trực tiếp bóng đá hôm nay euroSupreme Court Decision 2011Da24555, 24562 Decided May 16, 2013 about Damages

Main Issues and Holdings

[1] trực tiếp bóng đá hôm nay euro meaning of leakage of personal information protected by trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., and in a case where personal information was managed and controlled by a communications service provider and was not accessed or approached by a third party, whether it can be viewed that personal information was leaked simply because trực tiếp bóng đá hôm nay euro third party was in a situation where he/she was capable of accessing personal information stored by trực tiếp bóng đá hôm nay euro provider (negative)

[2] In a case where “C” et al., who are members of “B” corporation (whose mobile communication service provider is “A”) received a temporary ID and password from B for trực tiếp bóng đá hôm nay euro purpose of website system inspection, then following trực tiếp bóng đá hôm nay euro inspection B did not delete trực tiếp bóng đá hôm nay euro ID and password, resulting in a situation where a member’s personal information was transferred from trực tiếp bóng đá hôm nay euro server if his/her mobile phone number was entered into trực tiếp bóng đá hôm nay euro aforementioned website, to which C et al. sought damages from B et al. for leaking personal information, trực tiếp bóng đá hôm nay euro case holding that C et al.’s personal information was not in a situation where they were accessible to third parties for not being under B’s management and control

Summary of Decision

[1] Leakage of personal information protected by trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. refers to a situation where personal information is no longer under trực tiếp bóng đá hôm nay euro relevant communications service provider’s management and control, causing its contents to be accessible to a third party. Thus, a case where a certain personal information is under a communications service provider’s management and control without actually being accessed or approached by a third party does not necessarily reach trực tiếp bóng đá hôm nay euro point where personal information is not under trực tiếp bóng đá hôm nay euro service provider’s control, and thus, accessible to a third party, even if trực tiếp bóng đá hôm nay euro service provider’s technological and management protection measures were insufficient and trực tiếp bóng đá hôm nay euro personal information stored by trực tiếp bóng đá hôm nay euro provider was in a situation where it was accessible to a third party.

[2] “C” et al. who are members of “B” corporation (whose mobile communications service provider is “A”) received a temporary ID and password from B for trực tiếp bóng đá hôm nay euro purpose of website system inspection, then following trực tiếp bóng đá hôm nay euro inspection B did not delete trực tiếp bóng đá hôm nay euro ID and password, leaving trực tiếp bóng đá hôm nay euro members’ personal information vulnerable to being transferred from trực tiếp bóng đá hôm nay euro server at trực tiếp bóng đá hôm nay euro input of his/her mobile phone number into trực tiếp bóng đá hôm nay euro aforementioned website. Against this backdrop, C et al. sought damages from B et al. for leaking personal information. trực tiếp bóng đá hôm nay euro court held that C et al.’s personal information was not accessible to third parties merely for not being under B’s management and control, on trực tiếp bóng đá hôm nay euro following grounds: entering C et al.’s mobile phone number into trực tiếp bóng đá hôm nay euro aforementioned webpage is trực tiếp bóng đá hôm nay euro only way trực tiếp bóng đá hôm nay euro information can be leaked; before any mobile phone number is entered, trực tiếp bóng đá hôm nay euro personal information remains stored in trực tiếp bóng đá hôm nay euro 2G server and cannot be approached; B used its management and control authority to block trực tiếp bóng đá hôm nay euro website and trực tiếp bóng đá hôm nay euro server’s interoperability, thus eliminating trực tiếp bóng đá hôm nay euro possibility of access to and transmission of C et al.’s personal information; and thus, although trực tiếp bóng đá hôm nay euro website and trực tiếp bóng đá hôm nay euro server kept interoperability in this case where no input of phone number in trực tiếp bóng đá hôm nay euro webpage is confirmed, it cannot be viewed that C et al.’s personal information were lost from Defendant B’s control and became accessible to third parties.

Reference Provisions

[1] Articles 3(1), 28(1), and 32 of trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. /

[2] Articles 3(1), 28(1), 32 of trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.

Article 3 of trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (Responsibilities of Providers and Users of Information and Communications Services)

(1) Every provider of information and communications services shall contribute to protection of rights and interests of users and enhancement of abilities to use information by protecting personal information of users and providing information and communications services in a sounder and safer way.

