Personal Information Protection Commission (South Korea)

Personal Information
Protection Commission
개인정보보호위원회; 個人情報保護委員會; Gaein Jeongbo Boho Wiwonhoe
	; PIPC headquarters in Seoul
Independent agency overview
Formed	September 30, 2011; 12 years ago
Type	National data protection authority
Jurisdiction	KOR
Headquarters	Seoul Government Complex at Jongno-gu, Seoul, South Korea; 37°34′30″N 126°58′31″E / 37.5748817°N 126.9752082°E
Employees	163
Annual budget	58.5 billion KRW; (for 2023)
Independent agency executive	Ko Hak-soo, Chairperson;
Key document	Personal Information Protection Act; (Korean: 개인정보 보호법);
Website	www.pipc.go.kr

The Personal Information Protection Commission is national data protection authority of South Korea. It is formed as independent agency in year 2011 by 'Personal Information Protection Act(PIPA, Korean: 개인정보 보호법)',^[2] and is now located in Government Complex Seoul. The Commission is constituted with 9 commissioners and one of them is the Chairperson, who is appointed by the President of South Korea.

History[edit]

The PIPA of South Korea was first enacted in year 2011 to establish general and comprehensive basis for regulation on data protection, overcoming formerly diffused and conflicting regulations around each type of data. The Act also had a goal to form PIPC as integrated apex authority governing over all data protection issues in South Korea. However, each of laws governing specified types of data continued to exist due to several legal issues, so PIPC was launched in 2011 with rather limited power to govern data protection issues. This limited position is reflected in organizational status of PIPC in 2011, as it was not an independent agency, yet rather an advisory panel for Ministry of the Interior and Safety which was in charge of enforcing PIPA at that time.^[3]

Later in year 2020, the PIPA was amended to give complete power to PIPC as independent regulatory agency, with power to investigate personal data privacy failure cases and jurisdiction over adjudicating complaints and disputes on personal information.^[4] Now under article 7-8 and 7-9 of the PIPA, the PIPC can impose administrative fines. Also by article 7(1), the PIPC is positioned as independent agency under Prime Minister, and article 7(2) guarantees that investigation and adjudication of the PIPC cannot be supervised by the Prime Minister.^[2] This new power of the PIPC draws significant attempts to regulate big techs in South Korea. For example, the PIPC fined Facebook $6.1 million in November 2020 for sharing user's personal data without consent.^[5] Also in September 2022, the PIPC fined Google $50 million and Meta Platforms $22 million for violating South Korean privacy regulations.^[6]

Organization[edit]

After amendement of the PIPA in 2020, the PIPC is now a 'central administrative agency (Korean: 중앙행정기관)', which is identical status as executive departments of the South Korean government. Among nine commissioners of the PIPC, its Chairperson is treated as one of minister in the government.^[7] According to amended article 7-2(2) of the PIPA, both the Chairperson and the vice are only permanent commissioners among nine commissioners, and they are appointed by the President with proposition from the Prime minister. Under article 7-2(2) of the PIPA, other seven non-permanent commissioners are also appointed by the President via following recommendations; two by recommendation of the Chairperson, other two from recommendation of ruling party, and other three from recommendation of opposition parties.^[2]

References[edit]

^ ^a ^b 홍, 인택 (2022-09-13). "국가교육위 예산, 다른 위원회 5분의 1도 안 돼...유명무실 우려". Hankook Ilbo (in Korean). Retrieved 2022-09-14.
^ ^a ^b ^c "Personal Information Protection Act". Korea Legislation Research Institute. Retrieved 2022-09-02.
^ Ko, Haksoo; Leitner, John (2017). "Structure and enforcement of data privacy law in South Korea". International Data Privacy Law. 7 (2): 100–114. doi:10.1093/idpl/ipx004. Retrieved 2022-09-02.
^ Ko, Haksoo; Park, Sangchul (2020). "How to de-identify personal data in South Korea: an evolutionary tale". International Data Privacy Law. 10 (4): 385–394. doi:10.1093/idpl/ipaa015. Retrieved 2022-09-02.
^ Lee, Joyce (2020-11-25). "South Korean watchdog fines Facebook $6.1 million for sharing user info without consent". Reuters. Retrieved 2022-09-01.
^ Choi, Soo-hyang; Lee, Joyce (2022-09-16). "S.Korea fines Google, Meta billions of won for privacy violations". Reuters. Retrieved 2022-09-30.
^ 권, 수현 (2020-08-04). "'개인정보보호 콘트롤타워' 개인정보보호위 내일 공식 출범". Yonhap News Agency (in Korean). Retrieved 2022-09-01.

