transmitted in violation of Article 50.
(2) The Korea Communications Commission may provide necessary support to related public agencies, legal entities, organizations, or similar for facilitating the development and distribution of software or computer programs for cutting off or reporting transmission under paragraph (1).
(3) If telecommunications services rendered by a provider of information and communications services are used in transmitting advertising information for profit in violation of Article 50, the Korea Communications Commission may recommend the provider of information and communications services to take necessary measures, such as development of technology, education, and public relations activities to protect addressees.
(4) The method of the development and distribution under paragraph (1) and the matters necessary for the support under paragraph (2) shall be prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50-7 (Restriction on Posting Advertising Information for Profit)   print
(1) No one may post any advertising information for profit on an Internet homepage against the intention of denial explicitly expressed by the operator or manager of the Internet homepage.
(2) An operator or manager of an internet homepage may take measures against any advertising information for profit posted in violation of paragraph (1), including deletion.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 50-8 (Prohibition on Transmission of Advertising Information for Unlawful Act)   print
No one shall transmit any advertising information for goods or services prohibited by this Act or any other Act through an information and communications network.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 51 (Restriction, etc. on Outflow of Important Information to Abroad)   print
(1) The Government may have providers or users of information and communications services to take necessary measures to prevent outflow to abroad of any important information about industry, economy, science, technology, etc. of this county through information and communications networks.
(2) The scope of the important information under paragraph (1) shall be as follows:
1. Information related to the national security and major policies;
2. Information about details of cutting-edge science and technology or equipment developed within this country.
(3) The Government may have the providers of information and communications services that handle the information under subparagraphs of paragraph (2) take the following measures:
1. Installation of a systematic or technical device for preventing unlawful use of information and communications networks;
2. Systematic and technical measures for preventing unlawful destruction or manipulation of information;
3. Measures for preventing leakage of important information that providers of information and communications services have learned while handling the information.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 52 (Korea Internet and Security Agency)   print
(1) The Government shall establish the Korea Internet and Security Agency (hereinafter referred to as the "Internet and Security Agency") to upgrade the information and communications network (excluding matters concerning establishment, improvement and management of information and telecommunications network), encourage the safe use thereof, and promote the international cooperation and advancement into the overseas market in relation to broadcasting and communications. <Amended by Act No. 9637, Apr. 22, 2009>
(2) The Internet and Security Agency shall be a legal entity. <Amended by Act No. 9637, Apr. 22, 2009>
(3) The Internet and Security Agency shall carry out the following business affairs: <Amended by Act No. 9637, Apr. 22, 2009; Act No. 11322, Feb. 17, 2012>
1. Survey and research of laws, policies and systems for the use and protection of the information and telecommunications network, promotion of the international cooperation and advancement into the overseas market in relation to broadcasting and communications, etc.;
2. Survey and research of statistics concerning the use and protection of the information and telecommunications network;
3. Analysis of negative effects arising from the use of the information and telecommunications network and research on countermeasures;
4. Public relations activities, education, and training for using and protecting the information and telecommunications network;
5. Information protection for the information and telecommunications network, development of technologies concerning the Internet address resources and standardization thereof;
6. Support of industrial policies for knowledge information security, development of relevant technology and fostering of human resources;
7. Certification of the information protection and management system, implementation of and support for certification, evaluation, etc. of the information protection, such as evaluation or certification of the information protection system;
8. Research of measures to protect personal information and support for development and proliferation of protection technology;
9. Support for the operation of the Dispute Mediation Committee and operation of the Personal Information Protection Center;
10. Transmission of promotional information and consultation on and processing of complaints related to Internet advertisements;
11. Operation of a system to deal with intrusion cases of information and telecommunications network, analyze the causes thereof, and respond thereto;
12. Management of certification of digital signatures under Article 25 (1) of the Digital Signature Act;
13. Support for an efficient operation of the Internet and encouragement of wider use thereof;
14. Support for the protection of stored information of the Internet users;
15. Support for service policies pertaining to the Internet;
16. Protection of users and support for the proliferation of sound information on the Internet;
17. Affairs related to the management of Internet address resources under the Internet Address Resources Act;
18. Support for the operation of the Internet Address Dispute Resolution Committee under Article 16 of the Internet Address Resources Act;
19. Support for international cooperation, advancement into the overseas market and overseas promotional activities concerning the broadcasting and communications;
20. Projects incidental to those under subparagraphs 1 through 19;
21. Other business affairs designated as those of the Internet and Security Agency or business entrusted pursuant to this Act or any other Act and subordinate statutes, or those entrusted by the Minister of Public Administration and Security, the Minister of Knowledge Economy, the Korea Communications Commission, or the head of any other administrative agency.
(4) The Government may make contributions to the Internet and Security Agency to cover the cost and expenses required for carrying out its business affairs. <Amended by Act No. 9637, Apr. 22, 2009>
(5) The provisions governing incorporated foundations under the Civil Act shall apply mutatis mutandis to any matter not provided for in this Act with respect to the Internet and Security Agency. <Amended by Act No. 9637, Apr. 22, 2009>
(6) Any person, other than the Internet and Security Agency, shall not use the name called "Korea Internet and Security Agency." <Amended by Act No. 9637, Apr. 22, 2009>
(7) Matters necessary for the operation of the Internet and Security Agency and performance of its business affairs shall be prescribed by Presidential Decree. <Amended by Act No. 9637, Apr. 22, 2009>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
CHAPTER VII TELECOMMUNICATIONS BILLING SERVICES
law view
 Article 53 (Registration, etc. of Provider of Telecommunications Billing Services)   print
(1) A person who intends to render telecommunications billing services shall meet the following requirements and complete registration with the Korea Communications Commission as prescribed by Presidential Decree: <Amended by Act No. 8867, Feb. 29, 2008>
1. Financial soundness;
2. A plan for protection of users of telecommunications billing services;
3. Human resources and physical facilities required for carrying on the business;
4. A business plan.
(2) A person eligible for the registration under paragraph (1) shall be either a company under Article 170 of the Commercial Act or a legal entity under Article 32 of the Civil Act and the total amount of its capital, contributions, or basic assets shall not be less than the amount specified by Presidential Decree with the threshold of 500 million won.
