1. Follow-up rules for change in telecom regulatory framework (to take effect in June 2019) clarify requirements for facility-owning or “core” telecom services, but – in a surprise – leave in place a 49% limit on ownership of core enterprises

March: Further to major amendments of the Telecommunications Business Act (TBA) passed December 2019 (reported in our BKL Legal Update at that time) which are set to take effect on June 25, 2019, the Korean government has announced further rules to implement the change-over from a license system to a registration system for telecom services. The Ministry of Science & ICT (MSIT) on March 25, 2019 unveiled the proposed draft for the Presidential Decree (TBA-PD), the prime implementing regulation, stipulating specific requirements in order to qualify as“core” telecom enterprises (those owning their own lines, landing stations and facilities), but re-affirming a 49% ceiling on foreign shareholding in such core enterprises. While at present in proposed draft form, the TBA-PD will likely be adopted as-is ahead of the June 25, 2019 effective date of the amended TBA, barring some unusual turn of events.

Requirements for core enterprise registration: For a core enterprise, under existing law, a license had been required, and the TBA and related regulations, largely silent as to the requirements, left the evaluation up to the wide discretion of the MSIT. However, pursuant to the amended TBA, the TBA-PD will specify the capitalization, technical staffing and other requirements as follows:

** However, these technical staffing requirements don’t apply where an enterprise obtains an allocation of frequency spectrum without having to go through a bidding process (i.e. the requirements don’t apply in case of a segment where there is low competitive interest).* “Large-scale” and “small-scale” are defined in terms of geographical/government regions served. “Large-scale” wired business means that the business installs lines to provide core services spanning either (a) two or more local self-governed areas (towns or provinces), or (b) 5 or more districts (gu) of Seoul, or (c) 5 or more towns in the Gyeonggi-do region (Surrounding Seoul). “Small-scale” means any wired business that is not “large-scale”.

Telecom services using leased facilities: For “special category telecommunications businesses” (SCTB) – the range of telecom and telecom-linked services using leased lines and other leased facilities – the TBA-PD will not lessen or modify the capital, technical staff or other requirements for the required registration of the service. Requirements remain in place as before for the following types of SCTB, for example:

Limits on foreign ownership remain in place: While the amended TBA expressly contemplates at least partial elimination of the existing 49% ceiling on core enterprise ownership (as reported in our December Legal Update), the draft TBA-PD in effect leaves that ceiling in place, without allowing for any specific exceptions. Namely, while the amended TBA indicated that the ceiling would be lifted except only case of some kinds of lines and facilities – implyingthe larger carriers, or where public interest is at stake –, the TBA-PD effectively provides that the ceiling will be maintained in the case of ALL lines and facilities. Thus, as before, investment in telecom carriers is capped at 49%. (However, companies headquartered in Korea free trade agreement (FTA) counterparty jurisdictions, such as the US, Canada and the EU, are permitted to hold over 49% in core enterprises indirectly, through a Korean subsidiary, so long as the subsidiary is seen by the MSIT to satisfy “public interest”, in terms of data security, consumer interests and so forth.)

Ancillary telecom service: The amended TBA provides that enterprises deploying a telecom service in order to primarily engaged in business other than telecom will not be required to obtain a telecom registration, and the draft TBA-PD clarifies the parameters for such a registration-exempt enterprise: It will be deemed to “make ancillary use of core telecom services” where (i) even if the use of the telecom service were eliminated from the product or service offered, the business is still capable of supplying the product or service; and (ii) the telecom service at issue must include communication with a machine or other object, but without the possibility of voice reception / transmission (except in case of emergency). The definition would clearly exclude enterprises offering connected vehicles and connected appliances from the need to obtain telecom registration. While not subject to the registration requirement, an enterprise meeting these criteria will be subject to an obligation to file a relatively simple report.

2. Korean regulators clarify requirements for foreign online service providers including local agent appointment, chief information security officer appointment, and insurance/reserve for data-related liability

February/March: The Korean government on March 19, 2019 announced standards for foreign “IT service providers” (including a wide spectrum of online/connected services) that are required, from the same month of March 2019, to appoint a local agent in Korea for data compliance and regulatory oversight purposes. The standards, which are in follow-up to statutory amendments passed in August 2018 to the IT Networks Act (and are at present in draft, but are likely to be adopted as-is), would require local agent appointment by an offshore IT service provider if, while lacking a presence in Korea, (i) it meets a test of nexus to Korea (involving factors such as Korean user numbers and whether the service is offered in the Korean language); and (ii) it meets criteria of scale of business (including threshold global revenues, Korean IT-related revenues and Korean user numbers). Implicitly, offshore enterprises meeting these criteria (but not only these enterprises) are required to comply with the IT Networks Act in relation to Korean users. The standards lend some clarity to the question of what it means to lack a presence in Korea.

