PHR2004 - The Republic of Korea

Republic of (South) Korea

The Constitution of the Republic of Korea provides for the protection of secrecy and liberty of private life. Article 16 states, "All citizens are free from intrusion into their place of residence. In case of search or seizure in a residence, a warrant issued by a judge upon request of a prosecutor has to be presented."[1] Article 17 states that "the privacy of no citizen shall be infringed."[2] Article 18 states, "The privacy of correspondence of no citizen shall be infringed."[3] In general, the government respects the integrity of the home and family.[4]

South Korea has adopted a data protection regime similar to the United States and Japan, with one act covering the public sector and sectoral legislation for the private sector.[5] The statute in the former category is the 1994 Act on the Protection of Personal Information Maintained by Public Agencies,[6] which is generally applicable to the automated processing of personal data in the public sector, but not to manual records.[7] This statute has a provision recommending that private entities respect the data protection principles in the statute, but it has no appropriate administrative or enforcement mechanism to that effect.[8]

The Act on the Protection of Personal Information Maintained by Public Agencies imposes an obligation on public agencies to maintain records of personal information databases and to report these databases to the Ministry of Government Administration and Home Affairs (MOGAHA), the ministry responsible for the Act.[9] The MOGAHA publishes lists of these databases in an official journal, which is publicly available.[10] In addition, the MOGAHA can request relevant information from the data holding entities and issue opinions on their data processing practices.[11] A data subject has a right of access to, and correction of, personal information held by public agencies.[12]

The Act establishes a Data Protection Review Commission, under the Premier's Office, headed by the Vice-Minister of the MOGAHA, to recommend and review proposals on improving data protection policy.[13]

The Act has been criticized for its ineffectiveness.[14] The MOGAHA has placed little emphasis on rigorous application of the legislation and reportedly has little will to uphold privacy versus administrative efficiency. In January 1999, the Act was amended to give even more power to the MOGAHA, streamline the procedure for access to personal information by data subjects, and limit exemptions to disclosure. However, there remains no independent oversight of government application of the Act.

Acts governing the collection, use and disclosure of personal information in the private sector include the Protection of Communications Secrets Act (1993);[15] the Telecommunications Business Act (1991);[16] the Medical Service Act (1973);[17] the Real Name Financial Trade and Secrecy Act;[18] the Use and Protection of Credit Information Act (1995);[19] the Framework Act on Electronic Commerce (1999);[20] and the Digital Signatures Act (1999).[21]

As early as 1997, legislators and academics proposed a general privacy law for the private sector.[22] However, the government proposed and later adopted a narrower alternative that targeted only the information and telecommunications industries. The Act on Promotion of Information and Communications Network Utilization and Data Protection,[23] modeled after the German Online Service Data Protection Act of 1997,[24] came into effect in 2000. The Act adopts common "fair information principles"[25] and rules for the collection, use, and disclosure of personal data by "providers of information and communications services," such as common carriers, Internet service providers and other intermediaries, particularly content providers. The Act also covers specific off-line service providers such as travel agencies, airlines, hotels, and educational institutes.

The Act requires that "data users" seek consent from "data subjects" for the collection, use, and disclosure of data to a third party "beyond the notification as prescribed in the Act or the limit specified in a standardized contract for the utilization of the information and communication services."[26] Data users should collect as little personal data as is necessary[27] and are prohibited from collecting sensitive personal information, including ideology, faith and medical data without explicit consent of the data subject.[28] However, consent is not required when it is necessary to give effect to a contract, adjust fees, or when the personal information is provided after having been rendered unidentifiable to the individual, such as for the compilation of statistics, academic research or market surveys.[29]

The Act allows the data subject to withdraw consent for the collection, use and disclosure of data at any time and requires the data user to comply unless the preservation of such personal information is required by another Act. Further, every data subject has a right to access and correct his or her personal information.[30]

A data user must obtain consent from an appropriate legal guardian when collecting, using or disclosing personal information from children under fourteen, and may request appropriate minimum information of the guardian in order to effect that consent. A legal guardian has a right to access and correct the child's personal information. Upon receiving a guardian's request for correction, the data user must cease to use or disclose erroneous information until they have made the correction.[31]

