Foreign IT firms ordered to have rep in Korea

Global IT companies in Korea will be obliged to designate local representatives in the country that can communicate with the government and users in case of personal data breaches, starting from today.

The measure comes in line with a government movement to enforce regulations on global IT companies doing business in the country.

“The development of IT information technology has led to the public’s wide usage of international IT communication services,” said the Korea Communications Commission (KCC) in a statement Monday. “Consequently, foreign businesses processing Koreans’ personal data has now become a common practice. … This has raised the need to enforce executive force in case of personal data leaks.”

The new guidelines apply to all IT companies that are not headquartered in Korea, generated more than 1 trillion won ($882 million) in annual sales last year and have more than one million daily users providing personal data. Most big-name IT companies such as Google, Apple and Facebook fall in these boundaries, according to a KCC official.

The representative’s main role will be taking responsibility for protecting users’ personal data. This includes receiving user complaints regarding personal information, informing them in case of data breaches within 24 hours and reporting the case to government offices. They will also function as the main contact point for government offices to request documents or articles when investigating violations of domestic communications law.

The name, address and phone number of the representatives will be disclosed to the public so that users can contact them with inquiries on how their personal information is being used. Companies that refuse to designate a representative will be fined a maximum 20 million won.

“In case of personal data breaches, local companies are easier to reach because we can directly go to their headquarters, but this was not the case for foreign companies,” said the KCC official. “If we have an officially designated contact point, we’ll at least be able to receive documents much easier when we have to and respond to problems much faster.”

The measure comes in response to complaints from local IT companies that global players like Google and Facebook are not subject to domestic laws, despite generating huge profits in the country. They claim this creates reverse discrimination in which local companies are forced to follow stricter rules when it comes to disclosing information or protecting user data.

BY SONG KYOUNG-SON [song.kyoungson@joongang.co.kr]