Act on Promotion of Information and Communication Network Utilization and Information Protection

CHAPTER I GENERAL PROVISIONS[edit]

Article 1 (Purpose)[edit]

This Act’s purpose is to promote the use of information and communications networks, to protect the user’s personal information when they are in use of information and communications services, and to construct a milieu within which users can safely use information and communications networks with the aim of improving individual lives as well as the general public welfare.

Article 2 (Definitions)[edit]

1. The definitions of terms used in this Act shall be as follows:
   1. The term "information and communications networks" is meant to embody the information and communications systems, under which telecommunications infrastructure as prescribed in subparagraph 2 of Article 2 of the Framework Act on Telecommunications are employed, or the telecommunications infrastructure, computers, and software are used together for gathering, storage, processing, searching, transmission and reception of information;
   2. The term "information and communications services" is meant to signify the telecommunications services stipulated in subparagraph 7 of Article 2 of the Framework Act on Telecommunications, as well as information supply or the administration of the information supply using telecommunications services;
   3. The term "information and communications service providers" signifies the operators of telecommunications, stipulated in Article 2 (1) 1 of the Telecommunications Business Act, as well as other individual information suppliers or information supply administrators who operate with the intention to earn profit through use of the services rendered telecommunications service providers;
   4. The term "users" means individuals who use the information and communications services rendered by information and communications service providers;
   5. The term "digital document" embodies all data standardized in document form within which information is electronically compiled, sent or received, or stored by equipment, including computers, that are capable of performing data processing;
   6. The term "personal information" means the information concerning anyone living that contains the code, letter, voice, sound, and/or image, which allows for the possibility for that individual to be identified by name and resident registration number (including information which, if not by itself, allow for the possibility of identification when combined with other information).
2. With the exception of paragraph (1) stipulations, the definitions used in this Act shall be governed by the Informationalization Promotion Framework Act.

Article 3 (Duties of Providers of Information and Communications Services and Users)[edit]

1. Any information and communications service provider shall protect user personal information, strive to protect user rights and interests, and to improve the capability of their service by providing information and communications services in a safe and healthy way.
2. Every user shall strive to establish a healthy information society.
3. The Government may assist in the protection of user personal information and protect juveniles from possible abuse from information and communications networks by cooperating with, and supporting, information and communications service provider organizations and user organizations.

Article 4 (Policy for Promotion of Utilization of Information and Communications Networks )[edit]

1. A policy shall be formed by the Minister of Information and Communication that will be the base upon which an information society can be constructed. This policy shall achieve this objective through the facilitation of use, secure administration, and secure operation of information and communications networks, and user information protection (hereafter referred to as the "promotion of the utilization of information and communications networks and the protection of information").
2. The policy referred to in paragraph (1) shall contain subjects that fall under each of the following subparagraphs:
   1. Development and distribution of information and communications network technology;
   2. Standardization of information and communications networks;
   3. Revitalization of information and communications networks use including expansion of information content and information and communications network usage under Article 11;
   4. Facilitation of joint utilization of information through information and communications networks;
   5. Revitalization of Internet use;
   6. Protection of personal information that is collected, processed, stored and used through employment of information and communications networks;
   7. Protection of juveniles using information and communications networks;
   8. Improvement of information and communications network safety and reliability;
   9. Other necessary matters needed to promote information and communications network use and protect information.
3. The Minister of Information and Communication shall strive for cohesion between policy referred to in paragraph (1) and the basic plan for promoting informationalization stipulated in Article 5 of the Informationalization Promotion Framework Act.

Article 5 (Relation with Other Acts)[edit]

With the exception of special provisions in other Acts, the promotion of the utilization of information and communications networks and the protection of information shall be governed by this Act.

Article 6 (Promotion of Technological Development)[edit]

1. Under conditions stipulated by Presidential Decree, the Minister of Information and Communication may appoint research institutes to implement projects intended for research and development, technical cooperation, technological transfer, or technical guidance services, in order to efficiently promote information and communications network technology.
2. The Government may incur the requisite costs, in whole or in part, of research institutes undertaking the research and development projects referred to in paragraph (1).
3. Presidential Decree shall stipulate necessary matters regarding the payment and administration of costs set in paragraph (2).

Article 7 (Management and Dissemination of Information Pertaining to Technologies)[edit]

1. The Minister of Information and Communication shall manage information concerning technologies and equipment related to information and communications networks (hereafter referred to as "information pertaining to technologies") in a methodical and collective manner.
2. When the Minister of Information and Communication judges it necessary to manage information concerning technologies in a methodical and collective manner, he may request involved administrative agencies as well as national and public research institutes, to provide information pertaining to said technologies. In this case, institutions heads shall, upon receiving the request, comply unless special circumstances exist that make it impossible for them to comply.
3. An information distribution project, with the goal of making information pertaining to technologies quickly and conveniently accessible to the public, shall be put into action by the Minister of Information and Communication.
4. Presidential Decree shall stipulate requisite matters concerning the range of information and communications network technology subject to information distribution referred to in paragraph (3).

