Warning: Minor Smartphone Spying Law Now Comes into Force
The Enforcement Decree of the amended Telecommunications Business Act (the “Decree”) was promulgated on April 14 and both the Decree and its parent Telecommunications Act (the “Act”) ccomes into force on April 16. The Decree was proposed by the Korea Communications Commission (KCC) and it created two Internet monitoring provisions that are unconstitutional; the first one requiring all telecoms and web operators to affirmatively cull out obscene material, called “Wanking Ban Law” in pejorative, popular jargon, and the second one requiring all telecoms to plant parental control software in all phones sold to minors under 19 years old.
To be specific about the second, “Minor Smartphone Spying Law,” Article 32-7(2) of the Act empowers the Presidential Decree (i.e. KCC) to prescribe methods and procedures necessary to implement the law and Article 37-8 of the Decree states as follows:
Article 37-8 (Methods and Procedures for Providing Means to Block Media Products Harmful to Juveniles, etc.)
(1) According to Article 32-7(1) of the Act, a telecommunication business operator entering into a contract on telecommunications service with a juvenile under the Juvenile Protection Act must provide means to block the juvenile’s access to the media products harmful to juveniles under the Juvenile Protection Act and the illegal obscene information under Article 44-7(1)1 of the ICNA (“Information harmful to juveniles”) through the telecommunication service on the juvenile’s mobile communications device such as a software blocking information harmful to juveniles.
(2) Procedures prescribed below must be followed when providing the blocking means under (1):
1. At the point of signing the contract:
a. Notification to the juvenile and his/her legal representative regarding types and features of the blocking means; and
b. Check on the installation of the blocking means.
2. After closing the contract: Monthly notification to the legal representative if the blocking means was deleted or had not been operated for more than 15 days.
According to the Decree, telecoms are not only required to provide spying apps such as Smart Sheriff (distributed for free by the government) but to check the installation of the app and keep monitoring the app’s operation in the minor’s smartphone. The app is supposed to block all material “harmful to juveniles” from reaching the minor user.
The Decree is unconstitutional as it infringes on children’s privacy and parental rights, increases the risk of data breach, and overburdens both the business and the parents.
1. Grave Invasion on Children’s Privacy and Parental Rights
At the point of signing the contract, the seller must notify both the minor and the legal representative, normally the parents, about what apps are available and what they do. The Decree could stop here, but it went further to compel the seller to check whether the app is installed. Here lies a serious infringement on parental rights as the Decree does not allow the parent to refuse the installation. The Decree just assumes or forces the consent of the parent and thereby ignores the parent who does not approve the app for privacy reasons or technical concerns. Then the Decree further compels the seller to monitor the phone to ensure that the app is always active. This is a grave invasion on the minor’s privacy, and it becomes a nightmare for there are three parties spying on the minor. According to the KCC’s impact report on the Decree, the monitoring process involves four participants: when the minor inactivates the app, the app sends signals to the app developer, then the developer notifies the information to the telco who finally sends notification to the parent.
2. Risk of Data Breach and Burden on Parents and Business
Smart Sheriff and other similar parental control software enable various monitoring and controlling on the use of the smartphone. In the process, the software accumulates information such as the length of Internet usage, the websites visited, and contents of SNS that’s been received and sent. On top of that, in Korea, all phone numbers are personally identifiable as telecommunication subscription is allowed only on a real name basis. Therefore, the telecoms and the software developers inevitably collect and share personal information including the notorious RRN of both the minor and the parent, sharply increasing the risk of data breach. Moreover, the law is mute on how the cost of installing and using the app is allocated. Although the KCC announced that the telecoms will be advised to provide free Smart Sheriff, it acknowledged that the government app will eventually be replaced by other paid private apps. The government puts too much burden on the business cost of which will definitely shift to the parents.
The law has other equally serious concerns on top of the aforementioned problems such as the overbroad concept of “harmful to juveniles.” Open Net demands that the KCC change the law or provide a reasonable guideline before Open Net takes legal actions.
Please read the Korean original here.