Korean DPA Faults Google's TOS Changes: Global Privacy Implications?
Privacy Laws & Business International Report, Issue 119: 22-25, October 2012
5 Pages Posted: 9 Dec 2012
Date Written: 2012
The first decision of Korea’s Personal Information Protection Commission (PIPC) has borne out the perception that Korea’s new Personal Information Protection Act (PIP Act) is ‘Asia’s toughest data privacy law’ (Greenleaf and Park, Privacy Laws & Business International Report, Issue 117: 1, available at http://ssrn.com/abstract=2120983). The PIPC has decided that Google’s changes to the Terms of Service (TOS) of over 60 of its services, unifying them in a single TOS, may be in breach of various provisions of the Act.
Google’s TOS changes are considered by the Commission to likely to breach these laws in three ways: (i) they do not specify the purpose of collection clearly enough, and cannot comply with the requirement that personal information may only be collected and used to the minimum extent necessary for the purpose for which it is collected; (ii) they do not comply with the requirement that where personal information is to be used for purposes other than the purpose for which it was collected, it is necessary to obtain additional consents for such uses; and (iii) they do not specify that that personal information will be erased immediately upon the expiration of its retention period or on request from a data subject.
This article analyses this decision, considering the PIPC’s reasoning, and the terms of the Korean legislation, in order to determine whether the PIPC’s findings (and the potential remedial action) are a result of features which are unique to the Korean law, or are they features which are common to at least some other countries’ data privacy laws.
Keywords: privacy, Korea, Google, Terms of Service, TOS, data privacy
Suggested Citation: Suggested Citation