External links[edit]

[Han-1] 홍, 인택 (2022-09-13). "국가교육위 예산, 다른 위원회 5분의 1도 안 돼...유명무실 우려". Hankook Ilbo (in Korean). Retrieved 2022-09-14.

[PIPA-2] "Personal Information Protection Act". Korea Legislation Research Institute. Retrieved 2022-09-02.

[3] Ko, Haksoo; Leitner, John (2017). "Structure and enforcement of data privacy law in South Korea". International Data Privacy Law. 7 (2): 100–114. doi:10.1093/idpl/ipx004. Retrieved 2022-09-02.

[4] Ko, Haksoo; Park, Sangchul (2020). "How to de-identify personal data in South Korea: an evolutionary tale". International Data Privacy Law. 10 (4): 385–394. doi:10.1093/idpl/ipaa015. Retrieved 2022-09-02.

[5] Lee, Joyce (2020-11-25). "South Korean watchdog fines Facebook $6.1 million for sharing user info without consent". Reuters. Retrieved 2022-09-01.

[6] Choi, Soo-hyang; Lee, Joyce (2022-09-16). "S.Korea fines Google, Meta billions of won for privacy violations". Reuters. Retrieved 2022-09-30.

[7] 권, 수현 (2020-08-04). "'개인정보보호 콘트롤타워' 개인정보보호위 내일 공식 출범". Yonhap News Agency (in Korean). Retrieved 2022-09-01.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

v t e Privacy
Principles	Right of access to personal data Expectation of privacy Right to privacy Right to be forgotten Post-mortem privacy
Privacy laws	Australia Brazil Canada China Denmark England European Union Germany Ghana New Zealand Russia Singapore Switzerland United Kingdom United States California, amended in 2020
Data protection authorities	Australia Denmark European Union France Germany India Indonesia Ireland Isle of Man Netherlands Norway Philippines Poland South Korea Spain Sweden Switzerland Thailand Turkey United Kingdom
Areas	Consumer Digital Education Medical Workplace
Information privacy	Law Financial Internet Facebook Google Twitter Email Personal data Personal identifier Social networking services Privacy-enhancing technologies Privacy engineering Privacy-invasive software Privacy policy Secret ballot Virtual assistant privacy
Advocacy organizations	American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Data Privacy Lab Electronic Frontier Foundation Electronic Privacy Information Center European Digital Rights Future of Privacy Forum Global Network Initiative International Association of Privacy Professionals NOYB Privacy International
See also	Anonymity Cellphone surveillance Data security Eavesdropping Global surveillance Identity theft Mass surveillance Panopticon PRISM Search warrant Wiretapping Human rights Personality rights
Category

Authority control databases
International	ISNI VIAF
National	United States Korea

Independent agency overview
개인정보보호위원회 個人情報保護委員會 Gaein Jeongbo Boho Wiwonhoe

PIPC headquarters in Seoul
Formed	September 30, 2011; 12 years ago (2011-09-30)
Type	National data protection authority
Jurisdiction	KOR
Headquarters	Seoul Government Complex at Jongno-gu, Seoul, South Korea 37°34′30″N 126°58′31″E / 37.5748817°N 126.9752082°E / 37.5748817; 126.9752082
Employees	163^[1]
Annual budget	58.5 billion KRW (for 2023)^[1]
Independent agency executive	Ko Hak-soo, Chairperson
Key document	Personal Information Protection Act (Korean: 개인정보 보호법)
Website	www.pipc.go.kr

Personal Information Protection Commission (South Korea)

History[edit]

Organization[edit]

See also[edit]

References[edit]

External links[edit]