The Act prohibits one from sending unsolicited commercial e-mail contrary to an addressee's explicit refusal of such mails.[32] All unsolicited commercial e-mails must contain the word "Advertisement" in the subject line of each and every message and must contain opt-out instructions and contact information for the sender.[33] Additionally, several direct marketers established the Association for the Improvement of the E-Mail Environment in early 2002 to help cope with the increasing number of unsolicited commercial e-mails problem in Korea.[34] In March 2004, the Ministry of Information and Communication (MIC) fined 68 online marketers – over half of the 120 fined in 2003 – in an effort to achieve the government's goal of reducing the number of spam emails by half.[35] According to Internet service operators in Korea, more than four out of every five e-mails sent last year in Korea were spam.

The government imposes criminal and administrative penalties for breaches of data protection principles. The processing of personal information, without consent or beyond the scope of the purpose for which the collection was made, attracts either penalties of up to one year in prison or a fine of WON 10 million.[36] Data subjects may file damage claims for breaches of the Act with the Personal Information Mediation Committee or with a court. The onus is on the data user to prove either good faith intentions to comply, or non-negligence.[37]

There is significant overlap between the aforementioned act and the Framework Act on Electronic Commerce and the Digital Signatures Act. For this reason and others, some legal commentators have called for comprehensive reform.[38] The Framework Act on Electronic Commerce (FAEC) requires data users to give data subjects sufficient information regarding purpose of collection to give informed consent.[39] Under this act, the data user must obtain explicit consent from the data subject prior to collecting personal information and is prohibited from using the personal information collected for inconsistent purposes.[40] Additional requirements of the FAEC include appropriate security,[41] and a right of access, correction or deletion.[42] The Digital Signatures Act (DSA) prohibits an individual from fraudulently using another person's private key or issuance of a key.[43] It also has data protection provisions[44] similar to the Electronic Commerce Act and penalties equal to the Act on Promotion of Information and Communications Network Utilization and Data Protection.

In October 2000, the MIC proposed a cyber-crime prevention system to combat an increase in fraud, gambling, and privacy intrusion on the Internet. The system would establish a monitoring network, a cyber conflict coordination committee, and damage control centers.[45] In March 2001 the MIC announced that it would invest WON 277.7 billion (around USD 237 million) over the next five years to develop the country's information security industry, including public-key infrastructure, biometrics, and high-density/high speed ciphers.[46]

In December 2001, the MIC established the Personal Information Dispute Mediation Committee, as an alternative to civil litigation, to facilitate a prompt, convenient and appropriate settlement of data protection disputes.[47] Members of the Committee, which includes lawyers, IT engineers, professors, consumer advocates and representatives from industry, are appointed for three-year terms.

Both data subjects or data users can initiate mediation, free of charge. The Committee first engages in informal fact-finding and makes non-binding recommendations for settlement. If parties cannot reach a settlement, they can begin formal mediation. If parties fail to reach a mediated settlement, they can pursue matters in a competent civil court. They can also bypass the Committee process altogether and go directly to court.[48]

The Korea Association of Information and Telecommunication (KAIT) has instituted a privacy trust mark for web sites and other online businesses that satisfy appropriate data processing standards. Regarding personal information, qualified trust mark applicants provide notice and purpose of collection, use and disclosure. In addition, the applicants provide special treatment for children under 14, and offer remedies for data subjects.

In June 2004, the Korea Information Security Agency (KISA) found that many Korean Internet web sites pose a threat to personal information privacy. The agency reported that thousands of web sites that collect personal information about subscribers, including citizen registration numbers, remain vulnerable to security breaches.[49] To address this problem, KISA plans to conduct more investigations, levy administrative penalties on offending web sites, and solicit feedback on privacy problems from users. Furthermore, the Ministry of Government Administration and Home Affairs proposed a bill, which requires approval by the National Assembly to become law, that bars Korea's 35,000 public institutions from exchanging private information about citizens without permission. The bill, however, includes an exemption for public authorities dealing with national security affairs, criminal investigations, and tax audits.

