Picking a law firm in Korea has been the topic of a number of articles and books. In Chapter 30 of his book, Doing Business in Korea, Tom Coyner describes the trials and tribulations of picking the right law firm in Korea. He opines that some (if not many) domestic and international lawyers are commercially incompetent, as many Korean attorneys fail to appreciate the commercial context in which they offer counsel. In his Korean Law Blog, Sean Hayes has also written about the importance of selecting a commercially competent lawyer when looking for counsel in Korea.

Failure of appreciating or understanding the commercial environment in which one operates is not unique to Korean lawyers. I’ve witnessed firsthand lawyers in other jurisdictions, including the US, act as if they were giving legal advice inside a vacuum. However, I firmly believe that Korean law schools which, until recently, failed to emphasize the commercial/international nature of legal practice in Korea, are partly to blame. As Korea’s economy is primarily export driven, the legal market is less competitive than in other jurisdictions in Asia, such as Hong Kong and Singapore, which are known for producing internationally focused lawyers schooled in common law.

Be that as it may, picking the right law firm in Korea is like picking a law firm in other jurisdictions. It is up to the manager or in-house counsel to meet with Korean lawyers and determine if they are a good fit. One should ask plenty of questions, get referrals, and look at trade journals and publications to get an idea of which firms are known for their international expertise.

Remember, in Korea, be particularly careful as only a handful of firms dominate the legal market.  

I will blog more on picking law firms and law firm management in the future.

South Korea has taken data protection very seriously and has implemented a general data protection law: the Personal Information Protection Act, PIPA. Amended in 2016, PIPA places strict requirements on data privacy in sectors such as IT networks, credit card information, cloud computing, and online advertising.

The 2016 amendments were in response to the 2014 credit card scandal when three major credit card companies faced a massive data breach. Korean data privacy laws, as well as regulations and guidelines, have all been tightened in an attempt to prevent a reoccurrence of such a scandal. There will always be a risk of unauthorized access to data unless companies and governmental agencies implement and continuously update risk management processes. There have been many changes to Korea’s main data privacy law, PIPA, as well as to specific industry-related data privacy laws and regulations over the last few years. Some are listed below.

PIPA

1. Collection of information: information and communications service providers, ICSPs, are limited from collecting more than the absolute minimum level of privacy-related information from users, regardless of whether they obtain the user's consent or not.
2. Report of Data Breach: there is a 24-hour deadline in reporting a data breach to the Korea Communications Commission (KCC).
3. Increased Administrative Penalties: administrative penalties for the collection or processing of personal information without the user's consent have been increased. The penalty has now increased to 3% of annual turnover.
4. Chief Privacy Officer: ICSPs who meet certain criteria are required to designate a Chief Privacy Officer (CPO) and report such designation to the Ministry of Science, ICT & Future Planning.

Cloud Computing

1. The 2015 Cloud Computing Act specifically identifies personal data and seeks to protect it. The Cloud Computing Act stipulates that PIPA applies with respect to protecting data of users of cloud computing services.
2. Cloud computing service providers (CCSPs) are required to notify users of any cybersecurity incident, cloud data leakages, and service interruptions. They must also notify the Ministry of Science, ICT & Future Planning if cloud data is leaked.

Act on Promotion and Communications Network Utilization and Information Protection

1. The Network Act was amended to provide that any ICSP must obtain prior informed consent from the user if it needs to access certain data stored on a user’s smartphone.
2. Furthermore, an ICSP may not refuse to provide smartphone services to the user based on the user’s refusal to provide consent to the ICSP to access its data.
3. If the CPO of an ICSP becomes aware of a violation of the data protection/privacy laws or regulations, the CPO must take steps to remedy the situation and also report the violation.

