[Home] [Databases] [WorldLII] [Search] [Feedback] EPIC --- Privacy and Human Rights Report

EPIC --- Privacy and Human Rights Report 2006

Republic of (South) Korea

Constitutional Privacy Framework

The Constitution of the Republic of Korea provides for the protection of secrecy and liberty of private life.[4680] Article 16 states, "All citizens are free from intrusion into their place of residence. In case of search or seizure in a residence, a warrant issued by a judge upon request of a prosecutor has to be presented."[4681] Article 17 states, "the privacy of no citizen shall be infringed."[4682] Article 18 states, "The privacy of correspondence of no citizen shall be infringed."[4683] In general, the government respects the integrity of the home and family.[4684]

The protection of human rights in South Korea, including the right to a fair trial before an independent and impartial tribunal, is still in its infancy. It was only in November 2001 that the National Human Rights Commission of Korea was created to police the actions of the state in this context.[4685] The Commission has been beset with problems in fulfilling its role due to a lack of autonomy and political independence, as well as other structural problems.[4686]

Data Protection Framework

South Korea has adopted a data protection regime similar to the United States and Japan, with one act covering the public sector and sectoral legislation for the private sector.[4687] The statute in the former category is the 1994 Act on the Protection of Personal Information Maintained by Public Agencies,[4688] which is generally applicable to the automated processing of personal data in the public sector, but not to manual records.[4689] This statute has a provision recommending that private entities respect the data protection principles in the statute, but it has no appropriate administrative or enforcement mechanism to that effect.[4690]

The Act on the Protection of Personal Information Maintained by Public Agencies imposes an obligation on public agencies to maintain records of personal information databases and to report these databases to the Ministry of Government Administration and Home Affairs (MOGAHA), the ministry responsible for the Act.[4691] The MOGAHA publishes lists of these databases in an official journal, which is publicly available.[4692] In addition, the MOGAHA can request relevant information from the data holding entities and issue opinions on their data processing practices.[4693] A data subject has a right of access to, and correction of, personal information held by public agencies.[4694] The Act establishes a Data Protection Review Commission, under the Premier's Office, headed by the Vice-Minister of the MOGAHA, to recommend and review proposals on improving data protection policy.[4695]

The Act has been criticized for its ineffectiveness.[4696] The MOGAHA has placed little emphasis on rigorous application of the legislation and reportedly has little will to uphold privacy versus administrative efficiency. In January 1999, the Act was amended to give even more power to the MOGAHA, streamline the procedure for access to personal information by data subjects, and limit exemptions to disclosure. However, there remains no independent oversight of government application of the Act.

Acts governing the collection, use and disclosure of personal information in the private sector include the Protection of Communications Secrets Act (1993) (a.k.a., "Anti-Wiretap Law");[4697] the Telecommunications Business Act (1991);[4698] the Medical Service Act (1973);[4699] the Real Name Financial Transactions and Secrecy Act (1997);[4700] the Use and Protection of Credit Information Act (1995);[4701] the Framework Act on Electronic Commerce (1999);[4702] and the Digital Signatures Act (1999).[4703]

The Act on Promotion of Information and Communications Network Utilization and Data Protection (the Act),[4704] modeled after the German Online Service Data Protection Act of 1997,[4705] came into effect in 2000. The Act adopts common "fair information principles"[4706] and rules for the collection, use, and disclosure of personal data by "providers of information and communications services," such as common carriers, Internet service providers and other intermediaries, particularly content providers. The Act also covers specific off-line service providers such as travel agencies, airlines, hotels, and educational institutes.