Article 8 (Standardization and Certification of Information and Communications Networks)[edit]

1. The Minister of Information and Communications shall set criteria for information and communications networks and publish the criteria to facilitate information and communications network use. He may also urge any information and communications service provider, or any related individual manufacturer or goods supplier to adopt the criteria: Provided, the matters for which the Korea Industrial Standards are set shall be governed by the Korea Industrial Standards, in accordance with Article 10 of the Industrial Standardization Act.
2. Anyone who manufactures and supplies goods concerning information and communications that conform to the criteria published under paragraph (1), may obtain certification from an authorized certification institution designated in accordance with Article 9 (1), and place a label on their goods that illustrate the conformity of the goods with industry standards.
3. Any certification of the Korea Industrial Standards, if bestowed under Articles 11 through 13 of the Industrial Standardization Act, shall be considered bestowed in accordance with paragraph (2), in the case of paragraph (1) stipulations.
4. Any person who is not awarded a certification under paragraph (2) shall be prohibited from putting any label that illustrates the conformity of their goods with industry standards, or any similar label, or from displaying such goods for sale purposes.
5. The Ordinance of the Ministry of Information and Communication shall stipulate necessary matters concerning the subject of, method of, standardization procedures referred to in paragraph (1).

Article 9 (Designation of Authorized Certification Institution)[edit]

1. The Minister of Information and Communication may designate any institution (hereafter referred to as an "authorized certification institution") as a body capable of certifying goods related to information and communications networks that are manufactured or supplied by anyone conform to criteria published under the main sentence of Article 8 (1).
2. The Minister of Information and Communication may cancel the designation of an authorized certification institution or suspend the business of an authorized certification institution for a fixed period of not more than 6 months if any authorized certification institution falls under any of the following subparagraphs: Provided, that if the authorized certification institution falls under subparagraph 1, its designation shall be cancelled:
   1. When designation is achieved in a fraudulent manner;
   2. When it has suspended, without justifiable grounds, its certification business for more than one year;
   3. When it fails to meet the designation criteria set under paragraph (3).
3. The Ordinance of the Ministry of Information and Communication shall stipulate requisite matters concerning the standards and procedures for designating any authorized certification institution as well as the revocation of the authorized certification designation, and the standards for suspending business under paragraphs (1) and (2).

Article 10 (Assistance for Development of Information Contents)[edit]

In order to strengthen national competitiveness and to develop public interest, the Government may provide financial and technical support to any individual who develops information contents that are distributed through information and communications networks.

Article 11 (Development Facilitation of Applied Services of Information and Communications Networks)[edit]

1. The Government may provide financial and technical support, as well as other requisite forms of support, to any State organ, local government, or public institution that creates and administers any services that increase efficiency, automate, and sophisticate their business affairs through use of information and communications networks (hereafter referred to as the "applied services of information and communications networks").
2. The Government may provide financial and technical support, as well as other requisite forms of support, to the private sector in order for them to facilitate the development of the applied services of information and communications networks in their given sectors and to take the measures of the following subparagraphs to train the skilled labor necessary to develop applied services:
   1. Internet education support conducted at all educational levels;
   2. Expansion of public education concerning the Internet;
   3. Assistance in training projects created to establish skilled labor concerned with information and communications networks;
   4. Establishment of, and support for, training institutions specialized in schooling skilled labor concerned with information and communications networks;
   5. Development of, and support for, educational programs that teach the use of information and communications networks and the distribution of said educational programs;
   6. Establishment of the technical qualification system concerning information and communications networks and support for skilled labor specialized in information and communications networks;
   7. Other matters necessary to school the skilled labor concerned with information and communications networks.

Article 12 (Construction of a System for the Joint Utilization of Information)[edit]

1. The Government may advance the interoperability, standardization, and joint utilization of information and communications networks to efficiently utilize the information and communications networks.
2. The Government may provide requisite financial and technical support to anyone who builds a joint utilization of information system as stipulated in paragraph (1).
3. Presidential Decree shall stipulate requisite matters regarding promotion and support under paragraphs (1) and (2).

Article 13 (Projects for Promoting Utilization of Information and Communications Networks)[edit]

1. Under conditions stipulated by Presidential Decree, the Minister of Information and Communication may create and enact projects designed to facilitate the efficient use and distribution of technologies, equipment, and applied services in order to facilitate information and communications network use in the public and private sectors, culture, and society as a whole, and end the information gap.
2. The Government may provide requisite financial and technical support to anyone participating in the projects referred to in paragraph (1).

Article 14 (Proliferation of Internet)[edit]

The Government shall stimulate efficient private and public sector Internet use in order to encourage widespread Internet use, increase the Internet’s foundation, increase Internet education and publicity, and design and put into practice actions that end the Internet utilization gap by region, gender and age.

Article 15 (Quality Improvement of Internet Services)[edit]

1. The Minister of Information and Communication design actions to protect Internet user rights and interests, upgrade Internet quality, and ensure the Internet stability.
2. If the Minister of Information and Communication judges it necessary to put into practice actions referred to in paragraph (1), he may create and publish Internet service standards for measuring and assessing quality after deliberating with information and communications service organizations as well as user organizations.
3. Any information and communications service provider may determine the quality of contemporary Internet services on his own, according to the standards set and published under paragraph (2) and make the results known to users.

Article 16 (Expansion of Internet IP Addresses)[edit]

The Minister of Information and Communication shall take measures to increase the number of IP addresses, including domain names, that are the basis for Internet use and make it possible for the appropriate use of these IP addresses. He shall deliberate with information and communications service organizations as well as user organizations in order to reflect their opinions in the measures.

Article 17 (Dispute over Internet Domain Names)[edit]

The Minister of Information and Communication shall design requisite actions for international cooperation and dispute mediation quickly and fairly resolve disputes over the registration and use of Internet domain names in order to facilitate the proper use and administration of Internet domain names.

