[THE KOREA TIMES_손가람 변호사] International trends in personal information control


64b685b708f44f5e9ec2db740498be42By Shon Ga-ram

In May 2017, Baidu announced its policy that only users with real-name accounts could use its services. This decision by Baidu, one of China’s largest portal websites, has become a big topic for discussion. In fact, the company took this action to comply with the Chinese Network Security Act (NSA), enforced from 2017.

According to the NSA, operators of “core infrastructure facilities” must store important business data in China. The clause will go into effect starting in 2019. Violating the regulation on this clause could subject a company to a fine, business suspension, site closure, etc. As a result, many foreign firms have moved their data servers to China.

Although there have been concerns that the NSA has strengthened Chinese government control of cyberspace, the strengthening of regulations regarding personal information seems to be an international phenomenon.

In the European Union, the General Data Protection Regulation (GDPR) was established in May 2016 and has been in force since May 2018. Under this law, data controllers that are not established in the EU have to designate agents within the EU, so that disputes can be quickly resolved in the region to protect the rights of its residents.

The GDPR prescribes a penalty of up to 20 million euros for violations of the GDPR, thereby preventing companies from neglecting personal information issues. In the case of a cryptocurrency exchange or an IT service provider, there are many users from various countries. Any exchange or service provider who has any users resident in the EU must consider designating agents in the EU.

The Korea Personal Information Protection Act (PIPA) has also been strengthened gradually, but so far there are not many cases in which PIPA has been applied to overseas data processing. However, it is expected that there will be more disputes regarding international processing of personal information soon.

Considering the NSA and the GDPR, it may be a good idea for companies to establish local branches in China and the EU if they have any clients living in those jurisdictions, but this is not yet required in Korea.

Shon Ga-ram has been a member of the Corporate & Finance Practice Group at HMP Law since 2016. He specializes in personal information protection, corporate governance, finance, litigation and tax.

Leave a Reply