Please read the Korean original here.
The Resident registration number, designed to be easily collected and used by the Private Company, is Unconstitutional!
Designating telecommunication companies as identification institutions is completion of information surveillance system targeting the citizens.
Opennet filed a constitutional complaint against Article 23-2(1)1of Act on Promotion of Information and Communications Network Utilization and Information Protection that allowed information and communication service providers to collect resident registration numbers(RRNs). KT, according to this act, is able to collect RRNs as an ‘identification institution’ and the claimant of constitutional complaint is a customer of KT whose personal information was leaked during KT’s mass leakage of 12 million customers’ information on last March.
It is obvious that personal information accumulated by the authority can lead to an unconstitutional surveillance system. Information self-determination is a basic right guaranteed by the constitution to protect the citizens from such threats. Personal identification numbers are assigned by the government for administrative purposes and such system carries the danger of being abused as an easy access to the aggregated data of each person’s various aspects of private life. The government authority is always prone to the temptation of utilizing this information to establish omnidirectional surveillance system. To prevent such violation of constitutional right, private sector should be kept from collecting RRNs and creating links of personal information with the RRNs
Many countries prohibit private sector from collecting or using the identification numbers. In some countries, for a business to require identification numbers from the customers is punishable. Korea, too, seems to be prohibiting collection of identification numbers such as RRNs. But the reality is completely different. There are 866 statutes ‘exceptionally’ allowing businesses to collect identification numbers. (From the Ministry of Security and Public Administration total in January 2014). Article 23-2(1)1 of Act on Promotion of Information and Communications Network Utilization and Information Protection is an example of these exceptive clauses.
In 2012, the constitutional court declared real-name policy unconstitutional and Central Election Management Committee formally announced its decision to remove identification clause of Public Official Election Act. Statutes such as Juvenile Protection Act does include regulations requiring age validation, but such statutes does not provide technical, political, or economic justification for allowing businesses to collect the RRNs. Collecting the RRNs do not have strong technical relevance to the actual identification. Allowing telecommunications companies to collect RRNs only enforces information surveillance system by relating all personal information regarding telecommunication to the RRNs without serving the purpose of identification.
Series of mass personal information leakage bankrupted the validity of the RRN system. The National Assembly should stop its negligence and protect the citizens by repealing the other articles of Act on Promotion of Information and Communications Network Utilization and Information Protection (Article 23-3, 23-4) that allows the government to designate businesses as identification institutions.