Korea Rolls Back ‘Real Name’ and ID Number Surveillance
Privacy Laws & Business International Report, No. 119, pp. 20-1, October 2012
4 Pages Posted: 10 Dec 2012
Date Written: December 10, 2012
South Korea’s online ‘real name’ statute - Article 44-5 of the Act on Promotion of Information and Communications Network Utilization and Data Protection, etc. (the 'ICN Act') was enacted in 2007 in response to such things as posted Internet comments describing fictitious sex scandals and plastic surgery operations concerning celebrities, and a number of suicides of celebrities. It required large-scale portal sites with more than 100,000 visitors on average a day to record the real name identities of visitors posting comments, usually via the poster's resident registration number (RRN). One result was that many South Koreans Internet commentators started to use overseas websites which allowed anonymous posting, such as Google and Twitter, and some therefore argued the law discriminated against domestic Internet services. A series of security breaches resulting in leaks of of personal data concerning millions of South Koreans from those websites that were required to adopt real-name policy also occurred over the last couple of years.
In August 2012 South Korea’s Constitutional Court unanimously held that the ‘real name’ statute is unconstitutional because the public gains achieved had not been substantial enough to justify restrictions on individuals' rights to free speech. The two cases decided by the Court were brought by individuals who were required to provide their real names in order to make postings, and also by an online Internet publisher required by the law to verify the names of those posting. This article analyses the Court’s reasoning, in the context of other decisions concerning freedom of speech, and the overall relaxation of South Korea’s previously very restrictive Internet environment.
Legislative reform has occurred in parallel. The RRN was previously compulsory in almost all dealings with government and many organizations in the private sector. Abuse of the RRN accounted for over 20% of all complaints about misuse of personal information. Under Korea’s new Personal Information Protection Act of 2011, unique identifiers the including RRN may not be processed without consent and explicit legislative approval. Alternative means of identification other than the RRN must now be provided by processors where individuals are subscribing to web-based services.
The article concludes with parallels between developments in Korean and European data protection.
Keywords: Korea, privacy, data privacy, real names, RRN, constitution
Suggested Citation: Suggested Citation