People's Media - Newscham

all text articles

Korean Privacy Report 2007-2008(1)
Jinbo Network Center www.jinbo.net
Privacy Supervisory Authority

In Korea, there is not the Basic Act on the Protection of Personal Information to protect privacy in all spheres of society yet. There is not an independent privacy supervisory authority either. Human rights groups in Korea had insisted on enacting the Basic Act on the Protection of Personal Information and establishing independent privacy supervisory authority for a long time from late nineties. Three different acts on the protection of personal information which include establishing independent privacy supervisory authority were proposed in the 17th National Assembly. The Democratic Labor Party proposed the act that was drafted in cooperation with human rights groups in November 2004. The act drafted by government and the ruling party, Uri Party, was proposed in July 2005, and the act drafted by Grand National Party was proposed in October 2005. However, these acts were not passed even in the Standing Committee in National Assembly, which was not because there were objections in the Standing Committee, but because Assemblymen were negligent, even they were not discussed. Finally, the acts were repealed automatically when the 17th National Assembly was closed in may 2008.

After that, there was a public hearing on June 27, 2008, on the Basic Act on the Protection of Personal Information drafted by the Ministry of Public Administration and Security (MOPAS) to propose in the 18th National Assembly. However MOPAS plans not to establish an independent privacy supervisory authority, but take charge of supervisory role by itself. Human rights groups criticize that MOPAS itself is main object to be supervised as a ministry directly managing huge personal information such as resident registration databases, and that it's illogical to supervise itself.

Personal Information Leaks

The Auction site, which was one of the biggest on-line market in Korea, was hacked causing personal information of more than ten million people to be exposed in February 2008. Soon after, the fact that one of the major ISPs, Hanaro-Telecom, intentionally abused its more than six million clients' personal information (the number of leaked records were more than eighty five millions) became known in April 2008. These accidents were a great shock to the public. The victims of these accidents raised class suits against the Auction and Hanaro-Telecom.

Human rights groups claimed that the reason why leakage of personal information had occurred on a large-scale in these accidents was because large-scale personal information was collected unnecessarily by the companies in one hand, and public authority did not perform its jobs in monitoring and overseeing these companies’ behaviors in collecting and using personal information in the other hand, and urged the government to enact the Basic Act on the Protection of Personal Information and establish an independent privacy supervisory authority.

Among the personal information leaked in these accidents, the exposure of the Resident Registration Numbers poses tremendous problems. The Resident Registration Number is issued to every Korean at birth. It is a unique number which includes sensitive information such as date of birth and sex, and can never be changed. The Korean government allowed private entities to collect such sensitive information without proper regulations, and abandoned its responsibility by not providing effective corrective measures even though massive numbers of Resident Registration Numbers have been traded and used for fraudulent IDs. To minimize the damage of victims, human rights groups requested the Ministry of Public Administration and Security (MOPAS) to reassign their Resident Registration Numbers in May 2008. However, MOPAS denied that request saying it is impossible.

Internet Real Name Policy

Since the Ministry of Information and Communication expressed the necessity of introducing the ‘Internet real name policy’, which is a policy that obligates every user of major Internet portal sites and government sites to confirming his/her real identity, in the early 2003. Human rights groups had been against the policy. They criticized that the policy would violate freedom of expression and right to anonymity of all users. In addition, they worried about identity theft in the process of authentication using name and Resident Registration Number. Actually, there was a large scale identity theft accident in the on-line game site, Lineage, where fake accounts, more than 220 thousands, were made using stolen names and Resident Registration Numbers in February 2006. As the public opinion criticizing beef import negotiation between Korea and U.S. spread fast over the Internet, the Korean government and the governing party, GNP, planned to expand the sites which were forced to adopt Internet real name policy up to over 200 sites including Google.

Meanwhile, the revision of Public Election Act was passed in the National Assembly in May 2004, which requires Internet newspaper sites to adopt technical management of confirming user's real identity in their bulletin boards or chat rooms during the election period. Human rights groups and Internet newspapers criticized that 'Internet real name policy during the election period' would restrict political participation of citizens, and announced disobedience to the policy. (http://freeinternet.or.kr/) The National Human Rights Commission expressed objection to 'Internet real name policy' in the "Opinions to the National Assembly about Politics related Law and its revision" in February 2004. (*) In the opinion, the NHRC pointed out that Internet real name policy was clearly censorship presuming that all people who would post in the bulletin board during the election period would circulate false information and/or libel, and violated freedom of expression under the article 19 of the World Human Rights Declaration and the article 21 of the Constitution by restricting freedom of expression and right to form opinions based on anonymity in the Internet, and would possibly violate right to control his/her own information under the article 17 of the Constitution in that individual information would be subject to misuse for the purpose other than original purpose presented when information was collected, by allowing the minister of MOGAHA and credit information companies to confirm users' identity using name and Resident Registration Number when requested by Internet newspapers.

Since 'Internet real name policy during election period' was first enforced in May 31st local elections in 2006, some of progressive Internet newspapers practiced disobedience. An Internet newspaper, 'People's Media Chamsesang', which was imposed a fine of KRW 10 million at the price of disobedience during the presidential election in 2007, raised a unconstitutionality suit on April 4, 2008. (**) In addition, A netizen raised a unconstitutionality suit claiming that Internet real name policy violated basic rights under the Constitution at the last date of enforcement of Internet real name policy during general election, on April 8, 2008.

* http://www.humanrights.go.kr/04_sub/body02.jsp?NT_ID=24&flag= VIEW&SEQ_ID=554728&page=1

** http://www.newscham.net/news/view.php?board=news&nid=47126

trackback URL http://www.newscham.net/news/trackback.php?board=news_E&nid=49467 [copyinClipboard]

Comment

JYCEBQ

additional remark

This article is originally written to contribute to 'Privacy and Human Rights 2007' of The Electronic Privacy Information Center (EPIC)