Revised Korean law to protect privacy in smartphone apps

Poongsan Bldg. 23 Chungjeongro, Seodaemun-gu, Seoul 03737, Korea
Tel: 82 2 2262 6288 / Fax: 82 2 2279 5020
E:  jskim2@leeinternational.com   W: www.leeinternational.com

On March 22, 2016, Korea took steps to strengthen the protection of personal information in smartphone applications through a partial revision of the Korean Act on Promotion of Information and Communications Network Utilisation and Information Protection, etc.

Under the revised act, which became effective on March 23, 2017, if a smartphone applications developer seeks permission to access a user’s smartphone, the developer must make a clear distinction between permissions that are necessary for activating the apps and those that are not. The developer also must make sure that the user is informed that he/she is not obliged to grant permissions that have nothing to do with operation of the apps. The revised act also directs that the developer cannot refuse to offer the app service just because the user did not grant the developer a right to use functions and information from a user’s smartphone, such as the ability to activate certain functions or to read or revise data.

This revision to the act was seen as necessary to better inform and protect consumers. Most users are not aware of how much information is potentially collected and used by app developers when they give access rights to certain smartphone apps. Even if they are, in the past they had no choice but to grant a right of access because otherwise they would not be able to use the apps they wanted.

Details of the act are described as follows:

1. Under Article 22-2, Paragraph 1, if a smartphone application developer wants the right to access a user’s smartphone, he/she should (1) inform the user as to which permission is necessary and which is not, in order to activate the applications; (2) explain the reason for such distinction and the relevant details; and (3) obtain permission to obtain that right of access from the user;
2. Under Article 22-2, Paragraph 2, the developer is not allowed to block the user from using the applications, just because the user did not grant a right of access that is not necessary for activating the applications; and
3. Under Article 76, Paragraph 1, Subparagraphs 1 and 1-2, if the foregoing provisions are violated, the violator will be subject to a penalty not exceeding W30 million (US$27,000).

Thus far, smartphone users have had to grant a right of access to application developers if they wanted to use certain smartphone applications. This practice has been heavily criticised for potentially harvesting personal information in violation of users’ privacy rights. The revised act is expected to reduce the possibility of privacy infringement and contribute to protecting personal information.