Extending the doctrine of privacy law, Korean courts have tacitly recognized a "right of publicity," an individual's right to control the commercial use of his or her identity.[50]

Plaintiffs in invasion of privacy and defamation tort cases have the burden of proving that both the facts and the standard for the action are met.[51] If successful, plaintiffs are entitled to compensatory relief for damages resulting from as little as "hurt feelings."[52] Putative damages, however, are unavailable.[53] Actions related to the right of privacy or defamation are rarely brought before Korean courts due to the cultural dislike against bringing private matters into such a public forum.[54]

In an attempt to resolve the tension between the right of privacy and the constitutionally protected "freedom of speech and press"[55] or "freedom of the arts,"[56] Korean courts have held that "a decedent's right of privacy should be recognized only if his personal honor would be severely injured."[57] In another case, a Seoul court found that five female university students were entitled to damages when a Newsweek photographer published a photo of them at school without their permission in conjunction with an unfavorable accompanying article.[58]

In November 2003, the government introduced a revised version of the Terrorism Prevention Bill that expands the NIS' power to enact anti-terrorism measures. The bill was originally introduced in November 2001 but failed to secure the requisite number of votes in the National Assembly in April 2002. Human rights organizations, including Amnesty International, have criticized the bill's Article 4 provision creating a Counter-Terrorism Center, under the command of the secretive NIS, and its Article 8 provision denying the rights of non-citizens who are suspected of being "terrorists" to apply for asylum.[59] In its current form, the bill's Article 13, which concerns spreading false information regarding terrorists, and the expansion of the NIS' power to recommend the deportation of foreign nationals, is under intense scrutiny from the human rights community in South Korea.[60]

State security services have a history of conducting surveillance of political dissidents. The Korean Government designed the Protection of Communications Secrets Act of 1993 and the reform of the National Intelligence Service (NIS, formerly known as the National Security Planning Agency) to curb the government surveillance of civilians. According the US Department of State, these measures "appear to have succeeded."[61]

The Protection of Communications Secrets Act lays out broad conditions under which the monitoring of telephone calls, mail, and other forms of communication are legal.[62] This Act requires government officials to secure a judge's permission before placing wiretaps, or, in the event of an emergency, soon after placing them. The Act also provides jail terms for persons who violate this law. Some human rights groups argue that a considerable amount of illegal wiretapping, shadowing, and surveillance photography still occurs, and they assert that the lack of an independent body to investigate whether police have employed illegal wiretaps hinders the effectiveness of the anti-wiretap law.

The NIS has been under attack due to alleged illegal wiretapping. Politicians of the opposition Grand National Party (GNP) charged that the NIS illegally wiretapped conversations during their election campaigns.[63]

Under previous administrations, there were widespread surveillance and wiretapping abuses by intelligence and police officials. In October 1998, President Kim Dae-jung ordered a full-scale probe into illegal wiretapping. Rep. Kim Hyong-o of the opposition Grand National Party ("GNP") stated that he believed that over 10,000 taps were actually placed in 1998.[64] The government proposed amendments to the Telecommunications Law in November 1999 that would allow victims of illegal wiretapping to sue in court, limit the number of crimes for which wiretapping is allowed, and provide for notice to targets of wiretapping. The government set up a wiretapping complaint center under the MIC in October 1999.[65] The United Nations Human Rights Commission heard testimony on Korean wiretapping at its meeting in October 1999.[66]

In 1998, several opposition legislators broke into the NIS liaison office in the National Assembly and removed documents that they claim substantiated allegations that the NIS was conducting surveillance of Assembly members.[67] The members further alleged that their homes, offices, and cellular telephones were tapped. These members called for either tightening or abolishing a provision in the existing law that allows government officials to obtain retroactive judicial permission to monitor a conversation (especially a cellular telephone call) in the event of an emergency.[68]