Article 28 of trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (Protective Measures for Personal Information)

(1) Every provider of information and communications services or similar shall, when it handles personal information of users, take trực tiếp bóng đá hôm nay euro following technical and administrative measures in accordance with trực tiếp bóng đá hôm nay euro guidelines prescribed by Presidential Decree to prevent loss, theft, leakage, alteration, or mutilation of personal information:

1. Establishment and implementation of an internal control plan for handling personal information in a safe way;

2. Installation and operation of an access control device, such as a system for blocking intrusion to cut off illegal access to personal information;

3. Measures for preventing fabrication and alteration of access records;

4. Measures for security by using encryption technology and other methods for safe storage and transmission of personal information;

5. Measures for preventing intrusion of computer viruses, including installation and operation of vaccine software;

6. Other protective measures necessary for securing safety of personal information.

Article 32 of trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (Compensation for Damages)

Every user may, if he/she suffers any damage caused by a violation of any provision of this Chapter by a provider of information and communications services or similar, claim trực tiếp bóng đá hôm nay euro provider of information and communications services or similar to compensate for such damage. In such cases, a provider of information and communications services or similar may not be discharged from liability, unless it proves that there was no intentional act nor negligence on its part.

[This Article wholly amended by Act No. 9119, Jun. 13, 2008]

Plaintiff-Appellant As indicated in trực tiếp bóng đá hôm nay euro Plaintiff List (Law Firm Eutteum, Attorney Park Jin-shik, Counsel for plaintiff-appellant)

Defendant-Appellate LG Uplus Co., Ltd. et al. (Attorneys Son Ji-yol et al., Counsel for defendant-appellate)

Judgment of trực tiếp bóng đá hôm nay euro court below Seoul High Court Decision 2009Na 119131, 119148 decided February 10, 2011

Disposition All appeals are dismissed. trực tiếp bóng đá hôm nay euro costs of trực tiếp bóng đá hôm nay euro appeal are assessed against trực tiếp bóng đá hôm nay euro Plaintiffs.

Reasoning

trực tiếp bóng đá hôm nay euro grounds of appeal are examined (to trực tiếp bóng đá hôm nay euro extent of supplement in case of any supplementary appellate briefs not timely filed).

1. Regarding ground of appeal No. 1

Leakage of personal information protected by trực tiếp bóng đá hôm nay euro Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. refers to a situation where personal information is no longer under trực tiếp bóng đá hôm nay euro relevant communications service provider’s management and control, causing its contents to be accessible to a third party. Thus, a case where a certain personal information is under a communications service provider’s management and control without actually being accessed or approached by a third party does not necessarily reach trực tiếp bóng đá hôm nay euro point where personal information is not under trực tiếp bóng đá hôm nay euro service provider’s control, and thus, accessible to a third party, even if trực tiếp bóng đá hôm nay euro service provider’s technological and management protection measures were insufficient and trực tiếp bóng đá hôm nay euro personal information stored by trực tiếp bóng đá hôm nay euro provider was in a situation where it was accessible to a third party.

According to trực tiếp bóng đá hôm nay euro facts finalized by trực tiếp bóng đá hôm nay euro court below and trực tiếp bóng đá hôm nay euro records of this case, trực tiếp bóng đá hôm nay euro following facts are acknowledged. On October 2005, in order to inspect whether trực tiếp bóng đá hôm nay euro M-shop website (“M-shop”) system, interoperable with trực tiếp bóng đá hôm nay euro 2G server of Defendant corporation LG Uplus (“Defendant LG Uplus”), is functioning normally, corporation Codinus (“Codinus”) — Defendant LG Uplus’ Contents Provider (CP) — temporarily provided corporation Feelink (“Feelink”) with Codinus’ ID and password “○○○○○○” which is interoperable with trực tiếp bóng đá hôm nay euro said 2G server; using trực tiếp bóng đá hôm nay euro ID and password, Feelink confirmed that trực tiếp bóng đá hôm nay euro 2G interoperability system was successfully set up, but failed to delete trực tiếp bóng đá hôm nay euro ID and password after inspection, ending up prolonging trực tiếp bóng đá hôm nay euro interoperability between M-shop and trực tiếp bóng đá hôm nay euro 2G server; trực tiếp bóng đá hôm nay euro aforementioned interoperability is organized so that when a certain mobile phone number is entered into M-shop’s “Access Telephone Information” page and sent to trực tiếp bóng đá hôm nay euro 2G server, trực tiếp bóng đá hôm nay euro mobile phone user’s personal information, such as resident registration number, date he/she signed up for trực tiếp bóng đá hôm nay euro phone service, trực tiếp bóng đá hôm nay euro mobile phone model, and mobile phone service provider, is transmitted back from trực tiếp bóng đá hôm nay euro 2G server to M-shop, which can then be viewed by analyzing trực tiếp bóng đá hôm nay euro URL transmitted on March 21, 2008, when Non-Party analyzed M-shop’s “Access Telephone Information” page, made an “Access Mobile Telephone Information” page on his server (URL address omitted), and when trực tiếp bóng đá hôm nay euro resident registration numbers of 583 members of Defendant LG Uplus appeared on screen on March 25, 2008, Defendant LG Uplus had Codinus change trực tiếp bóng đá hôm nay euro password so as to make trực tiếp bóng đá hôm nay euro said personal information inaccessible from M-shop’s “Access Telephone Information” page; trực tiếp bóng đá hôm nay euro Plaintiffs are members of Defendant LG Uplus service; apart from Plaintiff 130 who entered his mobile phone number in M-shop’s “Access Telephone Information” page and had his personal information transmitted, there were no other confirmed cases where any of trực tiếp bóng đá hôm nay euro Plaintiffs’ mobile phone number was entered into M-shop’s “Access Telephone Information” page and his/her personal information were transmitted from Defendant LG Uplus’ 2G server to M-shop.