CHAPTER III UTILIZATION OF DIGITAL DOCUMENTS THROUGH DIGITAL DOCUMENT RELAYER[edit]

Article 18 (Processing of Documents by Digital Document Relayer)[edit]

1. State organ heads or local governments shall stipulate and publish requisite matters, including the subject of business and digital document relayer, under the stipulated conditions given by Presidential Decree, when they intend to process permission, authorization, approval, registration, report, and application as stipulated by Acts and subordinate statutes (hereafter in this Article referred to as "permission") in the form of digital documents by anyone who administers facilities and equipment used for relaying digital documents (hereafter referred to as a "digital document relayer").
2. The digital document processed in accordance with paragraph (1) shall be deemed the document stipulated in relevant Acts and subordinate statutes and the name signed and the seal placed on that digital document, a letter indicating the ostensible person of that digital document and an officially recognized digital signature under subparagraph 3 of Article 2 of the Digital Signature Act. <Amended by Act No. 6585, Dec. 31, 2001>
3. Any permission processed in a digital document under paragraph (1) shall be judged processed according to procedures stipulated in relevant Acts and subordinate statutes.
4. The Presidential Decree shall stipulate requisite matters concerning requirements and procedures for designating any digital document relayer.

Article 19 (Time for Transmitting and Receiving Digital Document)[edit]

1. If anyone other than the creator or the creator’s agent, inputs the creator’s digital document into a computer not managed by the creator or the creator’s agent, the digital document shall be judged transmitted.
2. Any digital document shall be judged received at a time falling under any of the following subparagraphs:
   1. The receiver designates a computer to receive the digital document and when the digital document is input into that computer: Provided, that the digital document is input into a computer other than the designated computer when the receiver outputs it;
   2. The receiver does not designate a computer to receive the digital document when the digital document is input into a computer managed by the receiver.

Article 20 (Presumption of Contents of a Digital Document)[edit]

1. The relevant contents shall be presumed compiled according to the contents of the digital document recorded in the computer file of the digital document relayer when a dispute arises between parties or interested parties over the contents of a digital document.
2. State organ heads or any local government heads shall assign and publish a fixed period of time that a digital document relayer must keep a digital document in their custody.

Article 21 (Restrictions on Disclosure of Digital Documents)[edit]

No digital document relayer shall divulge any digital document or records processed by digital document relay facilities without undergoing legal procedures or obtaining relevant addresser and addressee consent.

CHAPTER IV PROTECTION OF PERSONAL INFORMATION SECTION 1[edit]

Article 22 (Collection of Personal Information)[edit]

1. If an information and communications service provider intends to gather user personal information, they shall obtain user consent: Provided, that this shall not apply in cases that fall under each of the following subparagraphs:
   1. Where it is necessary to actualize a contract for information and communications service use;
   2. Where it is necessary to adjust fees for information and communications services provision;
   3. Where special provisions exist in this Act or other Acts.
2. If any information and communications services provider intends to obtain user consent referred to in paragraph (1), they shall notify the user of the matters falling under each of the following subparagraphs in advance, or specify the matters in a standardized contract for information and communications service use:
   1. The name, department, position, telephone number, and other communication means of a person in charge of administering the personal information;
   2. The objective of the collection and use of the personal information;
   3. The identification, objective, and contents of the personal information to be provided to a third person if the personal information is provided to a third person;
   4. The right of the user and his legal representative and the method of exercising this right under Articles 30 (1) and (2) and 31 (2);
   5. Presidential Decree shall stipulate other requisite matters that protect personal information.

Article 23 (Restrictions on Gathering Personal Information)[edit]

1. No information and communications service provider shall gather personal information, such as political ideology, religion, and medical record, which is likely to excessively infringe upon the rights, best interest, and privacy of the relevant user: Provided, the same shall not be true in the event that consent of the relevant user exists or the subject of gathering the personal information is specified in other Acts.
2. When gathering user personal information, an information and communications service provider shall gather the minimum information necessary to deliver information and communications services. They shall not refuse to provide relevant services on the grounds that the user does not provide personal information other than the necessary minimum information. SECTION 2 Utilization and Provision of Personal Information

Article 24 (Utilization and Provision of Personal Information)[edit]

1. No information and communications service provider shall use personal information or provide it to any third person or party beyond the scope of notification stipulated in Article 22 (2) or the specified limit in a standardized contract for information and communications services usage with the exception of cases where there is expressed user consent or a case falling under each of the following subparagraphs:
   1. Where it is necessary to change fees for information and communications service provision;
   2. Where the personal information is provided after it is processed in such a way as to render any specific individual unidentifiable if such personal information is necessary to compile statistics, conduct academic research, or conduct a market survey;
   3. Where special provisions exist in other Acts.
2. Any person who is provided with users’ personal information by any information and communications service provider shall not use the personal information for a purpose other than the purpose for which the personal information is provided or provide such personal information to any third person, with the exception of cases in which there is expressed user consent or the existence of special provisions of other Acts.
3. Information and communications service providers (referring to information and communications service providers and other persons who are given the personal information of users by the former; hereafter the same shall apply) shall minimize the number of persons that can handle the users’ personal information.
4. Any person who handles or handled users’ personal information shall not harm, infringe upon, or disseminate any users’ personal information that was learned while in the performance of duties.

Article 25 (Entrusting of Personal Information Processing)[edit]

1. If information and communications service providers delegate the work of gathering, handling, and administering users’ personal information to others, they shall serve notice to each of the users.
2. The person who is delegated by a information and communications service provider with the work of processing the personal information under paragraph (1) shall be judged an employee of the information and communications service provider only with respect to compensation allotted to users for any harm inflicted by their violation of this Chapter’s stipulations in connection with the delegated work.