The Act requires that "data users" seek consent from "data subjects" for the collection, use, and disclosure of data to a third party "beyond the notification as prescribed in the Act or the limit specified in a standardized contract for the utilization of the information and communication services."[4707] Data users should collect as little personal data as is necessary[4708] and are prohibited from collecting sensitive personal information, including ideology, faith and medical data without explicit consent of the data subject.[4709] However, consent is not required when it is necessary to give effect to a contract, adjust fees, or when the personal information is provided after having been rendered unidentifiable to the individual, such as for the compilation of statistics, academic research or market surveys.[4710] The Act allows the data subject to withdraw consent for the collection, use and disclosure of data at any time and requires the data user to comply, unless the preservation of such personal information is required by another Act. Further, every data subject has a right to access and correct his or her personal information.[4711]

A data user must obtain consent from an appropriate legal guardian when collecting, using or disclosing personal information from children under 14, and may request appropriate minimum information of the guardian in order to effect that consent. A legal guardian has a right to access and correct the child's personal information. Upon receiving a guardian's request for correction, the data user must cease to use or disclose erroneous information until they have made the correction.[4712]

The Act prohibits one from sending unsolicited commercial e-mail contrary to an addressee's explicit refusal of such e-mail.[4713] All unsolicited commercial e-mail must contain the word "Advertisement" in the subject line of every message and must contain opt-out instructions and contact information for the sender.[4714] Additionally, several direct marketers established the Association for the Improvement of the E-Mail Environment in early 2002 to help cope with the increasing number of unsolicited commercial e-mails problem in Korea.[4715]

The government imposes criminal and administrative penalties for breaches of data protection principles. The processing of personal information without consent or beyond the scope of the purpose for which the collection was made, attracts either penalties of up to one year in prison or a fine of KRW 10 million (USD 9,856).[4716] Data subjects may file damage claims for breaches of the Act with the Personal Information Mediation Committee or with a court. The onus is on the data user to prove either good faith intentions to comply, or non-negligence.[4717]

There is significant overlap between the aforementioned act, the Framework Act on Electronic Commerce (FAEC) and the Digital Signatures Act (DSA). For this reason and others, some legal commentators have called for comprehensive reform.[4718] The FAEC requires data users to give data subjects sufficient information regarding the purpose of collection.[4719] Under the FAEC, the data user must obtain explicit consent from the data subject before collecting personal information, and is prohibited from using the personal information collected for inconsistent purposes.[4720] Additional requirements of the FAEC include appropriate security,[4721] and a right of access, correction or deletion.[4722] The DSA prohibits an individual from fraudulently using another person's private key or issuing a key.[4723] It also has data protection provisions[4724] similar to the Electronic Commerce Act and penalties equal to the Act on Promotion of Information and Communications Network Utilization and Data Protection.

The protection of personal information has become a critical issue in Korea, which now has the largest population of broadband Internet users in the world.[4725] In May 2005, the People's Solidarity for Participatory Democracy reported, based on a survey of 15 Internet portals, that most Korean Internet portals still require customers to provide a large amount of personal information, even their resident registration numbers (a 13-digit system whereby an individual's age, gender, place of birth and other private data, are stored and tracked by the government), without clarifying how the personal data will be used and without obtaining their individual consent.[4726]

The MIC introduced ‘i-PIN’ (Internet Personal Identification Number) to replace the use of the RRN (the Resident Registration Number) online. Unlike the RRN, the ‘i-PIN’ does not include personal information: the date of birth, birthplace, or sex. It is easily replaceable if individuals want to acquire a new number. However, few Internet websites and companies have accepted this alternative to date because of the added cost and burden of changing their systems’ databases.[4727]

In 2007, MOGAHA launched a month-long online that Internet users to find and delete their resident registration numbers, Korea's version of social security numbers, if they are found circulating on the Web. Search programs operated by the Korea Information Service, the National Information and Credit Evaluation, and the Seoul Credit Rating and Information compiled lists of Web sites using an individual’s identification number.[4728] Last year, law enforcement authorities found the resident registration numbers of more than 1.2 million people intercepted by hackers who sought to create fake accounts for online games.[4729]