According to these factual relations, entering Plaintiffs’ mobile phone number into M-shop’s “Access Telephone Information” page and receiving trực tiếp bóng đá hôm nay euro personal information from trực tiếp bóng đá hôm nay euro 2G server is trực tiếp bóng đá hôm nay euro only way trực tiếp bóng đá hôm nay euro information can be leaked; before any mobile phone numbers are entered, trực tiếp bóng đá hôm nay euro personal information remains stored in trực tiếp bóng đá hôm nay euro 2G server and inaccessible; Defendant LG Uplus used its management and control authority to block trực tiếp bóng đá hôm nay euro interoperability between M-shop and trực tiếp bóng đá hôm nay euro 2Gserver, thereby eliminating any possibility of access to and transmission of trực tiếp bóng đá hôm nay euro Plaintiffs’ personal information; even if M-shop and trực tiếp bóng đá hôm nay euro 2G server maintained interoperability, given trực tiếp bóng đá hôm nay euro absence of any confirmed instance of inputting phone number into M-shop’s “Access Telephone Information” page, it cannot be viewed as a situation where trực tiếp bóng đá hôm nay euro Plaintiffs’ personal information was lost from Defendant LG Uplus’ control and became accessible to third parties.

trực tiếp bóng đá hôm nay euro lower court’s determination to trực tiếp bóng đá hôm nay euro same purport is justifiable. Contrary to trực tiếp bóng đá hôm nay euro allegations in trực tiếp bóng đá hôm nay euro grounds of appeal, there were no errors by misapprehending trực tiếp bóng đá hôm nay euro legal principles on trực tiếp bóng đá hôm nay euro leakage of personal information stored by a communications service provider, nor by reasoning insufficiently.

2. Regarding grounds of appeal Nos. 2 to 5

A. As examined above, it cannot be deemed that trực tiếp bóng đá hôm nay euro Plaintiffs’ personal information was leaked through M-shop’s “Access Telephone Information” page. Therefore, trực tiếp bóng đá hôm nay euro grounds of appeal arguing that trực tiếp bóng đá hôm nay euro court below did not acknowledge trực tiếp bóng đá hôm nay euro Plaintiffs’ emotional distress due to trực tiếp bóng đá hôm nay euro leakage is without merit, as it is based on trực tiếp bóng đá hôm nay euro premise that trực tiếp bóng đá hôm nay euro Plaintiffs’ personal information was leaked.

It may be true that trực tiếp bóng đá hôm nay euro Defendants failed to perform their duty to manage and take technological protective measures or to secure safety of personal information, or trespased Defendant educational foundation Soongseon Academy’s 2G server by Codinus provision of M-shop with trực tiếp bóng đá hôm nay euro CP ID and password, its failure to delete them immediately, and there by leaving M-shop and trực tiếp bóng đá hôm nay euro 2G server interoperable for a period. Mowever, inasmuch as trực tiếp bóng đá hôm nay euro Plaintiffs’ personal information leakage through M-shop’s “Access Telephone Information” page cannot be acknowledged, nor can it be viewed that trực tiếp bóng đá hôm nay euro Plaintiffs’ privacy and freedom of personal life were infringed upon. Therefore, trực tiếp bóng đá hôm nay euro lower court’s determination not to grant trực tiếp bóng đá hôm nay euro Plaintiffs’ claim for damages to trực tiếp bóng đá hôm nay euro same purport is justifiable. Contrary to trực tiếp bóng đá hôm nay euro allegation in trực tiếp bóng đá hôm nay euro grounds of appeal, there were no errors of violation of trực tiếp bóng đá hôm nay euro rules of evidence, insufficient or contradictory reasoning, or omission of judgment.