According to statistics released by the MIC in 2003, the number of wiretapping cases increased to 1,665 in 2003, up 11.8 percent from 2002. Requests to check criminal suspects' communication records and their identities also jumped by 36.3 percent and 48.1 percent to 44,500 and 61,405 cases, respectively.[69] Emergency wiretapping, which is conducted without approval from the court, fell to 31 cases in 2003 from 39 in 2002 and 69 in 2001.[70] The NIS conducted approximately half of the total wiretapping cases with 853, followed by the prosecution's 514 and the police's 180.[71] Bugging of mobile phone instant messages and emails increased by 27.8 percent to 216 cases, while wiretapping for fixed-line phones and the Internet grew by 8.3 percent and 10.7 percent, respectively.[72]

Fresh on the heels of similar developments in Hong Kong, the MIC stated in December 2001 that mobile service providers have been neglecting rules regarding user privacy and that companies need to clarify their legal obligations with respect to subscriber privacy. The MIC has proposed a measure to require mobile phone companies to require location-detecting technology in their phones.[73] The measure would allow mobile service providers to offer location information to third parties under specific conditions.[74] Privacy advocates are concerned about the proposed measure, particularly because Korean mobile service providers have a bad track record of protecting consumer information. Most recently, provider Korea Telecom Freetel (KTF) admitted that a data leak occurred when an Internet site revealed the exact location of KTF subscribers with GPS enhanced mobile phones.[75]

South Korea has one of the world's highest concentrations of mobile-phone users. As the quality of photos taken by phone cameras improves, there is rising concern about possible privacy abuses. In November 2003, the MIC introduced regulations to protect against the surreptitious taking of photos in public areas such as locker rooms and swimming pools. Starting in 2004, mobile phone manufacturers are required to design camera-enabled mobile phones to make "camera shutter" sounds, of at least 64 decibels, when a picture is taken.[76] The Korea Times reported that the MIC is drafting a new bill to prohibit individuals from taking photographs of others using camera phones without prior consent.[77]

Amnesty International reports that the Korean government continued to require released political prisoners to report regularly to the police under the Social Surveillance Law.[78] According to the US State Department, under the National Security Law, it is forbidden for South Koreans to listen to North Korean radio in their homes or read books published in North Korea if the government determines that they are doing so to help North Korea. However, in 1999 the government made it legal for South Koreans to view North Korean satellite telecasts in their private homes. The government also allows the personal perusal of North Korean books, music, television programs, and movies as a means to promote understanding and reconciliation with North Korea. Student groups make credible claims that government informants are posted on university campuses.[79]

The Act Relating to Use and Protection of Credit Information of 1995 protects credit reports.[80] In July 2001, three large credit card companies were fined under this law. The companies were found to have disclosed personal information on their customers (including bank account numbers, pay levels and credit card transaction records, and customer identifiers such as names, addresses, phone numbers and resident-registration numbers) to insurance companies without giving notice to their customers or obtaining their consent in advance.[81] Postal privacy is protected by the Postal Services Act.[82]

Since January 2002, Korea has maintained a DNA database of missing children.[83] Registry in the database is voluntary, and it is available to parents and children in orphanages.[84] The Supreme Public Prosecutor's Office (SPPO) analyses the samples, and the information is stored in a database maintained by Biogrand, a private company.[85] Privacy advocates are concerned by the fact that the SPPO, an office engaged in criminal prosecutions, collects the DNA samples.[86] The SPPO maintains that they do not have access to personally identifiable information aside from age and sex when they receive a DNA sample, and that the database's use is strictly for family relationships.[87] Privacy advocates are nevertheless wary because there are no specific laws that address DNA information.[88] As such, there is the potential for abuse and extending the database's function.