In December 2001, the MIC established the Personal Information Dispute Mediation Committee, as an alternative to civil litigation, to facilitate a prompt, convenient and appropriate settlement of data protection disputes.[4730] Members of the Committee, which includes lawyers, IT engineers, professors, consumer advocates and industry representatives, are appointed for three-year terms. Both data subjects or data users can initiate mediation, free of charge. The Committee first engages in informal fact-finding and makes non-binding recommendations for settlement. If parties cannot reach a settlement, they can begin formal mediation. If parties fail to reach a mediated settlement, they can pursue matters in a competent civil court. They can also bypass the Committee process altogether and go directly to court.[4731]

The Korea Association of Information and Telecommunication (KAIT) has instituted a privacy trust mark for websites and other online businesses that satisfy appropriate data processing standards. Regarding personal information, qualified trust mark applicants provide notice and purpose of collection, use and disclosure. In addition, the applicants provide special treatment for children under 14, and offer remedies for data subjects.

In June 2004, the Korea Information Security Agency (KISA) found that many Korean Internet websites pose a threat to personal information privacy. The agency reported that thousands of websites that collect personal information about subscribers, including resident registration numbers, remain vulnerable to security breaches.[4732] To address this problem, KISA planned to conduct more investigations, levy administrative penalties on offending websites, and solicit feedback on privacy problems from users.

Beginning June 2007, Internet users are required to provide their real names and their Resident Registration Numbers before posting comments or uploading video or audio clips on bulletin boards.[4733] The proposed law is a response to the increasing number of libelous and fraudulent accusations made by Koreans about public figures, as well as cyber-bullying between schoolchildren. Researchers have suggested a link between the online comments and suicide levels, as well as increased physical confrontations. The Department for Education and Skills would issue guidelines to help parents and children understand the proper steps to take if they find themselves victims of cyber-bullying. At least 34 sites with more than 300,000 users are affected by the law.[4734]

In November 2006, members of the Futures Forum for Korea in the Korean National Assembly attempted to arrive at an agreement on a proposal for a comprehensive privacy law. Since that time, none of the five proposed bills on privacy have been passed.[4735]

Wiretapping and Surveillance

State security services have a history of conducting surveillance of political dissidents. The Korean Government designed the Protection of Communications Secrets Act of 1993 and the reform of the NIS to curb government surveillance of civilians.

The Protection of Communications Secrets Act lays out broad conditions under which the monitoring of telephone calls, mail, and other forms of communication is legal.[4736] This Act requires government officials to secure a judge's permission before placing wiretaps, or, in the event of an emergency, soon after placing them. The Act also provides jail terms for persons who violate this law. Some human rights groups argue that a considerable amount of illegal wiretapping, shadowing, and surveillance photography still occurs, and they assert that the lack of an independent body to investigate whether police have employed illegal wiretaps hinders the effectiveness of the Anti-Wiretap Law.[4737]

In June 2007, revisions to the Protection of Communications Secrets Act passed the National Assembly’s Legal and Judiciary Committee. The revisions would require mobile phone service providers, credit card firms and mass transit operators to store clients’ records for up to a year and provide the information at the request of state investigators. This means a citizen’s cellular phone calls, e-mails, financial transactions and even where he or she goes on buses and subways over the past year must be kept and disclosed upon a warrant request.[4738]

The Anti-Wiretap Law sets out "broad conditions under which the government may monitor telephone calls, mail, and other forms of communication, for up to two months in criminal investigations and four months in national security cases."[4739] Some human rights groups raised concerns about possible government wiretapping abuse. The Ministry of Information and Communication said that between January and June of 2006, the government conducted 528 cases of wiretapping, down 11 percent from the 550 cases during the same time period in 2005. Telecommunications companies also reported providing more than 35 percent fewer phone records to law enforcement agencies when compared with last year.[4740]