Article 26 (Notice on Business Transfer)[edit]

1. Under the conditions stipulated by Presidential Decree, when an information and communications service provider transfers their business in whole or in part, or their rights and duties due to a merger or an inheritance, they shall notify the users of matters that fall under each of the following subparagraphs:
   1. The details of the transfer of the business in whole or in part, and the merger or the inheritance;
   2. The name (referring to the name of a corporation in the case of a corporation; hereafter the same in this Article shall apply), address, telephone number, and other contact means of a person who succeeds the rights and duties of the information and communications services provider.
2. Under the conditions stipulated by Presidential Decree, any person who acquires the whole or part of the business of an information and communications service provider by transfer or succeeds to the rights and duties of an information and communications service provider due to a merger or an inheritance (hereafter referred to as a "transferee of business") shall notify the users of the matters falling under each of the following subparagraphs:
   1. The details of their rights and duties succession of the information and communications service provider and his name;
   2. The name, post, position, telephone number, and other contact means of a person in charge of administering user personal information;
   3. The objective of user personal information use;
   4. Users’ rights as stipulated by Article 30 (1) and (2) and the method of exercising these rights;
   5. Other requisite matters stipulated by Presidential Decree that protect users’ personal information.

Article 27 (Designation of Persons in Charge of Administering Personal Information)[edit]

1. The information and communications service provider shall designate persons in charge of administering users’ personal information to protect said information and handle users’ complaints with regards to the use of personal information.
2. The Ordinance of the Ministry of Information and Communication shall stipulate the qualification requirements for the persons administering personal information and other requisite designation matters.

Article 28 (Protective Measures for Personal Information)[edit]

Information and communications service providers shall take the requisite technical and administrative steps to ensure the safety of personal information in order to prevent personal information from being lost, stolen, disseminated, changed, or harmed when handled.

Article 29 (Disposal of Personal Information)[edit]

Information and communications service providers shall quickly destroy personal information when they successfully gather it or are provided with it: Provided, the same shall not apply to a case where other Acts and subordinate statutes require the personal information to be preserved.

SECTION III Rights of Users[edit]

Article 30 (Rights of Users)[edit]

1. At any time, any user may withdraw his agreement given to the information and communications service providers under the main sentence of Article 22 (1), the stipulations in Article 23, and the main sentence of Article 24 (1).
2. A user may ask the information and communications service providers to give that user their own personal information for review and if that personal information is found to be erroneous, they may request that it be corrected.
3. The information and communications service providers shall quickly take requisite measures, including the destruction of personal information gathered, when any user withdraws his agreement under paragraph (1).
4. The information and communications service provider shall quickly take requisite steps when they receive a request for the information review or correction under paragraph (2).
5. When a request for the correction of an error under paragraph (2) is received, the information and communications service provider shall not provide nor use the relevant personal information until such error is corrected.
6. When notified of the withdrawal of an agreement or receiving a request for information review or correction under paragraphs (1) and (2), the information and communications service provider shall take requisite steps to deal with the withdrawal of that agreement and the request in a way that is easier than that of gathering the personal information under Articles 22 and 23.
7. The provisions of paragraphs (1) through (6) shall apply mutatis mutandis to the transferee of business. When this happens, "the information and communications service provider" shall be judged the "transferee of the business".

Article 31 (Right of Legal Representative)[edit]

1. When any information and communications service provider means to collect personal information from a child less than 14 years of age under Article 22 or to use that personal information or provide that personal information to any third person under Article 24 (1), they shall obtain the expressed consent from that child’s legal representative. The information and communications service provider may ask the relevant child for the minimum requisite information, such as the name of the legal representative, in order to attempt to gain an agreement with the legal representative.
2. The legal representative may withdraw his consent given under paragraph (1) and request to review the information provided by the child and the correction of any error regarding that information.
3. Under paragraph (2), the stipulations of Article 30 (3) through (5) shall apply mutatis mutandis to the withdrawal of the consent and the request for the review of information or the correction of any error by the legal representative.

Article 32 (Indemnification)[edit]

When a user suffers any harm because of a violation of this Chapter’s stipulations by an information and communications service provider, that user may claim compensation for such harm against the information and communications service provider. When this happens, the information and communications service provider cannot be released from their responsibility if they fail to prove the non-existence of their aberrant intention or negligence regarding the harm to the user. SECTION 4 Personal Information Dispute Mediation Committee

Article 33 (Establishment and Composition of a Personal Information Dispute Mediation Committee)[edit]

1. A Personal Information Dispute Mediation Committee (hereafter referred to as the "Dispute Mediation Committee") shall be created to mediate disputes concerning personal information.
2. The Dispute Mediation Committee shall consist of not more than 15 members, including one chairman, and one of standing members.
3. As stipulated by Presidential Decree, the Minister of Information and Communication shall appoint or commission members from persons falling under any of the following subparagraphs. No less than one person falling under each of the following subparagraphs shall be included as a member:
   1. Individuals who presently serve, or have served, in universities as associate professors or higher and in corresponding positions as researchers in publicly recognized research institutes majored in a field relating to personal information protection;
   2. Grade 4 or higher public officials or individuals in corresponding positions who presently work, or have worked, in public institutions and have experience administering personal information protection concerns;
   3. Individuals who hold the qualifications of judges, prosecutors, or attorneys-at-law;
   4. Individuals who presently work, or have worked, as officers in information and communications service user organizations;
   5. Individuals who presently work, or have worked, as officers in information and communications service provider organizations;
   6. Individuals recommended by non-profit nongovernmental organizations created in accordance with Article 2 of the Assistance for non-profit Nongovernmental Organizations Act.
4. Three years shall be the term of office for the members and they may be reappointed or recommissioned.
5. The Minister of Information and Communication shall appoint the chairman from among the members.
6. A secretariat shall be created in the Korea Information Security Agency, which was created in accordance with Article 52, to support the Dispute Mediation Committee's affairs.