The Act on Disclosure of Information by Public Agencies is a freedom of information act that allows Koreans to demand access to government records. It was enacted in 1996 and went into effect in 1998. The Supreme Court ruled in 1989 that there is a constitutional right to information "as an aspect of the right of freedom of expression, and specific implementing legislation to define the contours of the right was not a prerequisite to its enforcement."[89]

On November 25, 2001, South Korea created the National Human Rights Commission (NHRC) to independently investigate human rights violations, including privacy violations, and offer remedies when applicable.[90] The NHRC is comprised of 11 Commissioners and 167 staff. According to the US State Department Human Rights Report, women enjoy equal access to education, but face job discrimination in the private sector and are disadvantaged by some government agencies' preferential hiring of men.[91] Violence and sexual harassment against women continue to be serious problems despite recent legislation and other initiatives to protect women. Women's groups say that rape and sexual harassment generally are not prosecuted and that convicted offenders often receive light sentences.[92]

In March 2003, the Korean Ministry of Education and Human Resources launched the operation of the National Education Information System (NEIS), a nationwide database that links the information of over 10,000 school and education agencies.[93] The purpose of the NEIS is to enable schools to share education information with each other.[94] Various organizations opposed the implementation of the NEIS due to the threat that the system poses on the privacy of students and teachers, including the National Teacher's Union, who organized a strike.[95] Furthermore, the NHRC recommended that the Ministry of Education abandon maintaining three categories of information (school management information, student academic records, and health and enrollment records) within the NEIS, determining that both the Ministry lacked the legal foundation to implement NEIS in this manner, and the threat that the system posed to privacy was significant.[96] As a result of the opposition, the government decided that they would rethink the NEIS after gathering more information.[97]

South Korea is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

[1] Constitution of The Republic of Korea, Chapter II (Rights and Duties of Citizens), § 16; Section 9 further stating that "it shall be the duty of the State to confirm and guarantee the fundamental and inviolable human rights of individuals."

[2] Id. § 17.

[3] Id. § 18.

[4] US Department of State, Korea (Republic of) Country Report on Human Rights Practices for 2003 at <http://www.state.gov/g/drl/rls/hrrpt/2003/27776.htm>.

[5] C. Chung and I. Shin, "On-Line Data Protection and Cyberlaws in Korea" 27 Korean J. of Int'l and Comp. L. 21, 24 (1999).

[6] Act No. 4734.

[7] Id. §§ 1, 2(3).

[8] Chung and I. Shin, supra at 31.

[9] Act No. 4734 § 6.

[10] Id. §§ 7-8.

[11] Id. §§ 18-19.

[12] Id. §§ 12, 16.

[13] Act No. 4734 § 20.

[14] C. Chung & I. Shin, "On-Line Data Protection and Cyberlaws in Korea" 27 Korean J. of Int'l and Comp. L. 21, 33 (1999).

[15] Act No. 4650. Article 54 of this act provides that:

No personal shall encroach upon or divulge communications secrecy held by a telecommunications business operator. The one engaged or has been engaged in telecommunications service shall not divulge others' communication secrets obtained while in office. When related authorities ask for perusal or submission of documents regarding telecommunications service in writing for investigatory purposes, the telecommunications business operator or the one entrusted with partial treatment of telecommunications service under Art. 12 of this act may accede.

[16] Act No. 4394.

[17] Act No. 2533.

[18] Act No. 5493.

[19] Act No. 4866.

[20] Act No. 5834.

[21] Act No. 5792.

[22] See C. Chung, "International Developments in the Data Protection and Some Proposals for Korean Legislation," The Korean J. of Info. Soc. (1997).

[23] Act No. 5835.

[24] Gesetz zur Regelung der Rahmenbedingungen für Information sund Kommunikationsdienste: IuKDG, Ch. 2.

[25] The fair information principles of the Act are derived from the eight principles found in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, September 23, 1980, OECD, available at <http://www.oecd.org/document/20/0,2340,en_2649_34255_15589524_1_1_1_1,00.html>.

[26] Act No. 5835, § 16 (2).

[27] Id. § 16(1).

[28] Id. §4.

[29] Id. 3. But see L. Sweeney, The Identifiability of Data, (forthcoming), discussing the ease of re-identifying ostensibly de-identified data.

[30] Act No. 5835, § 18(2).

[31] Id. § 18(4).

[32] Act No. 5835, § 19(3).