Separately, pursuant to IT Networks Act amendments passed in May 2018, a chief information security officer (CISO) will be required of IT service providers from June 2019, and separate standards unveiled on February 20, 2019 require that the CISO serve only in that capacity if the business satisfies nexus to Korea and any of several criteria of scale. (The CISO also must have minimum data security or IT experience, if the business satisfies those criteria of scale.) Standards announced on February 18, 2019 also specify thresholds, in terms of user numbers and revenue, for requirements (pursuant to the May 2018 statutory amendments) of minimum insurance or reserve against liability for breach of data security rules. The insurance/reserve requirement kicks in from a threshold of just 1,000 users; specific minimum insurance/reserve amounts increasing with user and revenue numbers.

For further details on these standards, taking effect between March and June 2018, please see ourlegal update of April 1, 2019.

3. Korean regulator warns Google, Facebook and other platform services about “unfair” user terms relating to user-uploaded content

March: The Korea Fair Trade Commission (KFTC) on March 14, 2019 issued warnings to Google (including YouTube), Facebook, Naver and Kakao, advising them to modify terms of service deemed by the KFTC to be unfair to users. According to news reports (such as this one), the KFTC took issue with terms of use that it deemed as giving the companies over-broad powers over user-uploaded content, allowing the companies to retain such content even after deletion by the users, or shifting responsibility to users in case of leakage of private information, or inaccuracy/falsehoods in the uploaded contents. The KFTC warnings are seen as possibly the first instance, worldwide, where a fair competition regulator directed the modification of user terms on grounds of the potential for infringement of users’ rights of authorship in uploaded contents.

User terms flagged by the KFTC in its warning notices included Google provisions (i) giving Google broad rights of usage over user-created content; (ii) entitling Google to unilaterally delete contents, cancel accounts or suspend service; (iii) modifying user terms without prior notice; (iv) presuming consent to terms and conditions, collection of private information and so on; and (v) giving Google expansive rights to collect content containing emails and other private information. Offending user terms for Google, Facebook and Kakao included clauses allowing the company to retain and use contents in spite of deletion by the user. Also targeted, among several companies’ terms, were broad disclaimers of liability in case of leakage of personal data, breach of copyright, or false contents. Google and Facebook’s dispute resolution clauses were also found to be unfair, in providing for offshore venues. According to subsequent news reports (such asthis one), As of April 1, Google and Facebook had yet to modify their user terms, while Naver and Kakao had already done so.

The precise KFTC action taken on March 14 was a warning notice, advising each company to reform its user terms. Under Korean law, failure to take the appropriate corrective action pursuant to such a warning within 60 days can lead to an official “order” to take the action; failure to comply with such an order would lead to significant penalties.

4. Fair competition regulator adopts further standards for anticompetitive effect resulting from business combinations in IT and other “innovation sectors”

February: At the end of February 2019, the Korea Fair Trade Commission (KFTC) modified its Examination Standards for Corporate Consolidation, with immediate effect, so as to add standards pertaining to anticompetitive effect in sectors seen as foundations for innovation (semiconductors, IT, AI, biotech and so on) and in relation to information assets. Among other things, the revised standards call for the regulator, in the context of assessing M&A transactions in innovation-driving sectors, to define the relevant markets based on either a relevant area of R&D or other innovative activity, or more broadly so as to encompass manufacture and sale. The standards allow for assessment of market concentration with reference to a special set of factors, including the scale of R&D, assets and capabilities allocated to innovation, number of competitors actually in the innovation segment, and related factors. Further, in assessing the anticompetitive effect of a horizontal business combination in innovation-driving sectors, the regulator will now look to its overall impact on innovation in the sector, including, for example, such factors as the position or role of a company as innovator in that sector, and comparisons among competitors in terms of their level of innovative capacity.

In the context of business combinations involving “information assets” (defined as “aggregations of information” managed, analyzed and used for a “variety of purposes”), the revised standards call for examiners to take account of, among other factors, (i) the (un)availability, for competitors, of substitutes for the information assets acquired by a party through the business combination; (ii) whether the business combination would enhance a party’s ability to curtail competitors’ access to information assets, resulting in an anticompetitive impact; and (iii) whether the combination would tend to retard non-price competition, e.g. by leading a party to the combination to lower standards of service relating collection and usage of information assets.