Article 34 (Guarantee of Members' Status)[edit]

None of the members shall be dismissed or discharged against their will with the exception of when they are sentenced to the suspension of their qualifications or any other more severe punishment, or, because of mental or physical incompetence, are unable to perform their duties.

Article 35 (Exclusion, Challenge, and Refrainment of a Member)[edit]

1. Any member shall be excluded from participating in the deliberation and resolution of a case requested for dispute mediation (hereafter in this Article referred to as the "case") when they fall under any of the following subparagraphs:
   1. Where a member, his spouse, or his former spouse is a party to the case, or a joint right holder or obligator regarding the case;
   2. Where a member is, or was, in a kin relationship with a party in the case;
   3. Where a member gives any testimony or expert opinion regarding the case;
   4. Where a member is, or was, involved as an agent, an officer, or an employee of a party in the case.
2. When any party finds it difficult to expect a fair deliberation and resolution from the members, they may file a challenge application with the Dispute Mediation Committee. When this happens and the Dispute Mediation Committee deems the challenge application appropriate, it shall determine the challenge.
3. If any member falls under the case of paragraph (1) or (2), they may refrain from the deliberation and resolution regarding the case.

Article 36 (Mediation of Dispute)[edit]

1. Any person may file an application for the mediation of a personal information dispute that wants that dispute mediated by Dispute Mediation Committee.
2. Upon receiving an application for mediating a dispute under paragraph (1), the Dispute Mediation Committee shall examine the case and prepare a draft mediation within 60 days from the date of the application’s reception: Provided, that the Dispute Mediation Committee may resolve to extend the 60-day period if there are unavoidable circumstances.
3. The applicant shall be informed of reasons for extending the 60-day period and other matters concerning the extension of the period when the period is extended under the stipulations of paragraph (2).

Article 37 (Request for Materials)[edit]

1. The Dispute Mediation Committee may ask parties involved in a dispute to provide requisite materials for dispute mediation. When this happens, the relevant parties shall comply with the request unless justifiable grounds exist that make it impossible for them to do so.
2. When the Dispute Mediation Committee judges it necessary, it may get parties or relevant witnesses involved in a dispute to be present at a meeting of the Dispute Mediation Committee in order to hear their opinions.

Article 38 (Effect of Mediation)[edit]

1. When the Dispute Mediation Committee prepares a draft mediation in accordance with Article 36 (2), it shall present that draft mediation to each of the parties without delay.
2. Within 15 days from the day on which the draft mediation was received, each of the parties presented with the draft mediation under paragraph (1) shall serve notice to the Dispute Mediation Committee as to whether or not they accept the draft mediation.
3. The Dispute Mediation Committee shall promptly prepare a written mediation that the chairman and the parties shall place their names and seals on it if the parties accept the draft mediation.
4. An agreement identical to the written mediation between the parties shall be judged as achieved when the parties accept the draft mediation under paragraph (3) and the chairman as well as the parties place their names and seals on it.

Article 39 (Rejection and Suspension of Mediation)[edit]

1. If the Dispute Mediation Committee judges that it is inappropriate for it to mediate a given dispute considering the disputes’ nature, or that an application for mediating a given dispute is filed for an unfair purpose, may reject the relevant mediation. When this happens, a notice outlining the grounds of rejecting the mediation shall be served to the applicant.
2. The Dispute Mediation Committee shall suspend handling a dispute and serve a notice to the applicants when any of the parties file a lawsuit in the process of examining an applied mediation case.

Article 40 (Procedures for Mediation)[edit]

Presidential Decree shall stipulate requisite matters concerning the method, procedures, and business of dealing with the mediation of any dispute with any dispute with the exception of what is stipulated in Articles 36 through 39.

CHAPTER V PROTECTION OF JUVENILES IN INFORMATION AND COMMUNICATIONS NETWORK, ETC.[edit]

Article 41 (Measures to Protect Juveniles)[edit]

1. The Minister of Information and Communication shall take measures to protect juveniles from harmful information distributed by information and communications networks, such as lascivious sex and violence information. The measures shall fall under each of the following subparagraphs:
   1. The development and dissemination of contents screening software;
   2. The development and dissemination of juvenile protection technology;
   3. Education and publicity for juvenile protection;
   4. Other matters stipulated by Presidential Decree for juvenile protection.
2. The Minister of Information and Communication may support activities carried out by the Information and Communications Ethics Committee established in accordance with Article 532 of the Telecommunications Business Act, information and communications service user organizations and information and communications service provider organizations and other specialized juvenile protection institutions when implementing the measures referred to in paragraph (1).

Article 42 (Labelling of Media Materials Harmful to Juveniles)[edit]

Any person who intends to provide content that is stipulated as harmful to juveniles in accordance with subparagraph 3 of Article 2 of the Juvenile Protection Act and described in subparagraph 4 of Article 7 of that same Act, from among the persons who provide publicly accessible information using telecommunications services rendered by a telecommunications business operator (hereafter referred to as the "providers of information") shall get the relevant content labelled as harmful to juveniles in a labelling method stipulated by Presidential Decree.

Article 43 (Obligation of Provider of Visual or Sound Information to Keep in Custody)[edit]

1. A content provider stipulated by Presidential Decree that is providing content stipulated as harmful to juveniles under subparagraph 3 of Article 2 of the Juvenile Protection Act and who runs a business that provides media materials described in subparagraph 4 of Article 7 of that same Act in a manner that does not include storing nor recording content in users’ computers, shall keep the relevant information in custody.
2. Presidential Decree shall set the period for which the providers of information referred to in paragraph (1) shall keep the relevant information in custody.