[33] Id 5. Due to the volume of unsolicited commercial e-mails, the government is contemplating an amendment which would curtail distribution and punish senders. Further, the amendment proposes the addition of "Adult" or "Consent" in the subject line of each and every unsolicited commercial e-mail and punitive measures for their senders who use false contact information or hinder technologically their tracing or deletion.

[34] Personal Information Dispute Mediation Committee of the Korea Information Security Agency, "Personal Data Protection in Korea," August 2002, at 12 (available at <http://www.cyberprivacy.or.kr/inter.html>). ".

[35] "Korea to Half Spams this Year," The Korea Times, March 19, 2004, available at <http://search.hankooki.com/times/times_view.php?terms=spam+code%3A+kt&path=hankooki3%2Ftimes%2Flpage%2Ftech%2F200403%2Fkt2004031917570311800.htm>.

[36] Act No. 5835, § 30. Additionally, § 32 imposes lesser administrative penalties of WON 5 million for violations of other data protection principles.

[37] Personal Information Dispute Mediation Committee of the Korea Information Security Agency, "Personal Data Protection in Korea," August 2002 at 4.

[38] See C. Chung and I. Shin, "On-Line Data Protection and Cyberlaws in Korea," supra at 42-43, citing the lack of an appropriate oversight authority as the major weakness of the Korean data protection regime; I. Kim, "A Study on the Data Protection Act" 26 Public Law 2 (June 1998) (in Korean); I. Lee, "Trends in the Korean Data Protection Legislation" Road to the Information Society (November 1999) (in Korean).

[39] Act No. 5834, §§ 30-31.

[40] Id.§ 13(2).

[41] Id. § 13(3).

[42] Id. § 13(4).

[43] Act No. 5792, §§ 19-23.

[44] Id. § 24.

[45] "Ministry of Information to Set up Cyber Crime Prevention System," Korea Herald, October 16, 2000.

[46] "Gov't Unveils 5-Year Plan for Security Technology," Korea Herald, March 14, 2001.

[47] Personal Information Dispute Mediation Committee of the Korea Information Security Agency, "Personal Data Protection in Korea," August 2002 at 8-9.

[48] Id.

[49] "Agency Says the Web is Quite a Leaky Place," Joong Ang Daily, June 15, 2004 <http://joongangdaily.joins.com/200312/04/200312040128212409900090609061.html>.

[50] H. Nam, "The Applicability of the Right of Publicity in Korea," 27 Korean J. of Int'l and Comp. L. 45, 49 (1999). See also W. Han, "Infringement of the Right of Publicity and Civil Liability," 12 Human Rights and Justice 109, 116 (1996) (in Korean).

[51] H. Nam, supra, at 88.

[52] Id.

[53] Id.

[54].Id. at n. 122 (1999). But see "Grassroots Pro-privacy Movements on the Rise," BNA World Data Protection Report, November 2001, at 8, as evidence that Koreans are generally concerned about privacy issues.

[55] Constitution of Korea, Art. 21.

[56] Id. Article 22, Cl. 1.

[57] Marianne Sim Lim v. Jin-Myung Kim, Seoul Dist. Ct., 94 Kahab 9230 (June 23, 1995), involving a "model novel" which depicted the life of the deceased subject in a fictional manner.

[58] Sun-Jeong Kwon, Hyun-Ju Kim and Yun-Hwa Kim v. Newsweek Inc., Seoul Civil Dist. Ct., 92 Gadan 57989 July 8, 1993.

[59] "The Revised Terrorism Prevention Bill: Fear of Increased Human Rights Abuses," Amnesty International, October 10, 2003.

[60] Id.

[61] US Department of State, Bureau of Democracy, Human Rights, and Labor, Korea (Republic of) Country Report on Human Rights Practices for 2001 <http://www.state.gov/g/drl/hrrpt/2001>.

[62] Act No. 4650.

[63] Kim Kyung-ho, "Three Nabbed in Wiretapping Inquiry – Roh Spurs on Prosecution as Lawmakers Refuse to be Questioned," The Korea Herald, March 19, 2003. These charges were based on leaked documents GNP politicians obtained from the NIS alleged to reveal the wiretapping. Id.