(3) Notwithstanding Article 22 of the Telecommunications Business Act, a provider of telecommunications billing services may omit reporting as a value-added telecommunications business operator. <Amended by Act No. 10166, Mar. 22, 2010>
(4) Articles 23 through 26 of the Telecommunications Business Act shall apply mutatis mutandis to a revision to registration of a provider of telecommunications billing services, the transfer or acquisition of business, or the merger or inheritance of business, the succession to business, the cessation, discontinuance, dissolution, or similar of business of a provider of telecommunications billing services. In such cases, "special telecommunications business operator" shall be construed as "provider of telecommunications billing services," and the term "special telecommunications business" as "telecommunications billing services." <Amended by Act No. 10166, Mar. 22, 2010>
(5) Detailed requirements and procedure for the registration under paragraph (1) and other necessary matters shall be prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 54 (Disqualification from Registration)   print
A person falling under any of the following subparagraphs shall be disqualified for the registration under Article 53: <Amended by Act No. 8867, Feb. 29, 2008>
1. A legal entity in which case one year has not elapsed since its business was discontinued pursuant to Article 53 (4) or a person who was a major shareholder of such legal entity at the time when its business was discontinued (referring to an investor specified by Presidential Decree; hereinafter the same shall apply), if one year has not elapsed since the date of discontinuance;
2. A legal entity in which case three years have not elapsed since its registration was revoked pursuant to Article 55 (1) or a person who was a major shareholder of such legal entity at the time when its registration was revoked, if three years have not elapsed since the date of revocation;
3. A legal entity that are still under rehabilitation proceedings under the Debtor Rehabilitation and Bankruptcy Act or a major shareholder of such legal entity;
4. A person who did not perform his/her obligations within an agreed time limit in a banking transaction or any other commercial transaction and who is specified by the Korea Communications Commission;
5. A legal entity any of whose major shareholders falls under any provision of subparagraphs 1 through 4.
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 55 (Order to Revoke Registration)   print
(1) The Korea Communications Commission may, if a provider of telecommunications billing services falls under any of the following subparagraphs, revoke the registration or order to suspend its business for a prescribed period of time not exceeding one year: Provided, That the registration shall be revoked without exception, if a provider of telecommunications billing services falls under subparagraph 1: <Amended by Act No. 8867, Feb. 29, 2008>
1. If it completes the registration by deceit or in any other fraudulent mean;
2. If it fails to commence the business within one year from the date on which it completed the registration in accordance with Article 53 (1) or has suspended the business continuously for one year or longer.
(2) The criteria and procedure for the disposition under paragraph (1) and other necessary matters shall be prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 56 (Reporting on Standard Contract Form)   print
(1) Every provider of telecommunications billing services shall prepare a standard contract form on telecommunications billing services and report it to the Korea Communications Commission (including reporting on a revision thereto). <Amended by Act No. 8867, Feb. 29, 2008>
(2) The Korea Communications Commission may, if it is found that a standard contract form under paragraph (1) is likely to undermine users of telecommunications billing services, recommend the relevant provider of telecommunications billing services to revise the standard contract form. <Amended by Act No. 8867, Feb. 29, 2008>
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 57 (Securing Safety in Telecommunications Billing Services)   print
(1) Every provider of telecommunications billing services shall exercise the care of a good manager to render telecommunications billing services in a safe way.
(2) Every provider of telecommunications billing services shall take administrative measures, including establishment of guidelines for work process and classification of accounts, and technical measures, including establishment of an information protection system, to secure safety and reliability of transactions through telecommunications billing services as prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 58 (Rights of Providers of Telecommunications Billing Services)   print
(1) A provider of telecommunications billing services shall, when it issues a bill for the price for goods or services sold or rendered, notify the user of telecommunications billing services of the matters under each of the following subparagraphs: <Amended by Act No. 10560, Apr. 5, 2011>
1. Date and time of using telecommunications billing services;
2. Business name and contact information of the other party (referring to the person who sells and/or provides goods/services in a transaction through telecommunications billing services; hereinafter referred to as “other party to a transaction”);
3. Amount of the purchase/use through telecommunications billing services and details thereof;
4. Method of raising an objection and contact information.
(2) A provider of telecommunications billing services shall provide users of telecommunications billing services with a method by which users can verify the details of purchase and use, and shall also furnish a user, at the request of the user, with a written statement on the details of purchase and use (including an electronic document; hereinafter the same shall apply) within two weeks from the date on which it was requested.
(3) A user of telecommunications billing services may, when he/she discovers that the telecommunications billing services have been rendered against his/her willingness, demand the provider of telecommunications billing services to make correction (excluding cases where there is an intentional act or negligence on the part of the user of the telecommunications billing services), and the provider of telecommunications billing services shall, in return, notify the user of the results thereof within two weeks from the date on which such correction was demanded.
(4) Every provider of telecommunications billing services shall preserve records of telecommunications billing services during the period of time prescribed by Presidential Decree within the limit of five years.
(5) The matters concerning the term, type, and scope of the details of purchase and use, which shall be furnished to users of telecommunications billing services in accordance with paragraph (2) and the type and preservation method of the records, which each provider of telecommunications billing services shall preserve in accordance with paragraph (4), and other related matters shall be prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 59 (Settlement of Disputes)   print
(1) Every provider of telecommunications billing services may install and operate an institution or organization that carries out voluntary settlement of disputes to protect rights and interests of users.
(2) Every provider of telecommunications billing services shall prepare a procedure for raising objection by users of telecommunications billing services in connection with the services and redressing damages to their rights, as prescribed by Presidential Decree.
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 60 (Liability for Damages)   print
(1) A provider of telecommunications billing services shall be liable for damages caused to a user of the telecommunications billing services while rendering the services: Provided, That the same shall not apply in cases where the damages were caused by an intentional act or gross negligence on the part of the user of the telecommunications billing services.
(2) A provider of telecommunications billing services shall negotiate with the claimant to damages for agreement on compensation for the damages under paragraph (1).
(3) If parties fail to or are unable to reach agreement on compensation for damages under paragraph (2), either party may file an application for decision with the Korea Communications Commission. <Amended by Act No. 8867, Feb. 29, 2008>
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
law view
 Article 61 (Restriction on Use of Telecommunications Billing Services)   print
The Korea Communications Commission may order a provider of telecommunications billing services to deny, suspend, or place a restriction on the services against a person falling under any of the following subparagraphs: <Amended by Act No. 8867, Feb. 29, 2008; Act No. 11048, Sep. 15, 2011>
1. A person who sells, lends, provides any unwholesome medium for juvenile to juvenile in violation of Article 16 of the Juvenile Protection Act;
2. A person who undermines interests of users of telecommunications billing services seriously by enticing the users to purchase or use goods or services in any of the following means:
(a) Transmitting any advertising information for profit in violation of Article 50;
(b) Deceiving or enticing users of telecommunications billing services wrongfully;
3. A person who sells or renders goods or services prohibited by this Act or any other Act.
[This Article Newly Inserted by Act No. 8778, Dec. 21, 2007]
CHAPTER VIII INTERNATIONAL COOPERATION
law view
 Article 62 (International Cooperation)   print
The Government shall maintain cooperate reciprocally with other states or international organizations in carrying out the following affairs:
1. Affairs related to the transfer of personal information between states and the protection of personal information;
2. Affairs for the protection of juvenile in information and communications networks;
3. Affairs for the prevention of acts that undermine safety of information and communications networks;
4. Other affairs for the facilitation of sounder and safer use of information and communications services.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 63 (Protection of Personal Information Transferred to Abroad)   print
(1) Any provider of information and communications services or similar shall not execute an international contract with any term or condition in violation of this Act with respect to personal information of users.
