By Graham Greenleaf, Whon-il Park (Privacy Laws & Business International Report, Issue 119: 22-25, October 2012)
The first decision of Korea’s Personal Information Protection Commission (PIPC) has borne out the perception that Korea’s new Personal Information Protection Act (PIP Act) is ‘Asia’s toughest data privacy law’ (Greenleaf and Park, Privacy Laws & Business International Report, Issue 117: 1, available at http://ssrn.com/abstract=
Google’s TOS changes are considered by the Commission to likely to breach these laws in three ways: (i) they do not specify the purpose of collection clearly enough, and cannot comply with the requirement that personal information may only be collected and used to the minimum extent necessary for the purpose for which it is collected; (ii) they do not comply with the requirement that where personal information is to be used for purposes other than the purpose for which it was collected, it is necessary to obtain additional consents for such uses; and (iii) they do not specify that that personal information will be erased immediately upon the expiration of its retention period or on request from a data subject.
This article analyses this decision, considering the PIPC’s reasoning, and the terms of the Korean legislation, in order to determine whether the PIPC’s findings (and the potential remedial action) are a result of features which are unique to the Korean law, or are they features which are common to at least some other countries’ data privacy laws.
Phi Beta Iota: Google is the Standard Oil and Goldman Sachs and Federal Reserve of the Information Age. It is evil because it can be evil. The US Government has no clue what is gong on behind Google’s black door, because the US Government is incompetent at computational mathematics and cyber-security. NSA and the Cyber-Command are wasting $25 billion a year on cyber-fluff and they not only don’t get it, they don’t want to get as long as the money keeps flowing from a Congress that could care less about the public interest.