South Koreans have long had to live with widespread surveillance and wiretapping abuses by intelligence and police officials under successive regimes. In October 1998, President Kim Dae-Jung ordered a full-scale probe into illegal wiretapping. Rep. Hyong-Oh Kim of the opposition GNP stated that he believed that over 10,000 taps were actually placed in 1998.[4741] The government proposed amendments to the Protection of Communications Secrets Act in November 1999 that would allow victims of illegal wiretapping to sue in court, limit the number of crimes for which wiretapping is allowed, and provide for notice to targets of wiretapping. The government set up a wiretapping complaint center under the MIC in October 1999.[4742] The UNHRC heard testimony on Korean wiretapping at its meeting in October 1999.[4743]

According to the opposition GNP, public prosecutors, police and many governmental bodies, such as the SPPO, the National Police Agency (NPA), the National Tax Administration (NTA), the Financial Supervisory Service (FSS), the Financial Intelligence Unit (FIU), the Fair Trade Commission (FTC) and the Central Election Management Committee (CEMC), are not only indiscriminately monitoring bank accounts, but there has also been a sharp rise of wiretapping incidents by investigating authorities, with a high risks to infringement of human rights.[4744] Furthermore "a considerable number of these surveillances have been carried out without proper legal procedures such as obtaining a warrant or the consent of the individual concerned, but simply at the convenience of the investigating authorities."[4745]

According to an MIC report, the number of location-tracking services furnished by mobile phone service providers to state investigation agencies in 2004 has significantly increased over those in 2003.[4746] Government authorities such as the NPA and the NIS tracked mobile phone users in 16,497 instances just during the first half of 2004.[4747] The total number of cases was 20,773 in 2003, a 62.3 percent increase over the 12,184 cases in 2002.[4748]

Through material submitted by the Ministry of Finance and Economy (MOFE) and other agencies to the National Assembly, it was also discovered that even in non-emergency cases, which only require the senior prosecutor's consent – rather than a court approval – public prosecutors obtained telecommunications records by breaking the rule in 40 percent of the cases.[4749] There were 124,893 cases of disclosures of telecommunications data, an increase of 24.3 percent compared to the same period in 2003.[4750]

South Korean courts routinely accept recordings, or transcripts of recordings, as admissible evidence in both civil and criminal proceedings. The Supreme Court ruled in October 2002 that it is not illegal for a party to a phone call to record the phone conversation secretly without the other party's knowledge, although the recording of a phone conversation by a third party without the consent of both parties to the phone call is illegal.[4751] In August 2004, the Seoul Central District Court ruled that it was not illegal for a journalist to publish a recording that he made of a phone conversation without the other person's consent.[4752]

Unauthorized phone taps – through the illegal use of interception equipment and radio frequency devices – have also been increasing at an alarming rate.[4753] Despite rising public awareness over violations of privacy, in 2005, the Ministry of Justice (MOJ) has been pushing a controversial new law that grants government authorities greater freedom to gather evidence through phone taps by requiring landline and wireless telephone companies to implement new surveillance technologies.[4754] The MOJ is in discussions with the MIC and expects to complete the law by August 2005.[4755]

South Korea has one of the world's highest concentrations of mobile-phone users. As the quality of photos taken by phone cameras improves, there is rising concern about possible privacy abuses. In November 2003, the MIC introduced regulations to protect against the surreptitious taking of photos in public areas such as locker rooms and swimming pools. Starting in 2004, mobile phone manufacturers are required to design camera-enabled mobile phones to make "camera shutter" sounds, of at least 64 decibels, when a picture is taken.[4756] The Korea Times reported that the MIC was drafting a new bill to prohibit individuals from taking photographs of others using camera phones without prior consent.[4757]

According to the US State Department, it was "difficult to estimate the number of political prisoners because it was not clear whether particular persons were arrested for exercising the right of free speech or association, or were detained for committing acts of violence or espionage."[4758] Amnesty International reports that the Korean government continued to require released political prisoners to report regularly to the police under the Social Surveillance Law.[4759]

Under the National Security Law, it is forbidden for South Koreans to listen to North Korean radio in their homes or read books published in North Korea if the government determines that they are doing so to help North Korea. However, in 1999 the government made it legal for South Koreans to view North Korean satellite telecasts in their private homes. The government also allows the personal perusal of North Korean books, music, television programs, and movies as a means to promote understanding and reconciliation with North Korea. Student groups make credible claims that government informants are posted on university campuses.[4760]