Online Behavioral Advertising Guidelines

1. On February 7, 2017, the Korean Communications Commission (KCC) set forth guidelines on privacy and online behavioral advertising to promote a healthy advertising ecosystem by minimizing the risk of privacy invasion users might experience as a result of being targeted by online advertisers. The guidelines have taken effect in July 2017.
2. The guidelines contain a number of requirements including (i) transparency in the collection and use of online behavioral data of the users, (ii) guaranteed right to control exposure to online targeted ads, (iii) guaranteed security of online behavioral data by online advertisers, and (iv) strengthened mechanisms giving users the right of redress.

It is clear that the regulatory trend for data protection in Korea focuses on increased accountability for the collection, storage, and use of personal information and data. Basically, stricter requirements have been placed on financial institutions and credit card companies. Compliance with PIPA and other regulations will become very important as more and more penalties and fines are levied against those who fail to comply. Other countries in Asia are also increasing or strengthening data protection laws, but that topic requires another blog down the road.

For those doing business in Korea or wanting to do business in Korea, it helps to have an understanding of the local antitrust laws and regulations. To begin with, the Korean antitrust regime is governed by the Monopoly Regulations and Fair Trade Act (MRFTA) of 1981. Like in the US and other jurisdictions, the MRFTA‘s goal is to promote free and fair competition. Currently, the MRFTA is used as a tool to curb the monopolistic behavior of Korean multinationals (Chaebols) and to help accelerate good corporate governance. Currently, Korea is using the MRFTA to help establish a “level playing field” for businesses.  

Main features of MRFTA

The main features of the MRFTA are as follows:

• To make the market share more efficiently by preventing the formation of monopolistic behavior;
• Enforcement of the MRFTA through regulations of the Korea Fair Trade Commission (KFTC);
• Prevention of certain abusive acts by prohibiting acts that (i) unreasonably control the sale of commodities and services; (ii) interfere with the business activities of others; (iii) unreasonably alter prices; and (iv) substantially lessen or restrict competition.

Why Implement an Audit?

Currently, the KFTC is planning to take strong initiatives in order to strengthen its enforcement capacity under the MRFTA. It plans on increasing its regulations concerning cartels, review of supplier-distributorship issues, abuse of dominance penalties, and review of superior bargaining issues and concerns. Therefore, it is recommended that companies conduct a more thorough antitrust compliance audit.

Remember: companies should implement a comprehensive audit in order to cover all antitrust issues in Korea because of:

• Continuous expansion of antitrust regulations by the KFTC and the Prosecutor’s Office;
  
• Increased financial and legal risks on the personal level relating to violations of antitrust laws;
  
• Increased criminal penalty risks on executives and employees;
  
• More sanctions and exposure to derivative actions.

I will be blogging more about this in the future.

Like directors in the US and elsewhere, directors in Korean companies have fiduciary-related duties. Such duties are set forth in the Korean Commercial Code and include:

• Duty of Care as a prudent manager
• Duty of Confidentiality
• Fiduciary Duty - the Duty of loyalty

Duty of Care

In Korea, if a director violates the duty of care as a good manager (including the duty to faithfully perform in the company’s best interest) he or she may be held liable to the company or even to third parties and could be required to pay damages. Under Article 382-3 of the Korean Commercial Code, a director’s duty of care and good faith encompasses a number of duties including the:

• Duty to review the company’s activities
• Duty to review corporate information and documents
• Duty to protect a company’s assets
• Duty to supervise and oversee employees
• Duty to review all major filings with regulatory agencies

Criminal Liability

A director may even be subject to criminal liability as well as civil liability upon the negligent failure of fulfilling the obligation of care. In Korea, directors have usually been prosecuted for negligence involving financial issues of the company. A failure to protect a company’s assets by refusing to obtain the requisite insurance or agreeing to contracts that put the company in jeopardy (without seeking legal advice, etc)  can definitely lead to prosecution. Liability may be found in other instances when the director fails to fulfill the duty of care and loyalty by:

• Intentional neglect or negligence in performing duties
• The failure to manage affairs as “an ordinary prudent person”
• Endangering company assets through gross negligence

A director needs to proceed with caution and acknowledge the fiduciary duties that he or she has agreed to by becoming a director in the first place.