[64] "Kim Hyong-o Says More than 10,000 May Be Exposed to Gov't Taps," Korea Times, February 13, 1999.

[65] "Government to Operate Eavesdropping Complaint Center," The Korea Herald, October 30, 1999.

[66] United Nations Human Rights Committee, Summary record of the 1792nd meeting: Republic of Korea. 22/11/99. CCPR/C/SR.1792, (22 November 1999).

[67] US Department of State, Bureau of Democracy, Human Rights, and Labor, Korea (Republic of) Country Report on Human Rights Practices for 2000 at s. (f), available at <http://www.state.gov/g/drl/hrrpt/2000/>.

[68] Id.

[69] "Wiretapping Cases up 12 Percent," Korea Times, February 11, 2004.

[70] Id.

[71] Id.

[72] Id.

[73] Yang Sung-jin, "Push for Location-Based Service Law Confronts Obstacles," The Korea Herald, March 25, 2003.

[74] Id.

[75] Id.

[76] "Phone Camera Makers Are Told to Use 'Click' to Protect Privacy," JoongAng Daily, November 12, 2003.

[77] "Camera Phone to Require Shutter Sound from Next Year," The Korea Times, November 11, 2003 <http://times.hankooki.com/lpage/tech/200311/kt2003111120385111810.htm>.

[78] See Amnesty International, Republic of Korea (South Korea): On trial for defending his rights: the case of human rights activist Suh Jun-sik, available at <http://www.web.amnesty.org/ai.nsf/index/ASA250181998>, under the law, some released prisoners are required to report to the police when moving or traveling.

[79] U.S. Department of State, Bureau of Democracy, Human Rights, and Labor, Korea (Republic of) Country Report on Human Rights Practices for 2003, available at <http://www.state.gov/g/drl/hrrpt/2003/>.

[80] No. 4866, Enforcement Decree for the Act Relating to Use and Protection of Credit Information.

[81] "Stricter Privacy Protection," Korea Herald, July 19, 2001.

[82]Amended by Law No. 2372, Dec.16, 1972; Law No.3602, December 31, 1982.

[83] E-mail from Kim Nak ho, Department of Communications, Soul National University to Waseem Karim, Law Clerk, Electronic Privacy Information Center (EPIC), July 5, 2002 (on file with EPIC).

[84] Id.

[85] Id.

[86] Id.

[87] Id.

[88] Id.

[89] Right to Information (1 KCCR 176, 88 HunMa 22, Sep. 4, 1989), available at <http://www.ccourt.go.kr/english/case4.html>.

[90] See MD Presswire, November 12, 2002.

[91] US Department of State, Korea (Republic of) Country Report on Human Rights Practices for 2003 at <http://www.state.gov/g/drl/rls/hrrpt/2003/27776.htm>.

[92] Freedom in the World 2003: The Annual Survey of Political Rights and Civil Liberties (Freedom House 2003).

[93] "Privacy or Convenience," The Korea Herald, May 22, 2003.

[94] Launching the National Education Information System (NEIS), available at <http://www.moe.go.kr/English/Policy/pds_v.php?number=28&db=bbs13_1_5&tb=engmoebbs2002&gubun=opi&mod=&keyset=&searchword=>. Among the stated goals "are setting up the national standardization of educational content, evenly distributing educational information among different regions, and establishing more rational educational policies." Id.

[95] "Teachers Union to Launch Strike Against NEIS," Yonhap English News, March 26, 2003. Participants in the strike were also opposed to pressure from the World Trade Organization to open Korea's educational sector to foreign competitors. Id.

[96] "Privacy or Convenience," The Korea Herald, May 22, 2003. Among the risks cited by the NHRC was the potential for hackers to steal information from the system. Id. The Commission stated that the kind of information that the system contained about a student was so intimate that it demanded constitutional protection. Id.

[97] Kim Hyung-jin, "Controversial Education Database under Review," The Korea Herald, May 20, 2003.