(2) A provider of information and communications services or similar shall, when it intends to transfer personal information of a user to abroad, obtain consent of the user.
(3) A provider of information and communications services or similar who desires to obtain consent under paragraph (2) shall notify the relevant user of all the following matters in advance:
1. Items of the personal information transferred;
2. The state to which the personal information is to be transferred, the date and time of transfer, and the method of transfer;
3. The name of the person to whom the personal information is to be transferred (referring to the name of a legal entity and the contact information of the person responsible for management of information, if the person is a legal entity);
4. The purposes of use of the person to whom the personal information is to be transferred, and the period of time for possession and use of the personal information.
(4) A provider of information and communications services or similar shall, when it transfers personal information to abroad with consent under paragraph (2), take protective measures, as prescribed by Presidential Decree.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
CHAPTER IX SUPPLEMENTARY PROVISIONS
law view
 Article 64 (Submission of Data)   print
(1) The Korea Communications Commission may require a provider of information and communications services or similar (including a person to whom this Article shall apply mutatis mutandis pursuant to Article 67; hereafter the same shall apply in this Article) to submit related articles, documents, and others in any of the following cases: <Amended by Act No. 10465, Mar. 29, 2011; Act No. 11322, Feb. 17, 2012>
1. If it becomes aware of a violation or suspected violation of this Act;
2. If it receives a report or petition on a violation of this Act;
2-2. If it occurs, or is likely to occur, an event/accident or others which noticeably damages safety and reliability of users’ information;
3. If there is any other ground specified by Presidential Decree to believe that it is necessary for the protection of users.
(2) The Korea Communications Commission may, when it intends to take the following measures against a person who transmitted any advertising information for profit in violation of this Act, request a provider of information and communications services or similar to let it inspect or to submit data of the person who transmitted the advertising information, such as the name, address and national identification number of the person and the period of time of access:
1. Corrective measures under paragraph (4);
2. Imposition of fines for negligence under Article 76;
3. Any similar measures.
(3) The Korea Communications Commission may, if a provider of information and communications services or similar fails to submit data under paragraph (1) or (2) or if it finds that a provider of information and communications services or similar committed a violation of this Act, assign public officials under his/her control to enter the place of business of the provider of information and communications services or similar to inspect the current status of business, account books, documents, and others. <Amended by Act No. 10465, Mar. 29, 2011>
(4) The Korea Communications Commission may order a provider of information and communications services or similar who committed a violation of this Act to take corrective measures as may be necessary to stop or correct the violation, and may also require a provider of information and communications services or similar to whom it was ordered to take corrective measures to announce to the public the fact that it received the order to take such corrective measures. In such cases, the matters necessary for the method, guidelines, and procedure for the public announcement and other related matters shall be prescribed by Presidential Decree. <Amended by Act No. 10465, Mar. 29, 2011>
(5) The Korea Communications Commission may, when he/she issued an order to take corrective measures as may be necessary pursuant to paragraph (4), disclose to the public the fact that he/she issued the order to take corrective measures. In such cases, the matters necessary for the method, guidelines, and procedure for the public disclosure and other related matters shall be prescribed by Presidential Decree. <Amended by Act No. 10465, Mar. 29, 2011>
(6) The Korea Communications Commission shall, when he/she demands submission or inspection of data or other materials pursuant to paragraph (1) or (2), give a written notice (including an electronic document), specifically stating the reasons and legal authority for such demand, the time limit for submission or the date and time for inspection, the details of data subject to the submission or inspection, and other related matters. <Amended by Act No. 10465, Mar. 29, 2011>
(7) When an inspection under paragraph (3) is to be conducted, the plan for the inspection, including the date and time of the inspection, the reasons for and details of the inspection, shall be notified to the relevant provider of information and communications services or similar no later than seven days before the commencement of the inspection: Provided, That the plan for such inspection shall not be notified in an emergency case or if it is deemed impossible to accomplish the purposes of the inspection because of anticipated destruction of evidence or any other factor if a prior notice is given.
(8) The public officials who conduct an inspection pursuant to paragraph (3) shall carry an identification showing their authority with them to present it to people concerned, and shall deliver to the people concerned a document stating their names, the time and purposes of access, and other related matters, whenever they access to a place of business.
(9) The Korea Communications Commission shall, when he/she received data or any other material submitted or inspected data or any other material or conducted an inspection pursuant to any provision of paragraphs (1) through (3), notify the relevant provider of information and communications services or similar of the results thereof (including the details of disposition, in cases where he/she intends to make a disposition, such as an order to take corrective measures, as a result of the inspection) in writing. <Amended by Act No. 10465, Mar. 29, 2011>
(10) The Korea Communications Commission may ask technical advice or any other support of the head of the Internet and Security Agency as may be necessary in demanding submission of data or conducting an inspection pursuant to paragraphs (1) through (4). <Amended by Act No. 9637, Apr. 22, 2009; Act No. 10465, Mar. 29, 2011>
(11) The demand for submission of data or any other materials and the inspections under paragraphs (1) through (3) shall be limited to the least extent necessary for the enforcement of this Act, and shall be not abused for any other purpose.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 64-2 (Protection and Destruction of Data, etc.)   print
(1) The Korea Communications Commission shall not, if asked by a provider of information and communications services or similar to protect documents, data, or any other materials submitted or collected pursuant to Article 64, furnish them to a third party or disclose them to the general public. <Amended by Act No. 10465, Mar. 29, 2011>
(2) The Korea Communications Commission shall, when having received data submitted through an information and communications network or converted collected data or any other materials into an electronic format, take systematic and technical measures for security to protect personal information, trade secret, or similar from being leaked. <Amended by Act No. 10465, Mar 29, 2011>
(3) The Korea Communications Commission shall, if any of the following events occurs, immediately destroy documents, data, or any other materials submitted or collected pursuant to Article 64, except as specifically provided for otherwise by any other Act. The same shall apply to a person to whom the authority of the Minister of Knowledge Economy or the Korea Communications Commission has been delegated or entrusted in whole or in part under Article 65: <Amended by Act No. 10465, Mar. 29, 2011>
1. If the objectives of demanding submission of data, conducting a field inspection, or issuing an order to take corrective measures pursuant to Article 64 have been achieved;
2. If an appeal for administrative trial is filed against an order issued pursuant to Article 64 (4) to take corrective measures, or when proceedings of administrative trial are closed where an administrative lawsuit was filed;
3. If the time period for raising an objection under Article 76 (5) ends, where a disposition was made to impose the fine for negligence under paragraph (4) of the aforesaid Article but there has been no objection filed against the disposition;
4. If there was an objection filed against disposition of file for negligence under Article 76 (4) and the proceedings for the non-contentious litigation case are closed at the competent court.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 64-3 (Imposition, etc. of Penalty Surcharge)   print
(1) The Korea Communications Commission may impose, on a provider of information and communications services or similar, an amount equivalent to not more than 1/100 of its sales related to a violation as penalty surcharge, if he/she committed an act falling under any of the following subparagraphs: Provided, That the Commission may impose penalty surcharge not exceeding 100 million won on a telecommunications business operator who committed an act under subparagraph 6: <Amended by Act No. 11322, Feb. 17, 2012>
1. If it collects personal information without consent of the relevant user in violation of Article 22 (1);
2. If it collects personal information that is likely to seriously undermine rights, interests, or privacy of a person without consent of the relevant user in violation of Article 23 (1);
3. If it uses personal information in violation of Article 24;
4. If it furnishes a third party with personal information in violation of Article 24-2;
5. If it commissions someone to handle personal information without consent of the relevant user in violation of Article 25 (1);
6. If it has a user's personal information lost, stolen, leaked, altered, or mutilated because it has not taken measures under Article 28 (1) 2 through 5;
7. If it collects personal information of a child of less than 14 years old without consent of his/her legal representative in violation of Article 31 (1).