The Use and Protection of Credit Information Act of 1995 protects credit reports.[4761] In July 2001, three large credit card companies were fined under this law. The companies were found to have disclosed personal information on their customers (including bank account numbers, pay levels and credit card transaction records, and customer identifiers such as names, addresses, phone numbers and resident-registration numbers) to insurance companies without giving notice to their customers or obtaining their consent in advance.[4762] The Postal Services Act protects postal privacy.[4763]

Since January 2002, Korea has maintained a DNA database of missing children.[4764] Registry in the database is voluntary, and it is available to parents and children in orphanages.[4765] The Supreme Public Prosecutor's Office (SPPO) analyzes the samples, and the information is stored in a database maintained by Biogrand, a private company.[4766] Privacy advocates are concerned that the SPPO, an office engaged in criminal prosecutions, collects the DNA samples.[4767] The SPPO maintains that they do not have access to personally identifiable information aside from age and sex when they receive a DNA sample, and that the database's use is strictly for family relationships.[4768] Privacy advocates are nevertheless wary because there are no specific laws that address DNA information.[4769] As such, there is the potential for abuse and extending the database's function.

On April 19, 2005, it was asserted during a National Assembly session that the MIC "had purchased private information of fingerprints and facial skeletal features without a clear-cut legal basis."[4770] Rep. Hae-Suk Suh of the Uri Party argued: "Over two years since 2002, the MIC has spent [KRW] 2.8 billion to establish a database on vital information of 5,620 people including minors. . . . The government continues to amass personal identification data on the grounds that it is useful for the commercialization of biometrics."[4771] The MIC admitted that its affiliate, the Korea Information Security Agency (KISA), has "carried out the collection of 3,600 fingerprints and 2,020 facial skeletal features," but denied any wrongdoing, pointing out that the Act on Promotion of Information and Communications Network Utilization and Data Protection (DPA) stipulates that "the MIC can ferret out measures for protection of individual information together with the KISA."[4772]

Open Government

The Official Information Disclosure Act is a "freedom of information act" that allows Koreans to demand access to government records. It was enacted in 1996 and went into effect in 1998.[4773] The Supreme Court ruled in 1989 that there is a constitutional right to information "as an aspect of the right of freedom of expression, and specific implementing legislation to define the contours of the right was not a prerequisite to its enforcement."[4774] In 2007, an Information Disclosure Task Force comprised of government, media and academics was formed to create proactive disclosure policies and to suggest revisions to the Information Disclosure Act.[4775]

In March 2003, the Korean Ministry of Education and Human Resources launched the National Education Information System (NEIS), a nationwide database that links the information of over 10,000 school and education agencies.[4776] The purpose of the NEIS is to enable schools to share education information with each other.[4777] Various organizations opposed the implementation of the NEIS due to the threat that the system poses on the privacy of students and teachers, including the National Teacher's Union, which organized a strike.[4778] Furthermore, the NHRCK recommended that the Ministry of Education abandon maintaining three categories of information (school management information, student academic records, and health and enrollment records) within the NEIS, determining that the Ministry lacked the legal foundation to implement NEIS in this manner, and the threat that the system posed to privacy was significant.[4779] As a result of the opposition, the government decided that they would rethink the NEIS after gathering more information.[4780]

International Obligations

South Korea is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.[4781]

[4680] Constitution of The Republic of Korea, Chapter II (Rights and Duties of Citizens), § 16; Section 9 further stating that "it shall be the duty of the State to confirm and guarantee the fundamental and inviolable human rights of individuals."
[4681] However, Korean courts are willing to "rubber stamp" practically all prosecutors' requests. "Courts are issuing warrants for search and seizure almost automatically upon request from Public Prosecutors and . . . the issue of search and seizure warrants is being abused." "Courts' Issue of Warrants for Search and Seizure at the Rate of 99.3%," Edaily, October 14, 2004 <http://news.naver.com/news/read.php?mode=LSD&office_id=018&article_id=0000212219&section_id=102&menu_id=102>.
[4682] Korean Constitution, supra at § 17.
[4683] Id. at § 18.
[4684] US State Department Human Rights Report 2006 - South Korea, available at <http://www.state.gov/g/drl/rls/hrrpt/2006/78778.htm>.