There are many kinds of risks facing companies on a daily basis.  Geo-political risk is definitely one of them and it is a major risk that companies and countries alike must navigate.

The geo-political risks in greater Asia have long been overshadowed by the risks facing us here on the Korean peninsula.  Ever since the end of the Korean War, South Korea has faced an enemy to the north whose sole purpose was the unification of the Korean peninsula under the aegis of North Korea. After the inter-Korean summit between Moon Jae In and Kim Jung Un, in which North and South Korea pledged an end to hostilities and to push for denuclearization, the risks on the Korean peninsula have abated, right? Perhaps not.

President Moon Jae In has long called for peace on the peninsula.  But at what cost? Does this peace include the US leaving the peninsula?  What does denuclearization really mean? North Korea has in the past claimed that it will only give up its nuclear weapons if  the US leaves the Korean peninsula

It appears that the US and Japan’s hard line against North Korea may have resulted in Kim Jung Un and Moon Jae In’s inter-Korean summit, but the summit has also resulted in differing state goals for South Korea and the US.  It is highly possible that North Korea has achieved its goal of driving a wedge between the US and South Korean, something that it has long wanted to do. So where does this leave us?

Some may remember the “Peace for Our Time” by Neville Chamberlain speech prior to WWII.  Are we facing another “peace in our time” moment? Or are all the parties sincerely trying to solve the geopolitical risks in the region?

After more than six months of review, the KFTC Task Force issued its final recommendations for improving Korea’s competitive legal enforcement system.  Recommendations covered three main areas: (i) Administrative Enforcement, (ii) Civil Enforcement, and (iii) Criminal Enforcement.

Administrative Enforcement

The Task Force announced in its interim report that it was looking at increasing monetary penalties. In the Final Report the Task Force reiterated its recommendation to double the surcharge rate.  Therefore, in a cartel case, the maximum surcharge would increase from 10% of the volume of commerce to 20% of the volume of commerce. Administrative fines for “Act of Dominance” violations would increase from 3% to 6% and penalties for “Unfair Trade Practices” would increase from 2% to 4%.

Civil Enforcement

In the area of civil enforcement, the Task Force had looked at a number of issues including individual / including  increasing punitive damages (to up to treble damages), as well as the right to bring class actions. Though agreeing in principle to certain changes, the Task Force could not agree upon the scope of the recommendations.

Injunctive Relief

Regarding the adoption of the right to private injunctive relief, the Task Force agreed in principle but could not agree upon the scope.  Some members of the Task Force wanted the right to injunctive relief to apply only in the Unfair Practices area while others wanted it to be available in all cases involving antitrust violations.

Punitive Damages

Regarding damages, the Task Force agreed to recommendations allowing the introduction of punitive damages of up to three times (treble damages) but could not agree upon the scope.

Criminal Enforcement

In its Final Report, the Task Force looked at changing the current exclusive referral system, whereby the KFTC  exercises the exclusive right to refer cases for prosecution to the Prosecutor’s Office. The Task Force agreed of abandoning the exclusive referral system should be abandoned. However, as some antitrust or competition violations require a competition analysis (including economic analysis) , the Task Force wants the maintain the KFTC’s exclusively refer cases for prosecution under the MRFTA to continue, while recommending that exclusive referral rights involving certain form based violations (violations of the Franchise Act, Subcontractor Act, etc.) be repealed.

Conclusion

Though the Task Force considered a number of minor issues regarding proposed changes to the current competition regime in Korea, the above mentioned recommendations reflect the major changes that have been considered.  Though there was some agreement as to the direction of administrative, civil and criminal enforcement, differences of opinion still remain. Therefore, it will take longer to implement the proposed changes.