(2) Where a provider of information and communications services or similar on whom penalty surcharge under paragraph (1) had been imposed refused to submit data for computation of its sales or submitted any false data, the sales may be estimated on the basis of accounting records, such as financial statements of another provider of information and communications services or similar which is similar to the provider of information and communications services or similar in size, and the current status of business, such as the number of subscribers and the service charges, and other factors: Provided, That penalty surcharge not exceeding 400 million won may be imposed where there was no sales or it is difficult to compute the sales and where there is a ground specified by Presidential Decree. <Amended by Act No. 11322, Feb. 17, 2012>
(3) The Korea Communications Commission shall, when it intends to impose penalty surcharge under paragraph (1), take the following factors into consideration:
1. The substance and degree of the violation;
2. The duration and frequency of the violation;
3. The amount of profits acquired by the violation.
(4) The penalty surcharge under paragraph (1) shall be computed taking the factors under paragraph (3) into consideration, but the specific guidelines and procedure for the computation shall be prescribed by Presidential Decree.
(5) The Korea Communications Commission shall, if a person who is obligated to pay penalty surcharge under paragraph (1) fails to pay it by the time limit, collect an additional charge equivalent to 6/100 of the unpaid penalty surcharge per annum beginning on the day immediately following the time limit.
(6) The Korea Communications Commission shall, if a person who is obligated to pay penalty surcharge under paragraph (1) fails to pay it by the time limit, remind the person to pay it within a period of time prescribed by the Commission, and shall collect it in accordance with the precedents for disposition against default on national taxes, if the person fails to pay the penalty surcharge and the additional charge under paragraph (5) within the prescribed period of time.
(7) Where penalty surcharge imposed pursuant to paragraph (1) shall be refunded in compliance with a judgment of a court or because of any other reason, an additional amount equivalent to 6/100 of the penalty surcharge per annum shall be paid from the date on which the penalty surcharge was paid and until the date on which it is refunded.
[This Article Newly Inserted by Act No. 9119, Jun. 13, 2008]
law view
 Article 65 (Delegation and Entrustment of Authority)   print
(1) The Minister of Knowledge Economy or the Korea Communications Commission may delegate or entrust part of his/her authority under this Act to the heads of agencies under his/her control or the presidents of the Korea posts, as prescribed by Presidential Decree. <Amended by Act No. 10465, Mar. 29, 2011>
(2) The Minister of Knowledge Economy may entrust projects for facilitating the use of information and communications networks under Article 13 to the National Information Society Agency under Article 10 of the Framework Act on Informatization Promotion, as prescribed by Presidential Decree.
(3) The Korea Communications Commission may entrust the Internet and Security Agency with business affairs related to demanding submission of data and conducting inspections pursuant to Article 64 (1) and (2), as prescribed by Presidential Decree. <Amended by Act No. 9637, Apr. 22, 2009; Act No. 10465, Mar. 29, 2011>
(4) Article 64 (8) shall apply mutatis mutandis to employees of the Internet and Security Agency under paragraph (3). <Amended by Act No. 9637, Apr. 22, 2009>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 66 (Confidentiality. etc.)   print
A person who engages or engaged in a job related to any of the following business affairs shall not divulge to another person any secret that he/she has learned while performing his/her duties, nor use it for any purpose other than performance of his/her duties: Provided, That the same shall not apply if any other Act specifically provides otherwise: <Amended by Act No. 11322, Feb. 17, 2012>
1. Deleted. <by Act No. 10465, Mar. 29, 2011> ;
2. Certification of information protection and management systems under Article 47;
2-2. Affairs of the certification of management system for protection of personal Information pursuant to Article 47-3;
3. Assessment of information protection systems under Article 52 (3) 4;
4. Deleted. <by Act No. 11322, Feb. 17, 2012> ;
5. Conciliation of disputes by the defamation dispute conciliation division under Article 44-10.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 67 (Mutatis Mutandis Application to Broadcasting Business Operator)   print
(1) Chapter 4 shall apply mutatis mutandis to the cases where a person falling under subparagraph 3 (a) through (e) of Article 2, subparagraph 6, 9, 12 and 14 of the Broadcasting Act collects/uses or provides personal information of viewers. In this case, the term “provider of information and communications services” or “provider of information and communications services or similar” shall be construed as “person falling under subparagraph 3 (a) through (e) of Article 2, subparagraph 6, 9, 12 and 14 of the Broadcasting Act” and the term “users” shall be construed as “viewers”.
(2) Articles 22, 23, 23-2 through 23-4, 24, 24-2, 26, 26-2, 27, 27-2, 27-3, 28, 28-2, 29, 30, 30-2 and 31 shall apply mutatis mutandis to the trustees under Article 25 (1).
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012]
law view
 Article 68 Deleted. <by Act No. 10165, Mar. 22, 2010>   print
law view
 Article 68-2 (Establishment of Korea Information Security Industry Association)   print
(1) Persons who run a business related to the protection of information may establish the Korea Information Security Industry Association, after obtaining the authorization from the Minister of Knowledge Economy, to ensure the sound development of the information protection industry and to raise the level of the protection of information in the entire industries throughout the country.
(2) The Korea Information Security Industry Association shall be a legal entity.
(3) Necessary matters concerning procedure for authorization of the Korea Information Security Industry Association and the business and supervision of the Korea Information Security Industry Association, and other related matters shall be prescribed by Presidential Decree.
(4) Except as otherwise provided for by this Act, the provisions governing incorporated associations under the Civil Act shall apply mutatis mutandis to the Korea Information Security Industry Association.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 69 (Legal Fiction of Public Officials in Application of Penal Provisions)   print
Executives and employees of the National Information Society Agency and the Internet and Security Agency who engage in the business affairs entrusted by the Minister of Knowledge Economy or the Korea Communications Commission pursuant to Article 65 (2) or (3) shall be deemed public officials in applying Articles 129 through 132 of the Criminal Act. <Amended by Act No. 9637, Apr. 22, 2009; Act No. 10465, Mar. 29, 2011>
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 69-2 (Accusation)   print
In cases where an act falling under any subparagraph of Article 64-3 (1) is deemed existing, the Korea Communications Commission may accuse the responsible provider of information and communications services or similar to the local prosecutor’s office or other investigative agencies.