5. Pending Supreme Court case seen as likely to confirm app service responsibility for enrollment of “gig economy” workers in industrial accident insurance

March: The Supreme Court is revisiting a case that may confirm the obligation of app operators for certain kinds of services to enroll their “gig economy” workers in industrial accident insurance coverage, one of the basic social insurance programs in Korea. The case, brought by a delivery person injured in the course of delivery for a food delivery app, had previously reached the Supreme Court. In an April 2018 decision, the high court reasoned that, while the plaintiff was not an employee by reason of his delivery work, nevertheless he fell within one of the “special type engagement worker” categories – delivery people – that call for enrollment by companies using their services, pursuant to the Industrial Accident Insurance Act. The case had been remanded to the lower court for further determinations, and it has come up again to the Supreme Court. The high court, which started its re-review in March, would seem likely to affirm eligibility of delivery persons for the insurance, requiring contributions by the service operator as well as the worker, unless the worker applies for an exemption.

It is worth noting that the court, in its April 2018 ruling, confirmed that the delivery person was not an employee, at any rate, and there seems no reason for the court to veer from that view this time. Also, while the upcoming decision will be an important development for many of these workers, it will not mean that every such app service must, necessarily, enroll each such worker in the government-coordinated program. A worker may specifically apply for an exemption, and at least some number of them may want to, given the individual contribution portion required in case of enrollment. However, to confirm each worker’s exemption (or to avoid issues later on in case of worker inattention in this regard), a service operator may need to consider offering separate insurance to such workers, as inducement to apply for the exemption from the general program.

6. Organization for gig economy workers launched by labor confederation

The powerful Korean Federation of Service Workers’ Unions (KFSWU) on March 19, 2019 announced it had set up a “Platform Workers Alliance” (or as they put it in English, somewhat loosely, a “Platform Labor Union”) seeking to unite workers engaged by app-based services such as delivery workers and designated drivers. According to reports (such asthis report in the mainstream press, and a report in the Korean labor press), the KFSWU – an affiliate of the second largest labor confederation in Korea (the KCTU) – aims for collective voice and action by gig economy workers so as to secure and advance their interests as workers. The announcement by the KFSWU called attention to lack of benefits and other disadvantages faced by the workers, and the lack of government or public concern shown about their situation, in spite of their fast-swelling numbers. It was not immediately clear how many have joined the organization.

7. Draft bill introduced in National Assembly to impose VAT on inbound B2B online services

March: A lawmaker introduced a bill on March 6, 2019 that, if passed, would expand VAT to B2B services provided from offshore to local enterprises. Already in December 2019, the National Assembly passed amendments to the Value Added Tax Act, set to take effect from July 1, 2019, expanding the range of VAT-assessable online services provided to consumers (B2C, direct-to-consumer services, furnished to PCs, smartphones and the like), as reported in ourLegal Update of December 18, 2018. One of the original sponsors of the December legislation is now proposing a set of further amendments that would extend VAT also to inbound B2B services – cloud computing, online advertising and so. This particular bill, while sponsored by a not uninfluential legislator (with a proposed effective date of July 1, 2019, perhaps only symbolic), is viewed by experts as highly unlikely to pass. The general view is that a legislative effort such as this, to bring foreign online services more broadly under the VAT regime, would need to be supplemented in a variety of ways, in order to have any realistic prospect for passage. However, the proposed bill is a further reminder that a degree of concerted effort is under way, to bring offshore online service providers within the scope of Korean tax rules, largely for the stated purpose of “leveling the playing field” between the foreign companies and local enterprises.

8. Korean tax authorities launch audits of YouTubers

April: As reported in the local press on April 10, 2019 (see e.g.this article in English), the Korean national tax authority has launched audits of a number of high-profile Korean YouTubers. This would mark the first investigations by Korea’s National Tax Service into income received by the individuals through their YouTube activity, including advertising and sale of products. The popular YouTubers targeted, including (unnamed) entertainment figures and pro athletes among others, are thought to receive payments directly to their specified bank accounts from YouTube operator Google, without registering as businesses or otherwise reporting the income. (The earnings would not necessarily come on the financial or foreign exchange control radar in Korea: Single remittances not exceeding USD 10,000 are not particularly flagged in the Bank of Korea’s current system of monitoring.) The action by the tax agency would appear to signal a renewed effort to impose tax reporting discipline in a sector of online services that has to a large degree “fallen between the cracks” due to misalignment or lag in the existing regulatory system.