B. While it can be argued that Plaintiffs 130 and 214’s personal information were leaked inasmuch as their resident registration number was accessed via trực tiếp bóng đá hôm nay euro Non-Party’s “Access Mobile Telephone Information” page, they did not appear to have suffered emotional distress to trực tiếp bóng đá hôm nay euro extent of requiring monetary compensation, considering trực tiếp bóng đá hôm nay euro following circumstances known from trực tiếp bóng đá hôm nay euro body of evidence duly admitted by trực tiếp bóng đá hôm nay euro court below: Plaintiffs 130 and 214 are trực tiếp bóng đá hôm nay euro Non-Party’s friends, and Plaintiff 130 first notified trực tiếp bóng đá hôm nay euro Non-Party that resident registration numbers were accessible on trực tiếp bóng đá hôm nay euro “Access Mobile Telephone Information” page; and Plaintiff 214 even filed a petition with trực tiếp bóng đá hôm nay euro investigative agency for trực tiếp bóng đá hôm nay euro Non-Party. Therefore, trực tiếp bóng đá hôm nay euro lower court’s determination to trực tiếp bóng đá hôm nay euro same purport is justifiable. Contrary to trực tiếp bóng đá hôm nay euro allegation in trực tiếp bóng đá hôm nay euro grounds of appeal, there were no errors by misapprehending trực tiếp bóng đá hôm nay euro legal principles on emotional distress caused by trực tiếp bóng đá hôm nay euro leakage of personal information, or by violating trực tiếp bóng đá hôm nay euro rules of evidence, or trực tiếp bóng đá hôm nay euro pleading principle.

3. Regarding ground of appeal No. 6

According to trực tiếp bóng đá hôm nay euro reasoning of trực tiếp bóng đá hôm nay euro judgment below, trực tiếp bóng đá hôm nay euro lower court rejected trực tiếp bóng đá hôm nay euro Plaintiffs’ allegation that Defendant LG Uplus provided trực tiếp bóng đá hôm nay euro Plaintiffs’ personal information to Codinus without consent, thereby infringing upon trực tiếp bóng đá hôm nay euro Plaintiffs’ freedom and privacy of personal life and causing emotional distress, on trực tiếp bóng đá hôm nay euro following grounds: although it is true that Codinus received trực tiếp bóng đá hôm nay euro ID and password giving it access to Defendant LG Uplus’ 2G server, and that trực tiếp bóng đá hôm nay euro server was interoperable with trực tiếp bóng đá hôm nay euro 2G server, rendering vulnerable trực tiếp bóng đá hôm nay euro Plaintiffs’ resident registration numbers stored in trực tiếp bóng đá hôm nay euro 2G server to a possible exposure to Codinus, trực tiếp bóng đá hôm nay euro said identifying numbers were not in fact exposed to Codinus.

Upon examination of trực tiếp bóng đá hôm nay euro matter in light of trực tiếp bóng đá hôm nay euro records, trực tiếp bóng đá hôm nay euro lower court’s such determination is justifiable and acceptable. Contrary to trực tiếp bóng đá hôm nay euro allegation in trực tiếp bóng đá hôm nay euro grounds of appeal, there were no errors by misapprehending trực tiếp bóng đá hôm nay euro legal principles on rights infringement or emotional distress caused by a non-consensual provision of personal information, or by violating trực tiếp bóng đá hôm nay euro rules of evidence.

4. Conclusion

Therefore, all appeals are dismissed, and trực tiếp bóng đá hôm nay euro costs of trực tiếp bóng đá hôm nay euro appeal are assessed against trực tiếp bóng đá hôm nay euro losing party. It is so decided as per Disposition by trực tiếp bóng đá hôm nay euro assent of all participating Justices.

[Appendix] List of Plaintiffs: omitted

Justices

Lee Sang-hoon (Presiding Justice)

Shin Young-chul

Kim Yong-deok

Kim So-young (Justice in charge)