[This Article Newly Inserted by Act No. 11322, Feb. 17, 2012>
CHAPTER X PENAL PROVISIONS
law view
 Article 70 (Penal Provisions)   print
(1) A person who commits defamation of another person by disclosing a fact to the public through an information and communications network purposely to disparage his/her reputation shall be punished by imprisonment, with or without prison labor, for not more than three years, or by fine not exceeding 20 million won.
(2) A person who commits defamation of another person by disclosing a false fact to the public through an information and communications network purposely to disparage his/her reputation shall be punished by imprisonment with prison labor for not more than seven years, by suspension of qualification for not more than ten years, or by fine not exceeding 50 million won.
(3) The public prosection may not prosecute the crime under paragraph (1) or (2) against the victim's will explicitly manifested.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 71 (Penal Provisions)   print
A person falling under any of the following subparagraphs shall be punished by imprisonment with prison labor for not more than five years or by fine not exceeding 50 million won:
1. A person who collects personal information with consent of the relevant user in violation of Article 22 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
2. A person who collects personal information that is likely to seriously undermine rights, interests, or privacy of a person without consent of the relevant user in violation of Article 23 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
3. A person who uses or furnishes a third party with personal information, or who knowingly received such personal information for profit or for any other wrongful purpose, in violation of Article 24, 24-2 (1) or (2), or 26 (3) (including cases to which any of the aforesaid provisions shall apply mutatis mutandis pursuant to Article 67);
4. A person who entrusts someone with handling of personal information with consent of the relevant user in violation of Article 25 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
5. A person who mutilates, infringes, or leaks personal information in violation of Article 28-2 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
6. A person who knowingly receives any leaks personal information for profit or for any other wrongful purpose in violation of Article 28-2 (2);
7. A person who furnishes someone with or uses personal information without taking necessary measures in violation of Article 30 (5) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 30 (7), 31 (3), or 67);
8. A person who collects personal information of a child of less than 14 years old without consent of his/her legal representative in violation of Article 31 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
9. A person who conveys or circulates a malicious program in violation of Article 48 (2);
10. A person who causes a trouble to an information and communications network in violation of Article 48 (3);
11. A person who mutilates another person's information or who infringes, misappropriates, or divulges another person's secret in violation of Article 49.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 72 (Penal Provisions)   print
(1) A person falling under any of the following subparagraphs shall be punished by imprisonment with prison labor for not more than three years or by a fine not exceeding 30 million won:
1. A person who intrudes on an information and communications network in violation of Article 48 (1);
2. A person who collects another person's personal information in violation of Article 49 (1);
3. A person who carries on a business without the registration under Article 53 (1);
4. A person who lends a loan to someone or intermediates such loan by committing any of the following acts:
(a) Conducting, or engaging someone to conduct vicariously, a transaction through telecommunications billing services by pretending sale or supply of goods or services or billing more than an actual selling price;
(b) Engaging a user of telecommunications billing services to purchase or use certain goods or services through telecommunications billing services and then purchasing, at a discount, the goods or services purchased or used by the user of telecommunications billing services;
5. A person who divulges to another person any secret known to him/her while performing his/her duties or uses such secret for any purpose other than his/her duties in violation of Article 66.
(2) An attempt of the crime under paragraph (1) 1 shall be punishable.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 73 (Penal Provisions)   print
A person falling under any of the following subparagraphs shall be punished by imprisonment with prison labor for not more than two years or by a fine not exceeding ten million won:
1. A person who has a user's personal information lost, stolen, divulged, altered, or mutilated because he/she has not taken technical and administrative measures under any provision of Article 28 (1) 2 through 5 (including cases to which the aforesaid provisions shall apply mutatis mutandis pursuant to Article 67);
2. A person who provides an unwholesome medium for juvenile for profit without labeling it as an unwholesome medium in violation of Article 42;
3. A person who transmits to a juvenile any information containing advertisement of an unwholesome medium for juvenile or displays such information openly without taking any measures to restrict access by juvenile in violation of Article 42-2;
4. A person who uses a user's information for any purpose other than filing a civil or criminal lawsuit in violation of Article 44-6 (3);
5. A person who fails to perform an order of the Korea Communications Commission under Article 44-7 (2) or (3);
6. A person who fails to preserve relevant data in violation of an order issued pursuant to Article 48-4 (3);
7. A person who entices another person to furnish him/her with personal information in violation of Article 49-2 (1);
8. A person who fails to perform an order issued pursuant to Article 61.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 74 (Penal Provisions)   print
(1) A person falling under any of the following subparagraphs shall be punished by imprisonment with prison labor for not more than one year or by a fine not exceeding 10 million won: <Amended by Act No. 11322, Feb. 17, 2012>
1. A person who put any similar label on a product or sells a product bearing any similar label, or who displays such product with intent to sell it, in violation of Article 8 (4);
2. A person who distributes, sells, lends, or openly displays any obscene codes, letters, sound, images, or motion pictures in violation of Article 44-7 (1) 1;
3. A person who makes any codes, letters, sound, images, or motion pictures arousing fear or apprehensions reach another person repeatedly in violation of Article 44-7 (1) 3;
4. A person who takes any technical measures in violation of Article 50 (6);
5. A person who collects, sells, circulates any electronic mail address, or who uses any electronic mail address in transmitting information, in violation of Article 50-2;
6. A person who transmits any advertising information in violation of Article 50-8;
7. A person who fails to file for a revision to registration, or who fails to file a report on transfer, acquisition, merger, or inheritance of business, in violation of Article 53 (4).
(2) The public prosecution may not prosecute the crime under paragraph (1) 3 against the victim's will explicitly manifested.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
law view
 Article 75 (Joint Penal Provisions)   print
If a representative of a corporation, or an agent, an employee, or other servant of the corporation commits a violation under Articles 71 through 73 or 74 (1) in connection with the business of the corporation or the individual, not only shall such violator be punished accordingly, but the corporation or the individual shall be punished by a fine under the relevant Article: Provided, That this shall not apply where the corporation or individual has not been negligent in giving the due attention and supervision concerning the relevant duties to prevent such violation.
