Korean DPA Faults Google's TOS Changes: Global Privacy Implications?
By Graham Greenleaf, Whon-il Park (Privacy Laws & Business International Report, Issue 119: 22-25, October 2012)
Abstract:
The first decision of Korea’s Personal Information Protection Commission (PIPC) has borne out the perception that Korea’s new Personal Information Protection Act (PIP Act) is ‘Asia’s toughest data privacy law’ (Greenleaf and Park, Privacy Laws & Business International Report, Issue 117: 1, available at http://ssrn.com/abstract=
Google’s TOS changes are considered by the Commission to likely to breach these laws in three ways: (i) they do not specify the purpose of collection clearly enough, and cannot comply with the requirement that personal information may only be collected and used to the minimum extent necessary for the purpose for which it is collected; (ii) they do not comply with the requirement that where personal information is to be used for purposes other than the purpose for which it was collected, it is necessary to obtain additional consents for such uses; and (iii) they do not specify that that personal information will be erased immediately upon the expiration of its retention period or on request from a data subject.
This article analyses this decision, considering the PIPC’s reasoning, and the terms of the Korean legislation, in order to determine whether the PIPC’s findings (and the potential remedial action) are a result of features which are unique to the Korean law, or are they features which are common to at least some other countries’ data privacy laws.
Continue reading “Yoda: South Korea Slams Google Evil in Privacy Violations”
