Cyber Law in South Korea
Introduction
South Korean cyber law addresses the legal challenges arising from the country’s advanced digital infrastructure, high internet penetration, and status as a global leader in online gaming and e-commerce. The legal framework encompasses cybersecurity, data protection, online defamation, digital evidence, and game regulation. Core statutes include the Act on Promotion of Information and Communications Network Utilization and Information Protection (Network Act) , the Personal Information Protection Act (PIPA) , and the Information and Communications Network Act.
Cybersecurity Law
The Network Act (정보통신망법, 2001) imposes obligations on information and communications service providers (ICSPs) to protect user data and maintain network security. Key provisions include:
- Data breach notification: ICSPs must immediately notify users and report to authorities upon data breaches
- Technical protection measures: Encryption, access control, and anti-malware requirements
- Cyber attack response: The Korea Internet & Security Agency (KISA) operates a Computer Incident Response Team (CERT)
The Act on the Protection of Information and Communications Infrastructure (2001) designates critical infrastructure and mandates security countermeasures. The National Cybersecurity Strategy (2019) established a whole-of-government approach to cyber threats.
Online Defamation
The Act on Promotion of Information and Communications Network Utilization criminalizes online defamation (Article 70). Key features:
- Defamation through an information and communications network is punishable by up to 3 years imprisonment or a fine of KRW 30 million
- The “temporary measure” system (temporary blocking) allows ICSPs to suspend access to allegedly defamatory content
- The Constitutional Court has upheld Article 70 but limited its application to protect freedom of expression (2012Hun-Ba97)
Digital Evidence
The Criminal Procedure Code and the Act on Electronic Document and Transaction govern digital evidence admissibility. Digital evidence must meet authenticity requirements: the court examines the integrity of the electronic document, the reliability of the storage medium, and the chain of custody. The Supreme Court has held that digital evidence authenticated through hash values and electronic signatures is admissible (Supreme Court, 2007Do1139).
Game Law Regulation
South Korea has a distinctive regulatory regime for online gaming:
- Game Industry Promotion Act (게임산업진흥법, 2006): Regulates game ratings, prohibits illegal gaming, and restricts “shutdown” for minors
- Shutdown System (Cinderella Law, 2011): Prohibits minors under 16 from playing online games between midnight and 6 AM (upheld by Constitutional Court, 2014Hun-Ba253)
- Probability disclosure requirement (2024 amendment): Game companies must disclose probability information for randomized item draws
Conclusion
South Korean cyber law reflects the tension between security, privacy, and innovation in a hyper-connected society. The framework continues to evolve, particularly in response to AI-driven cyber threats, deepfake regulation, and the convergence of data protection with cybersecurity requirements.