[This Article Amended by Act No. 10138, Mar. 17, 2010]
law view
 Article 76 (Fines for Negligence)   print
(1) A person falling under any of the following subparagraphs and a person who made other person commit an act falling under subparagraphs 7 through 11 shall be punished by a fine for negligence not exceeding 30 million won: <Amended by Act No. 10465, Mar. 29, 2011; Act No. 11322, Feb. 17, 2012>
1. A person who denies the provision of services in violation of Article 23 (2) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
2. A person who collects or uses resident registration numbers in violation of Article 23-2 (1) or fails to take necessary measures in violation of Article 23-2 (2) (including the case of mutatis mutandis application pursuant to Article 67);
2-2. A person who fails to notify or report to users and the Korea Communications Commission in violation of Article 27-3 (1) (including the case of mutatis mutandis application pursuant to Article 67);
3. A person who fails to take technical and administrative measures under Article 28 (1) (including cases to which the aforesaid provisions shall apply mutatis mutandis pursuant to Article 67);
4. A person who fails to destroy personal information in violation of the main sentence of Article 29 (1) or fails to take the measures pursuant to Article 29 (2) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
5. A person who fails to take necessary measures in violation of Article 30 (3), (4), or (6) (including cases to which the aforesaid provisions shall apply mutatis mutandis pursuant to Article 30 (7), 31 (3), or 67);
5-2. A person who fails to notify details of using personal information in violation of the main sentence of Article 30-2 (1) (including the case of mutatis mutandis application pursuant to Article 67);
6. A person who fails to perform an order from the Korea Communications Commission under Article 44-5 (2);
7. A person who transmits any advertising information for profit in violation of Article 50 (1) through (3);
8. A person who fails to state the matters required to be stated, or who states false information on such matters, when he/she transmitted any advertising information, in violation of Article 50 (4) or (5);
9. A person who makes an addressee bear the burden of any expense in violation of Article 50 (7);
10. A person who installs a program without consent of the relevant user in violation of Article 50-5;
11. A person who posts any advertising information for profit on an Internet homepage in violation of Article 50-7 (1);
12. A person who fails to perform an order issued by the Korea Communications Commission pursuant to Article 64 (4) to take corrective measures for his/her violation of any provision of Articles 71 through 74, subparagraphs 1 through 11 of this paragraph, and paragraph (2).
(2) A person falling under any of the following subparagraphs shall be punished by a fine for negligence not exceeding 20 million won:
1. A person who fails to disclose or notify the matters concerning the entrusted handling of personal information to users in violation of Article 25 (2) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
2. A person who fails to notify users of transfer of personal information in violation of Article 26 (1) or (2) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
3. A person who fails to designate a person responsible for management of personal information in violation of Article 27 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);
4. A person who fails to disclose the policy on handling personal information in violation of Article 27-2 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67).
(3) A person falling under any of the following subparagraphs shall be punished by a fine for negligence not exceeding 10 million won: <Amended by Act No. 9637, Apr. 22, 2009; Act No. 10560, Apr. 5, 2011; Act No. 11322, Feb. 17, 2012>
1. A person who fails to preserve electronic documents in violation of Article 20 (2);
2. A person who discloses any electronic document in violation of Article 21;
2-2. A person who engages in the identification affairs without being designated as the identification service agency in violation of Article 23-3 (1);
2-3. A person who fails to notify the suspension of identification affairs under Article 23-3 (2) or the discontinuation of identification affairs under Article 23-3 (3) to users or report the same to the Korea Communications Commission;
2-4. A person who continuously engages in identification affairs notwithstanding the disposition of suspension of identification affairs and cancelation of identification service agency under Article 23-4 (1);
2-5. A person who fails to receive a user’s consent to furnishing the user’s personal information or to entrusting handling of the personal information apart from the user’s consent to collection/use of the personal information or who refuses to provide service on the ground of the user’s refusal of aforementioned consent, in violation of Article 24-2 (3) (including the cases to be applied mutatis and mutandis pursuant to Article 67);
3. A person who fails to designate a person responsible for protection of juvenile in violation of Article 42-3 (1);
4. A person who fails to preserve information in violation of Article 43;
5. A person who fails to carry insurance in violation of Article 46 (2);
6. A person who fails to receive the certification of management system for protection of information in violation of Article 47 (2);
7. A person who falsely advertises details of the certification he/she has received in violation of Article 47 (7) and 47-3 (3);
8. Deleted. <by Act No. 11322, Feb. 17, 2012> ;
9. Deleted. <by Act No. 11322, Feb. 17, 2012> ;
10. A person who fails to give notice to users of software in violation of Article 47-4 (3);
11. A person who fails to perform an order issued pursuant to Article 48-2 (4) to take corrective measures;
11-2. A person who fails to report an event of intrusion in violation of Article 48-3 (1);
12. A person who interferes with, rejects, or evades access to the place of business to conduct an inspection under Article 48-4 (4);
13. A person who uses the name of the Korea Internet and Security Agency in violation of Article 52 (6);
14. A person who fails to file a report on cessation, discontinuance, or dissolution of business in violation of Article 53 (4);
15. A person who fails to report a standard contract form in violation of Article 56 (1);
16. A person who fails to take administrative or technical measures in violation of Article 57 (2);
17. A person who fails to notify a user of telecommunications billing services of the date and time, etc. of using the aforementioned services, in violation of Article 58 (1);
18. A person who fails to provide a user of telecommunications billing services with the method by which the user can verify the details of purchase or use, or who fails to comply with a request by a user of telecommunications billing services to provide such method, in violation of Article 58 (2);
19. A person who fails to notify a user of telecommunications billing services of the results of the measures taken in response to a request of the user in violation of Article 58 (3);
20. A person who fails to preserve records of telecommunications billing services in violation of Article 58 (4);
21. A person who fails to prepare the procedure for raising an objection by users of telecommunications billing services and redressing their rights in violation of Article 59 (2);
22. A person who fails to submit, or who falsely submitted, goods, documents, or any other material under Article 64 (1);
23. A person who fails to comply with a request for inspection or submission of data under Article 64 (2);
24. A person who rejects, interferes with, or evades the access and inspection under Article 64 (3).
(4) The fines for negligence under paragraphs (1) through (3) shall be imposed and collected by the Korea Communications Commission as prescribed by Presidential Decree. <Amended by Act No. 10465, Mar. 29, 2011>
(5) A person who is dissatisfied with disposition of a fine for negligence under paragraph (4) may file an objection with the Korea Communications Commission within 30 days from the day on which he/she is notified of the disposition. <Amended by Act No. 10465, Mar. 29, 2011>
(6) The Korea Communications Commission shall, upon receiving an objection filed in accordance with paragraph (5) by a person dissatisfied with the disposition of fine for negligence under paragraph (4), notify the competent court of the objection without delay, and the competent court shall, upon receiving such notice, put the case to trial on fines for negligence pursuant to the Non-Contentious Case Procedure Act. <Amended by Act No. 10465, Mar. 29, 2011>
(7) Where neither objection is raised nor a fine for negligence paid within the period under paragraph (5), the fine for negligence shall be collected in the same manner as delinquent national taxes are collected.
[This Article Wholly Amended by Act No. 9119, Jun. 13, 2008]
ADDENDA
Article 1 (Enforcement Date)
This Act shall enter into force on July 1, 2001.
Article 2 (Transitional Measures following Change of Basis for Establishing Korea Information Security Center and of Its Name)
(1) The Korea Information Security Center established pursuant to Article 14-2 of the Framework Act on Informatization Promotion at the time that this Act enters into force shall be deemed the Korea Information Security Agency established pursuant to Article 52 of this Act.
(2) Any act performed by and any legal relations maintained by the Korea Information Security Center at the time when this Act enters into force shall be deemed performed and maintained by the Korea Information Security Agency.
