Before its major amendment in 2020, the data protection and privacy matters of ICT service providers were regulated by the Act on the Promotion of Information and Communications Network Utilization and Information Protection (“Network Act”). The data protection and privacy clauses in the Network Act, however, were later integrated into the Personal Information Protection Act (‘PIPA’) in 2020 which is the current data protection and privacy act in South Korea.

Although the PIPA doesn’t have an explicit clause, it is a general view of a Korean regulatory agency that the PIPA is applicable to any foreign business entity operating outside of Korea, so long as their businesses target Korean customers. (more…)