[4685] <http://www.humanrights.go.kr/eng/index.jsp>.
[4686] Asia Pacific Human Rights Network, "National Human Rights Commission of Korea: Miles To Go," September 2004.

[4687] C. Chung and I. Shin, "On-Line Data Protection and Cyberlaws in Korea" 27 Korean J. of Int'l and Comp. L. 21, 24 (1999).
[4688] Act No. 4734, last amended by Act No. 5715, January 29, 1999.
[4689] Id. at §§ 1, 2(3).
[4690] Chung and I. Shin, supra at 31.

[4691] Act No. 4734 § 6.
[4692] Id. at §§ 7-8.
[4693] Id. at §§ 18-19.
[4694] Id. at §§ 12, 16.
[4695] Act No. 4734 § 20.

[4696] Chung and I. Shin, supra at. 21, 33.

[4697] Act No. 4650, last amended by Act No. 7138, January 29, 2004. Article 3 (Protection of Secrets of Communication and Conversation), paragraph 1 of this Act provides that "No person shall censor any mail, wiretap any telecommunications, provide the communication confirmation data, record or listen to conversations between others that are not made public, without recourse to this Act, the Criminal Procedure Act or the Military Court Act."
[4698] Act No. 4394, last amended by Act No. 7165, February 9, 2004.
[4699] Act No. 2533, last amended by Act No. 7148, January 29, 2004.
[4700] Act No. 5493, last amended by Act No. 7189, March 12, 2004.
[4701] Act No. 4866, last amended by Act No.7110, January 29, 2004.
[4702] Act No. 5834, last amended by Act No. 6614, January 19, 2002.
[4703] Act No. 5792, last amended by Act No. 6585, December 31, 2001.

[4704] Act No. 5835, last amended by Act No. 7142, January 29, 2004.
[4705] Gesetz zur Regelung der Rahmenbedingungen für Informations und Kommunikationsdienste: IuKDG, Ch. 2.
[4706] The fair information principles of the Act are derived from the eight principles found in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, September 23, 1980, OECD, available at <http://www.oecd.org/document/20/0,2340,en_2649_34255_15589524_1_1_1_1,00.html>.

[4707] Act No. 5835, § 16 (2).
[4708] Id. at § 16(1).
[4709] Id. at § 4.

[4710] Id. at 3. But see L. Sweeney, The Identifiability of Data, (forthcoming), discussing the ease of re-identifying ostensibly de-identified data.

[4711] Act No. 5835, § 18(2).

[4712] Id. at § 18(4).

[4713] Id. at § 19(3).
[4714] Id at 5. Due to the volume of unsolicited commercial e-mails, the government is contemplating an amendment that would curtail distribution and punish senders. Further, the amendment proposes the addition of "Adult" or "Consent" in the subject line of each and every unsolicited commercial e-mail and punitive measures for their senders who use false contact information or hinder technologically their tracing or deletion.
[4715] Personal Information Dispute Mediation Committee of the Korea Information Security Agency, "Personal Data Protection in Korea," August 2002, at 12 (available at <http://www.cyberprivacy.or.kr/inter.htm>).

[4716] Act No. 5835 at § 30. Additionally, § 32 imposes lesser administrative penalties of KRW 5 million for violations of other data protection principles.
[4717] Personal Information Dispute Mediation Committee of the Korea Information Security Agency, "Personal Data Protection in Korea," August 2002 at 4.

