SOUTH KOREA: An Introduction to Technology, Media, Telecoms (TMT)
Preface
South Korea’s regulatory landscape concerning the technology, media, and telecommunications (TMT) sector can be broadly divided into a technology sector and a data sector. Relevant regulations are primarily established through legislative measures or guidelines issued by regulatory bodies specific to each sector. Notably, guidelines often serve as de facto regulations, with regulatory agencies actively responding to and enforcing them.
Technology Regulation
Legislation
South Korea’s technology-related regulation spans diverse sectors, ranging from traditional broadcasting and telecommunications to cutting-edge industries like the metaverse, AI, autonomous vehicles, IoT, and data centres.
In terms of applicable laws and regulations, key South Korean legislation in this area includes the Telecommunications Business Act, the Broadcasting Act, and the Internet and Multimedia Broadcasting Business Act, which together govern traditional telecommunications and broadcasting.
Recent legislative developments underscore South Korea’s commitment to fostering innovation and regulating emerging technologies. For instance, on 20 February 2024, the government enacted legislation to promote the metaverse industry, the Act on Promotion of the Metaverse Industry, which is the first law in the world to specifically regulate the metaverse. Additionally, the Act on the Protection of Virtual Asset Users, which is scheduled to be in force from July 2024, is intended to regulate virtual assets, and regulations related to fintech and digital finance are being continuously improved through amendments to the Electronic Financial Transactions Act.
Further, laws governing advanced technologies such as AI and autonomous vehicles are also continuously evolving to address technological advancements and societal concerns. In the case of automobiles, the Act on the Promotion of and Support for Commercialisation of Autonomous Vehicles has been enacted to regulate future automobiles (ie, connected and autonomous vehicles). Additionally, the Road Traffic Act, the Motor Vehicle Management Act, and other automobile-related regulations are being actively amended on an ongoing basis.
Regarding the AI sector, starting with the announcement of the “National Strategy for Artificial Intelligence” in December 2019, followed by the issuance of the “Roadmap for Improving AI Laws, Systems and Regulation” in December 2020, and the unveiling of the “Digital Bill of Rights” in May 2023, South Korea has been vigorously engaged in shaping its AI regulatory landscape. A number of AI-related bills have been introduced in the National Assembly since 2022, and the National Assembly is currently working on an alternative bill that consolidates and harmonises them (the “Act on Promotion of AI Industry and Framework for Establishing Trustworthy AI”). Although the details are, as of March 2024, yet to be disclosed, this legislation is known to be pursuing a balance between the regulation of the industry and support for the development and industrial activation of AI technologies.
Regulators
In terms of regulatory oversight, various bodies are involved in technology-related matters. The key regulatory entities in this space include the Korea Communications Commission (KCC) and the Ministry of Science and ICT (MSIT). The KCC is primarily tasked with overseeing broadcasting and telecommunications regulation, ensuring fair competition and safeguarding consumer interests within these sectors. The MSIT, on the other hand, assumes a central role in shaping South Korea’s digital landscape, promoting research and development initiatives, and regulating emerging technologies.
The Personal Information Protection Commission (PIPC) serves as the primary supervisory agency responsible for overseeing all aspects of personal information processing, regardless of specific technology or industry sector. Similarly, the Financial Services Commission (FSC), like the PIPC, regulates all entities involved in credit information processing. However, the FSC’s regulatory scope extends further to include specific industries such as digital finance, fintech, and virtual assets. The Ministry of Culture, Sports and Tourism (MCST) oversees content and intellectual property issues related to emerging broadcasting and cultural platforms, such as over-the-top (OTT) broadcasting. Additionally, the Ministry of Land, Infrastructure and Transport (MOLIT) and the Ministry of Trade, Industry and Energy (MOTIE) are responsible for regulations concerning future vehicles.
Moreover, not only the MSIT and the PIPC, but also various other regulatory bodies such as the FSC and the MCST, are gearing up for the AI era. They are doing so by issuing guidelines tailored to specific industrial contexts, such as the financial sector or intellectual property concerns, to facilitate the seamless integration and operation of AI technologies.
Data Regulation
South Korea has implemented comprehensive data protection regulations to safeguard individuals’ privacy and promote responsible data management practices. These regulations encompass various laws and acts aimed at protecting personal and industrial data, with regulatory oversight provided by government bodies such as the PIPC, the MSIT and the KCC.
In terms of data protection and privacy, the Personal Information Protection Act (PIPA), which is regulated by the PIPC, serves as the primary personal data protection law in Korea, and in addition, the Credit Information Use and Protection Act, the Framework Act on Promotion of Data Industry and Data Utilisation, and the Communication Secrets Protection Act function as data protection laws.
The Personal Information Protection Act
The cornerstone of data protection regulation in South Korea is PIPA, which was initially enacted in 2011. This legislation, which was affected by the GDPR but is different in several respects, establishes rules for the collection, use, and transfer of personal data, with a focus on enhancing transparency, accountability and data subjects’ rights. Since its inception in 2011, PIPA has undergone several revisions, with comprehensive amendments in 2020 and 2023, driven by government initiatives and active support from the National Assembly. The key features of the most recently amended PIPA (amended on 15 March 2023) are as follows:
– unification of data protection rules previously separated for information communications service providers (ICSPs), a concept which is interpreted quite broadly to include providers of a wide range of services offered over telecommunications or information services networks) and offline businesses;
– revising provisions to relax criminal penalties and reinforce administrative penalties instead;
– easing of requirements for the processing of personal data;
– revamping of provisions relating to the mediation of disputes involving personal data;
– update of provisions relating to visual information processing devices;
– introduction of rights relating to automated decision-making;
– new rules for cross-border transfers of personal data; and
– establishment of new provisions relating to the right to data portability.
The Credit Information Act
The Credit Information Act governs, in particular, the use of credit information in the financial sector, with recent amendments incorporating provisions to regulate AI-driven automated evaluation processes. These amendments aim to ensure fairness, accuracy, and transparency in credit assessment practices, reflecting the government’s efforts to adapt regulatory frameworks to technological advancements in the financial industry.
The Data Industry Act
The Data Industry Act includes regulations aimed at protecting data assets and prohibiting the unauthorised use of data that infringes upon the economic interests of data producers, thereby also addressing issues related to the use of data for AI training, among other provisions.
The Act on Promotion of Information and Communications Network Utilisation and Information Protection
On a separate note, the Act on Promotion of Information and Communications Network Utilisation and Information Protection, which is regulated by the MSIT and the KCC, mainly regulates matters related to securing the stability of information and communication networks and protecting users.
Summary
South Korea, as a nation highly advanced in ICT matters, is continually pushing forward in industries related to cutting-edge technology and data. Consequently, the country actively responds to regulatory challenges and enacts regulations related to emerging technologies. In particular, there are ongoing efforts to improve regulatory frameworks in industries such as AI, digital finance, fintech, virtual assets, automotives and data protection to enhance industrial competitiveness while also addressing the risks associated with new technologies.
Especially noteworthy is South Korea’s preference for a rule-based approach over self-regulation, highlighting the importance of closely monitoring regulatory trends and engaging with regulatory authorities to ensure compliance with laws and regulations.