South Korea's National Human Rights Commission has called for a review of the policy mandating facial recognition for mobile phone activation, recommending three improvements to the Ministry of Science and ICT: establishing legal grounds, securing alternative authentication methods, and publishing biometric security inspection results.
The commission stated that biometric data is "sensitive information that is difficult to recover once leaked" and urged institutional improvements "to protect the right to informational self-determination." The policy is scheduled for full implementation on March 23, 2026.
The Ministry of Science and ICT had directed the three major mobile carriers and budget phone operators to add facial authentication to phone activation procedures to eradicate voice phishing and financial fraud crimes using so-called "burner phones." Pilot operations began on December 23 last year, with full adoption planned for March 23. The facial recognition system compares ID photos with real-time facial images on a one-to-one basis, applying to new activations, number transfers, device changes, and ownership transfers.
The commission determined that the policy restricts the right to informational self-determination. If users refuse or fail facial authentication, they cannot access mobile phone services, effectively forcing the provision of sensitive biometric information. Given that mobile phones now function as essential infrastructure for daily life including financial transactions, public services, and mobile identification, the commission concluded this could affect various fundamental rights including freedom of communication, freedom of expression, and the right to information.
The commission also pointed to the absence of legal grounds. Unlike the Immigration Act, which specifies grounds for collecting and using biometric information, or the Electronic Financial Transactions Act, which defines biometric data as an access medium, the Telecommunications Business Act contains no provisions regarding biometric data use—only requiring presentation of "certificates and documents" such as resident registration cards.
Questions were also raised about the policy's effectiveness. The commission noted limitations in blocking burner phone distribution where the registered owner directly participates in activation procedures, such as "durability loans"—where people who have difficulty obtaining bank loans transfer their phone registrations in exchange for partial payment—or activations under corporate names. "Facial authentication is a probabilistic judgment system based on one-to-one comparison with the possibility of misidentification," the commission stated, adding that "it is difficult to rule out circumvention attempts through deepfakes or people with similar appearances."
The commission expressed particular concern that elderly individuals, people with disabilities, and digitally vulnerable groups may face practical restrictions on phone activation due to physical characteristics or limited device operation abilities. "Detailed information on the collection, use, storage, and destruction of biometric data should be explained to the public," the commission added, noting that "regular security inspections should be conducted and the results published to enhance public trust."