[4718] See C. Chung and I. Shin, supra at 42-43, citing the lack of an appropriate oversight authority as the major weakness of the Korean data protection regime; I. Kim, "A Study on the Data Protection Act" 26 Public Law 2 (June 1998) (in Korean); I. Lee, "Trends in the Korean Data Protection Legislation" Road to the Information Society (November 1999) (in Korean).
[4719] Act No. 5834, §§ 30-31.
[4720] Id. at § 13(2).
[4721] Id. at § 13(3).
[4722] Id. at § 13(4).
[4723] Act No. 5792, §§ 19-23.
[4724] Id. at § 24.

[4725] Leo Lewis, “Chat room bullies face end to their internet anonymity,” Times Online, June 29, 2007, available at <http://www.timesonline.co.uk/tol/news/world/asia/article2005592.ece>.
[4726] "Portals Criticized over Privacy Standards," Korea Herald, May 31, 2005, available at <http://www.koreaherald.co.kr/archives/result_contents.asp?id=200505310041&query=internet>.

[4727] Email from Jongin Chang, University of Seoul, Korea, to Allison Knight, Research Director, Electronic Privacy Information Center, August 1, 2007 (on file with EPIC).

[4728] Kim Tong-hyung, “Internet users can clean up personal information,” Korea Times, March 12, 2007, available at <http://www.asiamedia.ucla.edu/article.asp?parentid=65654>.
[4729] Id.

[4730] Personal Information Dispute Mediation Committee of the Korea Information Security Agency, "Personal Data Protection in Korea," August 2002, at 8-9.
[4731] Id.

[4732] "Agency Says the Web is Quite a Leaky Place," JoongAng Daily, June 15, 2004

[4733] Leo Lewis, supra.
[4734] Id.

[4735] Email from Jongin Chang, supra.

[4736] Act No. 4650.
[4737] US State Department Human Rights Report 2004 – South Korea, available at <http://www.state.gov/g/drl/rls/hrrpt/2004/41647.htm>.

[4738] “New Bill Turns Korea Into Orwellian State,” The Korea Times, June 25, 2007, available at <http://www.koreatimes.co.kr/www/news/opinon/opi_view.asp?newsIdx=5375&categoryCode=202>.

[4739] US State Department Human Rights Report 2006 – South Korea, supra.
[4740] Id.

[4741] "Kim Hyong-o Says more than 10,000 May Be Exposed to Gov't Taps," Korea Times, February 13, 1999.
[4742] "Government to Operate Eavesdropping Complaint Center," Korea Herald, October 30, 1999.
[4743] United Nations Human Rights Committee, Summary record of the 1,792nd meeting: Republic of Korea. 22/11/99. CCPR/C/SR.1792, (November 22, 1999).

[4744] "Government's Intrusion into Privacy Is Excessive" Maeil Gyungjae [The Economic Daily], October 19, 2004, available at <http://news.naver.com/news/read.php?mode=LSD&office_id=009&article_id=0000400141&section_id=101&menu_id=101>.
[4745] Id.

[4746] "Location-Tracing Sparks Privacy Concerns", Korea Times, November 16, 2004, available at <http://news.naver.com/news/read.php?mode=LSD&office_id=040&article_id=0000016873&section_id=108&menu_id=108>.
[4747] Id.
[4748] Id.

[4749] "Sharp Rise in Tappings of Mobile Phone Text Messages and Voice Mailboxes by Government Investigative Agencies," JoongAng Daily, November 24, 2004.
[4750] "Government's Intrusion into Privacy Is Excessive," Maeil Gyungjae [The Economic Daily], October 19, 2004, available at <http://news.naver.com/news/read.php?mode=LSD&office_id=009&article_id=0000400141&section_id=101&menu_id=101>.

