IT_과학

President Lee Calls for Tougher Penalties on Data Breach Firms

송종호 기자
#DataPrivacy#KoreaPolicy#DataBreach#Coupang#PersonalDataProtection#ClassAction#PresidentLee
President Lee Calls for Tougher Penalties on Data Breach Firms

President Lee Jae-myung on Monday emphasized the need for stronger sanctions against companies that violate personal data protection rules, saying repeated data breaches occur because "penalties are too weak, so companies violate regulations as easily as eating."

"Companies must recognize that violating regulations will result in serious damage," Lee said during a briefing by the Personal Information Protection Commission at Sejong Convention Center in Sejong City. "From now on, if they violate regulations and harm citizens, they should face such severe economic sanctions that they think, 'The company will go bankrupt.'"

"Normally, shouldn't there be an uproar when these regulations are violated?" Lee said. "Right now, it feels like they violate the rules and take an attitude of 'So what are you going to do about it?'"

After being briefed that current regulations allow fines of up to 3% of total revenue for violating companies, Lee called for stronger standards. "Fines of 3% should be based on the highest revenue among the past three years, not the three-year average," he said.

Regarding Coupang's (CPNG) personal data breach incident, Lee noted that "the entire nation is a victim, and if you tell everyone to file individual lawsuits, won't the litigation costs be even higher?" He added that "the introduction of a class action lawsuit system is absolutely necessary."

Meanwhile, Song Kyung-hee, chairman of the Personal Information Protection Commission, reported to President Lee that the commission would impose fines of up to 10% of revenue on companies that leak personal data. Following a series of large-scale data breaches in sectors closely tied to daily life — including retailers such as Coupang and telecom carriers such as SKT and KT — and amid rapid adoption of new technologies including artificial intelligence and cloud computing, the commission plans to fundamentally shift its personal data protection framework away from the current approach centered on post-incident penalties.

← Back to Home