(3) The name of the Korea Information Security Center on the register book and other public registers at the time when this Act enters into force shall be deemed the name of the Korea Information Security Agency.
Article 3 (Transitional Measures following Change of Name of Korea Information and Communications Promotion Association)
(1) The Korea Information and Communications Promotion Association at the time when this Act enters into force shall be deemed the Korea Association of Information and Telecommunication.
(2) Any act performed and any legal relations maintained by the Korea Information and Communications Promotion Association at the time when this Act enters into force shall be deemed performed and maintained by the Association.
(3) The name of the Korea Information and Communications Promotion Association on the register book and other public registers at the time that this Act enters into force shall be deemed the name of the Korea Association of Information and Telecommunication.
Article 4 (Transitional Measures concerning Application of Penal Provisions)
The application of the penal provisions to any act committed prior to the enforcement of this Act shall be governed by the previous provisions.
Article 5 Omitted.
Article 6 (Relations to other Acts and Subordinate Statutes)
If other Acts and subordinate statutes cite the former Act on Promotion, etc. of Utilization of Information System or the provisions thereof at the time this Act enters into force and if there exist corresponding provisions thereto in this Act, this Act or the corresponding provisions in this Act shall be regarded as being cited.
ADDENDA <Act No. 6585, Dec. 31, 2001>
Article 1 (Enforcement Date)
This Act shall enter into force on April 1, 2002.
Articles 2 through 4 Omitted.
ADDENDA <Act No. 6797, Dec. 18, 2002>
(1) (Enforcement Date) This Act shall enter into force after the lapse of one month from the date of its promulgation: Provided, That the amended provisions of Articles 50 (2) and (5), 56 (3) and (4), 60 and 67 (1) (limited to the provisions of subparagraphs 15-2 and 15-4) shall enter into force after the lapse of six months from the date of its promulgation.
(2) (Transitional Measures concerning Application of Fine for Negligence) The application of the fine for negligence to the act of violation committed prior to the enforcement of this Act shall be governed by the previous provisions.
ADDENDA <Act No. 7139, Jan. 29, 2004>
(1) (Enforcement Date) This Act shall enter into force on the date of its promulgation: Provided, That the amended provisions of Articles 28, 45 (4), 46-3, 47-2 (4) and 48-4 (6) shall enter into force on the date on which six months lapse from the date of promulgation of this Act.
(2) (Transitional Measures concerning Application of Fines for Negligence) The application of the fine for negligence to the act of violation committed prior to the enforcement of this Act shall be governed by the previous provisions.
ADDENDA <Act No. 7142, Jan. 29, 2004>
Article 1 (Enforcement Date)
This Act shall enter into force six months after the date of its promulgation.
Articles 2 through 4 Omitted.
ADDENDUM <Act No. 7262, Dec. 30, 2004>
This Act shall enter into force three months after the date of its promulgation.
ADDENDA <Act No. 7796, Dec. 29, 2005>
Article 1 (Enforcement Date)
This Act shall enter into force on July 1,2006.
Articles 2 through 6 Omitted.
ADDENDUM <Act No. 7812, Dec. 30, 2005>
This Act shall enter into force three months after the date of its promulgation.
ADDENDA <Act No. 7917, Mar. 24, 2006>
(1) (Enforcement Date) This Act shall enter into force three months after the date of its promulgation.
(2) (Transitional Measures concerning Safety Check of Information Protection) Where a company specializing in information protection consulting under Article 17 of the Act on the Protection of Information and Communications Infrastructure has commenced the works of safety check of information protection before the enforcement of this Act, it may continue to perform the works of safety check of information protection pursuant to the previous provisions, notwithstanding the amended provisions of Article 46-3 (1).
ADDENDUM <Act No. 8030, Oct. 4, 2006>
This Act shall enter into force three months after the date of its promul
gation.
ADDENDA <Act No. 8031, Oct. 4, 2006>
Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)
Articles 2 through 6 Omitted.
ADDENDA <Act No. 8289, Jan. 26, 2007>
Article 1 (Enforcement Date)
This Act shall enter into force six months after the date of its promulgation.
Article 2 (Transitional Measures for Prohibition on Illegal Communications)
The orders issued by the Minister of Information and Communication to reject, suspend or restrict handling of telecommunications services pursuant to Article 53 of the Telecommunications Business Act before this Act enters into force shall be deemed to have been issued pursuant to the amended provisions of Article 44-7 of this Act.
Article 3 (Transitional Measures for Change in Authority for Establishment of Information and Communications Ethics Committee)
(1) The Information and Communications Ethics Committee established pursuant to Article 53-2 of the former Telecommunications Business Act as of the enforcement date of this Act shall be deemed the Information and Communications Ethics Committee established pursuant to the amended provisions of Article 44-8 of this Act.
(2) The acts done by or against the Information and Communications Ethics Committee and other legal relationships with the Information and Communications Ethics Committee under the former provisions before this Act enters into force shall be deemed the acts done by or against the Information and Communications Ethics Committee and other legal relationships with the Information and Communications Ethics Committee under the amended provisions of Article 44-8 of this Act.
Article 4 (Transitional Measures for Collection, Use, and Provision of Personal Information)
(1) Consent obtained from a user in relation to collection, use, provision, or similar of personal information in accordance with the former provisions of Article 22, 23, 24, or 54 as of the enforcement date of this Act shall be deemed consent obtained lawfully in accordance with the amended provisions of Article 22, 23, 24, 24-2, or 54.
(2) Handling of personal information, which has been entrusted lawfully in accordance with the former provisions of Article 25 as of the enforcement date of this Act shall be deemed to have been entrusted with consent obtained lawfully in accordance with the amended provision of Article 25 (1).
(3) An act performed by a person who succeeded rights and obligations of a provider of information and communications services or similar in accordance with the former provisions of Article 26 as of the enforcement of this Act to use or provide personal information shall be deemed to have been performed with consent obtained lawfully in accordance with the amended provision of Article 26 (3).
Article 5 (Transitional Measures for Application of Penal Provisions)
Acts committed before this Act enters into force shall be governed by the former penal provisions.
Article 6 Omitted.
ADDENDA <Act No. 8486, May 25, 2007>
Article 1 (Enforcement Date)
This Act shall enter into force one year after the date of its promulgation.
Articles 2 through 10 Omitted.
ADDENDA <Act No. 8778, Dec. 21, 2007>
Article 1 (Enforcement Date)
This Act shall enter into force three months after the date of its promulgation.
Article 2 (Transitional Measures for Registration of Providers of Telecommunications Billing Services)
(1) A person who renders telecommunications billing services at the time when this Act enters into force shall complete the registration with the Minister of Information and Communication in accordance with the amended provision of Article 53 (1) within three months from the date this Act enters into force.
(2) A provider of telecommunications billing services who is registered in accordance with Article 28 (2) of the Electronic Financial Transactions Act at the time when this Act enters into force shall submit a written statement certifying the registration with the Minister of Information and Communication within three months from the date this Act enters into force.