[4751] "Third party's Recording of Phone Conversation without Consent of Both Parties to the Phone Call Is Illegal," Kookmin Ilbo, October 14, 2002, available at <http://news.naver.com/news/read.php?mode=LSD&office_id=005&article_id=0000122348&section_id=102&menu_id=102>.
[4752] "Not Illegal to Write Article Based on Secret Tape Recording," Edaily, August 3, 2004, available at <http://news.naver.com/news/read.php?mode=LSD&office_id=018&article_id=0000188418&section_id=102&menu_id=102>; see also "Publishing Article Based on Secret Tape Recording of Conversation Is not Unlawful," OhMyNews, August 3, 2004, available at <http://news.naver.com/news/read.php?mode=LSD&office_id=047&article_id=0000048896&section_id=102&menu_id=102>.

[4753] "Illegal phone taps increasing sharply," Korea Herald, June 15, 2005, available at <http://www.koreaherald.co.kr/archives/result_contents.asp?id=200506150043&query=illegal%20phone%20taps>
[4754] "Illegal Phone Taps Increasing Sharply," Korea Herald, June 15, 2005, available at <http://www.koreaherald.co.kr/archives/result_contents.asp?id=200506150043&query=illegal%20phone%20taps>.
[4755] Id.

[4756] "Phone Camera Makers Are Told to Use 'Click' to Protect Privacy," JoongAng Daily, November 12, 2003.
[4757] "Camera Phone to Require Shutter Sound from Next Year," Korea Times, November 11, 2003.

[4758] US State Department Human Rights Report 2004 - South Korea, available at <http://www.state.gov/g/drl/rls/hrrpt/2004/41647.htm>.
[4759] See Amnesty International, Republic of Korea (South Korea), available at <http://www.web.amnesty.org/ai.nsf/index/ASA250181998>.

[4760] US Department of State, Country Report on Human Rights Practices – South Korea 2003.

[4761] No. 4866, Enforcement Decree for the Act Relating to Use and Protection of Credit Information.
[4762] "Stricter Privacy Protection," Korea Herald, July 19, 2001.
[4763] Act No. 542, last amended by Act No. 6196, January 21, 2000.

[4764] E-mail from Kim Nak ho, Department of Communications, Soul National University to Waseem Karim, Law Clerk, Electronic Privacy Information Center (EPIC), July 5, 2002 (on file with EPIC).
[4765] Id.
[4766] Id.
[4767] Id.
[4768] Id.
[4769] Id.

[4770] "Ministry Buys Individual Information for Research", Korea Times, April 20, 2005, available at <http://news.naver.com/news/read.php?mode=LSD&office_id=040&article_id=0000021481&section_id=108&menu_id=108>.
[4771] Id.
[4772] Id.

[4773] Wholly amended by Act No. 7127, January 29, 2004.
[4774] Right to Information (1 KCCR 176, 88 HunMa 22, Sep. 4, 1989).
[4775] “Forming Information Disclosure Enhancement Task Force to ensure the people's rights to know,” Ministry of Government Administration and Home Affairs, August 2, 2007 <http://www.mogaha.go.kr/gpms/ns/mogaha/user/userlayout/english/bulletin/userBtView.action?userBtBean.ctxCd=1030&userBtBean.ctxType=21010009&userBtBean.bbsSeq=1011596>.

[4776] "Privacy or Convenience," Korea Herald, May 22, 2003.
[4777] Among the stated goals "are setting up the national standardization of educational content, evenly distributing educational information among different regions, and establishing more rational educational policies," Launching the National Education Information System (NEIS)
[4778] Participants in the strike were also opposed to pressure from the World Trade Organization to open Korea's educational sector to foreign competitors. "Teachers Union to Launch Strike Against NEIS," Yonhap English News, March 26, 2003.
[4779] Among the risks cited by the NHRCK was the potential for hackers to steal information from the system. Id. The Commission stated that the kind of information that the system contained about a student was so intimate that it demanded constitutional protection. "Privacy or Convenience," Korea Herald, May 22, 2003.
[4780] Hyung-Jin Kim, "Controversial Education Database under Review," Korea Herald, May 20, 2003.

[4781] OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, available at <http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html>.