Article 44 (Request for Deleting Information)[edit]

1. Any person whose legal interest is infringed upon by information that is provided for the public using information and communications networks may ask the information and communications service provider administering that information to delete the information or run his refute concerning that information.
2. Upon reception of the request for deletion of the relevant information, the information and communications service provider shall quickly take requisite steps and promptly serve notice to the requester.

CHAPTER VI SECURING OF SAFETY OF INFORMATION AND COMMUNICATIONS NETWORKS[edit]

Article 45 (Securing of Safety, etc. of Information and Communications Networks)[edit]

1. Every information and communications service provider shall take protective steps to secure the safety and reliability of information and communications networks used to provide the information and communications services.
2. The Minister of Information and Communication may set a guideline on the protection of information, as well as information and communications services, that specifies the protective steps referred to in paragraph (1), publish it, and advise every information and communications service provider to observe it.

Article 46 (Protection of Agglomerated Information and Communications Facilities)[edit]

1. Any operator who runs the business of administering information and communications facilities agglomerated for other persons who provide information and communications services shall take protective steps to operate the information and communications facilities with stability under the conditions stipulated by the Ordinance of the Ministry of Information and Communication.
2. Under conditions stipulated by the Ordinance of the Ministry of Information and Communication, the business operator referred to in paragraph (1) shall have his information and communications facilities insured to cover any harm sustained by the destruction, loss, damage and other problems in operating the facilities.
3. The Minister of Information and Communication may order any business operator who has failed to take protective steps referred to in paragraph (1) to correct the situation within an appropriately fixed period.

Article 47 (Certification of Information Protection and Management System)[edit]

1. Every information and communications service provider, as well as any individual who provides physical facilities used to provide the information and communications services, is suitable to provide information protection services pursuant to obtaining certification from the Korea Information Security Agency established pursuant to Article 52 regarding the quality of their comprehensive protection management system (hereafter referred to as the "information protection and management system"), including technical and physical protective measures designed and enacted to secure the safety and reliability of the information and communications networks.
2. The Minister of Information and Communication may establish and publish requisite standards for the certification referred to in paragraph (1), including standards for protecting and administering information.
3. Under the conditions as prescribed by the Ordinance of the Ministry of Information and Communication, any person who obtains a certification on the information protection and management system under paragraph (1) may label and publicize that certification.
4. The Ordinance of the Ministry of Information and Communication shall stipulate the method of, procedures for, fees for, and other requisite matters concerning the awarding of the certification referred to in paragraph (1).

Article 48 (Prohibition on Act of Infiltrating into Information and Communications Networks)[edit]

1. Without a justifiable access right or beyond his permitted access right, any person shall be prohibited from infiltrating into information and communications networks.
2. Without a justifiable reason, any person shall be prohibited from the transmission or distribution of any program (hereafter referred to as a "malicious program") that may harm, disrupt, hamper, and destroy the information and communications system, or alter and falsify the data or programs.
3. Any person shall be prohibited from sending a large volume of signals or data for the purpose of hampering the operational stability of information and communications networks or from creating problems in information and communications networks through the use of inputting unapproved instructions processed.

Article 49 (Protection of Secrets)[edit]

Any person shall be prohibited from harming the information of other persons or from stealing or disseminating the secrets of other persons that are processed, stored or transmitted by information and communications networks.

Article 50 (Restrictions on the Transmission of Advertisement Information)[edit]

1. Pursuant to the addressee's explicit rejection of advertisement information, any person shall be prohibited from transmitting advertisement information with the objective of earning profits.
2. Under the conditions stipulated by the Ordinance of the Ministry of Information and Communication, any person who intends to transmit any advertisement information for the purpose of earning profits under paragraph (1) by email shall expressly indicate the matters falling under each of the following subparagraphs in the email:
   1. The objective and main contents of the transmission;
   2. The name and contact means of the addressor;
   3. Matters concerning the addressee’s declared intention to reject advertisement information reception.

Article 51 (Restrictions on Outflow of Major Information into Foreign Nations)[edit]

1. The Minister of Information and Communication may have every information and communications service provider or every information and communications service user take requisite protective steps regarding major domestic industry, economy, science and technology information from being flowing out of Korea into foreign nations.
2. Presidential Decree shall stipulate the breadth of the major information referred to in paragraph (1) and details of the protective steps concerning such major information.

Article 52 (Korea Information Security Agency)[edit]

1. The Government shall establish a Korea Information Security Agency (hereafter referred to as the "Security Agency") to put into practice the requisite protective steps for secure information distribution.
2. The Security Agency shall be a juristic person.
3. The Security Agency shall complete the projects falling under each of the following subparagraphs:
   1. Survey and research information protection policies and systems;
   2. Analysis of the negative effects of informationalization and countermeasures research;
   3. Publicity, education, and training for information protection;
   4. Research, development, testing, and appraisal of the information protection system;
   5. Backing for the standardization of the function and reliability of the information protection system;
   6. Development of encoding technology for information protection;
   7. Research of requisite protective steps regarding personal information;
   8. Assistance for operating the Dispute Mediation Committee and the operation of a center where people can report infringements concerning personal information;
   9. Operation of the system designed to handle, and respond to, infringements upon the information system;
   10. Administration of certifying digital signatures under Article 25 (1) of the Digital Signature Act;
   11. Other projects incidental to the projects of subparagraphs 1 through 10;
   12. Other projects assigned to the Security Agency by the Minister of Information and Communication as well as work stipulated by this Act and other Acts and subordinate statutes as one of the Security Agency.
4. The Government may contribute financially to meet requisite expenses for Security Agency projects.
5. With respect to the Security Agency, provisions governing the incorporated foundation of the Civil Act shall apply mutatis mutandis to matters not stipulated by this Act.
6. Any person who is not the Security Agency shall not be permitted to use the Korea Information Security Agency name.
7. Presidential Decree shall stipulate requisite concerns regarding the Security Agency’s operation and work.

