Personal Information Protection Commission | |
Native Name A: | Korean: 개인정보보호위원회 個人情報保護委員會 |
Agency Type: | National data protection authority |
Type: | Independent agency |
Jurisdiction: | Korea, Republic of |
Headquarters: | Seoul Government Complex at Jongno-gu, Seoul, South Korea |
Coordinates: | 37.5749°N 126.9752°W |
Employees: | 163[1] |
Budget: | 58.5 billion KRW (for 2023) |
Chief1 Name: | Ko Hak-soo |
Chief1 Position: | Chairperson |
Keydocument1: | Personal Information Protection Act (Korean: 개인정보 보호법) |
The Personal Information Protection Commission is the national data protection authority of South Korea. It is formed as independent agency in year 2011 by 'Personal Information Protection Act(PIPA, Korean: 개인정보 보호법)',[2] and is now located in Government Complex Seoul. The Commission is constituted with 9 commissioners and one of them is the Chairperson, who is appointed by the President of South Korea.
The PIPA of South Korea was first enacted in year 2011 to establish general and comprehensive basis for regulation on data protection, overcoming formerly diffused and conflicting regulations around each type of data. The Act also had a goal to form PIPC as integrated apex authority governing over all data protection issues in South Korea. However, each of laws governing specified types of data continued to exist due to several legal issues, so PIPC was launched in 2011 with rather limited power to govern data protection issues. This limited position is reflected in organizational status of PIPC in 2011, as it was not an independent agency, yet rather an advisory panel for Ministry of the Interior and Safety which was in charge of enforcing PIPA at that time.[3]
Later in year 2020, the PIPA was amended to give complete power to PIPC as independent regulatory agency, with power to investigate personal data privacy failure cases and jurisdiction over adjudicating complaints and disputes on personal information.[4] Now under article 7-8 and 7-9 of the PIPA, the PIPC can impose administrative fines. Also by article 7(1), the PIPC is positioned as independent agency under Prime Minister, and article 7(2) guarantees that investigation and adjudication of the PIPC cannot be supervised by the Prime Minister.[2] This new power of the PIPC draws significant attempts to regulate big techs in South Korea. For example, the PIPC fined Facebook $6.1 million in November 2020 for sharing user's personal data without consent.[5] Also in September 2022, the PIPC fined Google $50 million and Meta Platforms $22 million for violating South Korean privacy regulations.[6]
After amendement of the PIPA in 2020, the PIPC is now a 'central administrative agency (Korean: 중앙행정기관)', which is identical status as executive departments of the South Korean government. Among nine commissioners of the PIPC, its Chairperson is treated as one of minister in the government.[7] According to amended article 7-2(2) of the PIPA, both the Chairperson and the vice are only permanent commissioners among nine commissioners, and they are appointed by the President with proposition from the Prime minister. Under article 7-2(2) of the PIPA, other seven non-permanent commissioners are also appointed by the President via following recommendations; two by recommendation of the Chairperson, other two from recommendation of ruling party, and other three from recommendation of opposition parties.[2]