(3) A person who submits a written statement in accordance with paragraph (2) shall be deemed to have been registered in accordance with the amended provision of Article 53 (1).
ADDENDA <Act No. 8852, Feb. 29, 2008>
Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation: Provided, That ...
Articles 2 through 7 Omitted.
ADDENDA <Act No. 8867, Feb. 29, 2008>
Article 1 (Enforcement Date)
This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)
Articles 2 through 12 Omitted.
ADDENDA <Act No. 9119, Jun. 13, 2008>
(1) (Enforcement Date) This Act shall enter into force six months after the date of its promulgation.
(2) (Transitional Measures for Application of Penal Provisions) Acts committed before this Act enters into force shall be governed by the former penal provisions and the former provisions concerning fines for negligence.
ADDENDA <Act No. 9637, Apr. 22, 2009>
Article 1 (Enforcement Date)
This Act shall enter into force three months after the date of its promulgation.
Article 2 (Preparation for Establishment of Korea Internet and Security Agency)
(1) The Korea Communications Commission may perform preparatory activities to establish the Korea Internet and Security Agency by commissioning not less than five incorporators before this Act enters into force.
(2) The incorporators shall prepare the articles of incorporation of the Korea Internet and Security Agency and obtain approval from the Korea Communications Commission.
(3) The incorporators, upon obtaining approval under paragraph (2), shall register the incorporation of the Korea Internet and Security Agency by joint signature and turn over the administrative responsibility to the President of Korea Internet and Security Agency.
(4) The incorporators shall be deemed decommissioned at the time the take-over of the administrative responsibility is complete purusant to paragraph (3).
Article 3 (Transitional Measures concerning Succession of Korea Information Security Agency, Korea Internet and Security Agency and Korea IT International Cooperation Agency)
(1) The administrative responsibilities of the Korea Information Security Agency under Article 52 of the Act on Promotion, etc. of Utilization of Information System (hereinafter referred to as the "Korea Information Security Agency"), the Korea Internet and Security Agency under Article 9 of the Internet Address Resources Act (hereinafter referred to as the "Korea Internet and Security Agency"), and the Korea IT International Cooperation Agency under Article 24-2 of the Framework Act on Informatization Promotion (hereinafter referred to as the "Korea IT International Cooperation Agency"), which are governed by the previous provisions at the time this Act enters into force, shall be comprehensively succeeded to the Korea Internet and Security Agency under this Act.
(2) The previous rights, obligations, properties of the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency as at the time this Act enters into force shall be comprehensively succeeded to the Korea Internet and Security Agency under this Act.
(3) The previous employment relationship covering the employees of the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency as at the time this Act enters into force shall be comprehensively succeeded to the Korea Internet and Security Agency under this Act.
(4) The previous activities performed by or in relation to the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency as at the time this Act enters into force shall be deemed to have been performed by or in relation to the Korea Internet and Security Agency under this Act.
(5) The titles of the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency indicated on the register as at the time this Act enters into force or other public books shall be deemed to be the those of the Korea Internet and Security Agency under this Act.
Article 4 Omitted.
Article 5 (Relations with other Acts and Subordinate Statutes)
Where the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. or the provisions thereof are cited in other Acts and subordinate statutes as at the time this Act enters into force, and any provision corresponding thereto exists in this Act, this Act or the corresponding provision of this Act shall be deemed to have been cited in lieu of the previous provision.
ADDENDUM <Act No. 10138, Mar. 17, 2010>
This Act shall enter into force three months after the date of its promulgation.
ADDENDA <Act No. 10165, Mar. 22, 2010>
Article 1 (Enforcement Date)
This Act shall enter into force six months after the date of its promulgation. (Proviso Omitted.)
Articles 2 through 7 Omitted.
ADDENDA <Act No. 10166, Mar. 22, 2010>
Article 1 (Enforcement Date)
This Act shall enter into force six months after the date of its promulgation.
Articles 2 through 9 Omitted.
ADDENDA <Act No. 10465, Mar. 29, 2011>
Article 1 (Enforcement Date)
This Act shall enter into force six months after the date of its promulgation.
(Proviso Omitted.)
Articles 2 through 7 Omitted.
ADDENDA <Act No. 10560, Apr. 5, 2011>
Article 1 (Enforcement Date)
This Act shall enter into force three months after the date of its promulgation.
Article 2 (General Transitional Measures)
Previous acts of the identification service agency which developed and provided the previous identification affairs as at the time of enforcement of this Act shall be deemed to have been legitimately developed and provided if the agency obtains the designation of identification service agency pursuant to this Act.
Article 3 (Transitional Measures concerning Designation of Identification Service Agency)
A person who was conducting the identification affairs as at the time of enforcement of this Act shall be designated, within three months after enforcement date of this Act, as an identification service agency by the Korea Communications Commission pursuant to the amended provision of Article 23-3 (1).
ADDENDA <Act No. 11048, Sep. 15, 2012>
Article 1 (Enforcement Date)
This Act shall enter into force one year after the date of its promulgation.
(Proviso Omitted.)
Articles 2 through 5 Omitted.
ADDENDA <Act No. 11322, Feb. 17, 2012>
Article 1 (Enforcement Date)
This Act shall enter into force six months after the date of its promulgation: Provided, That the amended provisions of Articles 45, 45-2, 45-3, 46-3, 47, 47-2, 47-3, 47-5, 52 (3) 7, 66 and 76 (3) 6 through 9 shall enter into force after the lapse of one year from the date of its promulgation.
Article 2 (Transitional Measures concerning Restriction on Collection/Use of Resident Registration Number)
(1) A provider of information and communications services who provides methods of subscription for membership by using the subscriber’s resident registration number as at the time of enforcement of this Act shall destroy all the resident registration numbers possessed by the provider within two years after enforcement date of this Act: Provided, That this shall not apply in cases where falling under any of the subparagraphs under Article 23-2 (1).
(2) In cases where a provider of information and communications services fails to destroy the resident registration numbers possessed by him/her within the period under paragraph (1), the amended provisions of Article 23-2 (1) shall be deemed violated.
Articles 3 (Transitional Measures concerning Abolition of the Safety Inspection on Protection of Information)
A business operator who received a safety inspection on the protection of information pursuant to previous provisions as at the time of enforcement of this Act shall be deemed, during the concerning year in which he/she received the safety inspection on the protection of information, as the business operator who received the certification of an information protection and management system pursuant to the amended provisions of Article 47 (2).
Articles 4 (Transitional Measures concerning Certification of Management System for Protection of Personal Information)
A person who received the certification of management system for protection of personal information from the Korea Internet and Security Agency as at the time of enforcement of this Act shall be deemed to have received the certification of management system for protection of personal information pursuant to the amended provisions of Article 47-3.
Articles 5 (Transitional Measures concerning Fine for Negligence)
Upon imposing fine for negligence with respect to any violative acts committed before enforcement of this Act, the previous provisions shall apply thereto.