CHAPTER VII INTERNATIONAL COOPERATION[edit]

Article 53 (International Cooperation)[edit]

The Government shall encourage mutual cooperation with other nations and international organizations when implementing the business falling under each of the following subparagraphs:

1. 1. The business of increasing Internet IP addresses;
   2. The business of transferring and protecting personal information between nations;
   3. The business of juvenile protection in information and communications networks;

1. 1. The business of preventing the corruption of the safety of information and communications networks;
   2. The business of assisting healthy and secure information and communications service use.

Article 54 (Restrictions on International Contracts on Personal Information)[edit]

Information and communications service providers shall not enter into any international contract whose contents violate this Act’s stipulations regarding the personal information of users.

CHAPTER VIII SUPPLEMENTARY PROVISIONS[edit]

Article 55 (Submission of Materials)[edit]

1. If it is necessary to enforce this Act, the Minister of Information and Communication may ask information and communications service providers to provide relevant goods and documents (“providers” including any person in a situation where the provisions of Article 58 are applied mutatis mutandis in this Article).
2. The Minister of Information and Communication may have his public officials enter the business place of the information and communications service provider to inspect the provider's current business and examine books or other documents when an information and communications service providers fails to provide materials under paragraph (1) or they are judged to be in violation of this Act’s stipulations.
3. The Minister of Information and Communication may order the information and communications service provider to take requisite corrective steps then it is judged that they are in violation of this Act.
4. The public officials assigned to inspect the business place under paragraph (2) shall carry certificates showing their authority to inspect and show them involved persons.
5. The Minister of Information and Communication may ask the Security Agency head for advice and other requisite assistance related to the request for material provision and inspection under paragraphs (1) through (3).

Article 56 (Delegation and Entrustment of Authority)[edit]

1. Under the terms stipulated by Presidential Decree, the Minister of Information and Communication may delegate his authority under this Act, in whole or in part, to agency heads under his supervision.
2. Under the terms stipulated by Presidential Decree, the Minister of Information and Communication may delegate concerns regarding the facilitating information and communications network use, as prescribed in Article 13, to the National Computerization Agency established pursuant to Article 10 of the Informationalization Promotion Framework Act.

Article 57 (Secrets)[edit]

Any person who is, or was, engaged in matters falling under each of the following subparagraphs shall not disseminate secrets they have learned while performing their duties to any other person or use said secrets for purposes other than those of their duties: Provided that the same shall not apply in a situation where the provisions of other Acts specially exclude the prohibition:

1. 1. The business of dispute mediation conducted by the Dispute Mediation Committee;
   2. The business of awarding certification on the information protection and management system;
   3. The business of information protection system evaluation under Article 52 (3)4.

Article 58 (Application to Person other than Provider of Information and Communications Services)[edit]

Stipulated by Presidential Decree, the provisions of Articles 22 through 32 shall apply mutatis mutandis to situations in which any person, other than information and communications service providers who provide goods or services, collects, provides or uses personal information of any person who is provided with said goods or services. When this happens the "information and communications service provider" shall be deemed the "provider of goods or services" and the "user" shall be deemed the "person provided with goods or services", respectively.

Article 59 (Korea Association of Information and Telecommunication)[edit]

1. As stipulated by Presidential Decree, information and communications service providers and people who operate a business related to information communications networks may establish a Korea Association of Information and Telecommunication (hereafter referred to as the "Association") to promote the use and protection of information and communications networks after obtaining permission from the Minister of Information and Communication.
2. The Association shall be a juristic person.
3. The stipulations governing the incorporated association of the Civil Act shall apply mutatis mutandis to the Association with the exception of this Act’s stipulations regarding the Association.
4. The Government may contribute financially to the Association, within budgetary limits, if necessary to assist the Association complete work.
5. Presidential Decree shall stipulate requisite concerns regarding the work and supervision of the Association.

Article 60 (Legal Fiction of Public Officials in Application of Penal Provisions)[edit]

Officers and employees of the National Computerization Agency shall be deemed public officials in the application of Articles 129 through 132 of the Criminal Act if they work on the business delegated by the Minister of Information and Communication under Article 56 (2).

CHAPTER IX PENAL PROVISIONS[edit]

Article 61 (Penal Provisions)[edit]

1. Any person who has defamed any other person by clearly and openly alleging facts with a slanderous purpose through information and communications networks shall be punished by imprisonment, with or without prison labor, for not more than 3 years or by a fine not exceeding 20 million won.
2. Any person who has defamed any other person by clearly and openly alleging facts with a slanderous purpose through information and communications networks shall be punished by imprisonment with prison labor for not more than 7 years or the suspension of disqualification for not more than 10 years, or by a fine not exceeding 50 million won.
3. The offense described in paragraphs (1) and (2) shall not be charged against the will expressed by the victim.

Article 62 (Penal Provisions)[edit]

Any person falling under any of the following subparagraphs shall be punished by imprisonment with prison labor for not more than 5 years or by a fine not exceeding 50 million won:

1. 1. A person who has used or provided personal information it to any third person beyond the scope of the notification or the limit specified in a standardized contract under Article 22 (2) in breach of Article 24 (1) (including a case where the Article 58 stipulations are applied mutatis mutandis);
   2. A person who has used user personal information for a purpose other than the purpose for which such personal information has been provided or provided said personal information to any other person in breach of Article 24 (2) (including a case where the Article 58 stipulations are applied mutatis mutandis);
   3. A person who has harmed, infringed, or disseminated user personal information in breach of Article 24 (4) (including a case where the Article 58 stipulations are applied mutatis mutandis);
   4. A person who has transmitted or spread a malicious program in breach of Article 48 (2);
   5. A person who has hindered information and communications networks in breach of Article 48 (3);
   6. A person who has harmed any other person’s information, or infringed, stolen or disseminated the secrets of any other person in breach of Article 49.

Article 63 (Penal Provisions)[edit]

Any person falling under any of the following subparagraphs shall be punished by imprisonment with prison labor for not more than 3 years or by a fine not exceeding 30 million won:

1. 1. A person who has infiltrated information and communications networks in breach of Article 48 (1);
   2. In breach of Article 57, a person who has disseminated or used any other person’s secrets that were learned while performing duties for a purpose other than the purpose of performing duties.

Article 64 (Penal Provisions)[edit]

In breach of Article 42, any person who has provided media materials that are harmful to juveniles for the purpose of earning profits without affixing a warning label detailing that said materials are harmful shall be punished by imprisonment with prison labor for not more than 2 years or by a fine not exceeding 10 million won.

Article 65 (Penal Provisions)[edit]

1. Any person falling under any of the following subparagraphs shall be punished by imprisonment with prison labor for not more than 1 year or by a fine not exceeding 10 million won:
   1. A person who has displayed, sold, or affixed any label or similar one on goods for the purpose of selling them in breach of Article 8 (4);
   2. A person who has distributed, sold, rented, or openly displayed lascivious codes, letters, sounds, visuals, or films through information and communications networks;
   3. A person who has repeatedly sent words, sounds, letters, visuals, or films inciting fears to others through information and communication networks.
2. The offense described in paragraph (1) 3 shall not be charged against the will expressed by the victim.

Article 66 (Joint Penal Provisions)[edit]

The representative of a corporation, the agent, or the other employee of a corporation or an individual shall also be punished by a fine described in the relevant Article in addition to the punishment of the actor if they commit an act that is in violation of Articles 62 through 64 or 65 (1) 1 in connection with the business of said corporation or individual.

Article 67 (Fine for Negligence)[edit]

1. A fine for negligence not exceeding 5 million won shall punish any person falling under any of the following subparagraphs:
   1. A person who has failed to keep digital documents in custody breaching Article 20 (2);
   2. A person who has made digital documents public breaching Article 21;
   3. A person who has gathered personal information in breach of Article 22 (1) (including any person falling under a case where Article 58 stipulations are applied mutatis mutandis);
   4. A person who has failed to notify users or specify required matters in a standardized contract for personal information use breaching Article 22 (2) (including any person falling under a case where Article 58 stipulations are applied mutatis mutandis);
   5. A person who has collected personal information or refused to provide the services breaching Article 23 (2) (including any person falling under a case where the Article 58 stipulations are applied mutatis mutandis);
   6. A person who has failed to notify the users of the fact of entrustment to another breaching Article 25 (1) (including any person falling under a case where the Article 58 stipulations are applied mutatis mutandis);
   7. A person who has failed to serve a notice breaching Article 26 (including any person falling under a case where the Article 58 stipulations are applied mutatis mutandis);
   8. A person who has failed to designate a person in charge of personal information management breaching Article 27 (1) (including any person falling under a case where the Article 58 stipulations are applied mutatis mutandis);
   9. A person who has failed to destruct personal information breaching the main sentence of Article 29 (including any person falling under a case where the Article 58 stipulations are applied mutatis mutandis);
   10. A person who has used incorrect, or failed to take requisite steps to correct, personal information breaching Article 30 (3) through (6) (including any person falling under a case where the Articles 30 (7), 31 (3), and 58 stipulations are applied mutatis mutandis);
   11. A person who has gathered the personal information on children breaching Article 31 (1) (including any person falling under a case where the Article 58 stipulations are applied mutatis mutandis);
   12. A person who has failed to keep information in custody breaching Article 43;
   13. A person who has failed to indemnify the information and communications facilities breaching Article 46 (2);
   14. A person who has failed to carry out an order to take corrective steps under Article 46 (3);
   15. A person who has transmitted information for the purpose of earning profits breaching Article 50 (1);
   16. A person who has violated Article 52 (6) stipulations;
   17. A person who has failed to provide, or provided false, relevant goods and documents under Article 55 (1);
   18. A person who has rejected, hindered or avoided entry and inspection under Article 55 (2);
   19. A person who has failed to carry out an order to take corrective steps under Article 55 (3). (2)Under the conditions stipulated by Presidential Decree, the fine for negligence described in paragraph (1) shall be imposed and collected by the Minister of Information and Communication.
2. Any person who is dissatisfied with a fine for negligence enforced in line with paragraph (2) may raise an objection with the Minister of Information and Communication within 30 days from the day he is notified of the disposition taken to impose said fine. (4)If any person subjected to a disposition taken to enforce a fine for negligence on him under paragraph (2) raises an objection under paragraph (3), the Minister of Information and Communication shall inform the competent court without delay of the fact. The competent court shall put the case on trial in line with the Non-Contentious Case Litigation Procedure Act upon receiving said notice. (5)If the person does not raise an objection within the period of time stipulated in paragraph (3) and fails to pay the fine for negligence, the said fine shall be collected in line with a disposition taken to collect national taxes that are in arrears.