[Communication Sales Mediation] To what extent is the communication sales mediator's obligation to provide personal information lawful?

Article posted in 2025-04-04 17:26:53 | VEAT

Law firm Veat received a request from telecommunications sales intermediary A (hereinafter "Client") to provide legal advice regarding the obligation to provide personal information of the telecommunications sales intermediary applicant.

As the e-commerce market expands, the legal obligations of telecommunications sales intermediaries and telecommunications sales intermediaries are becoming increasingly important. In particular, telecommunications sales intermediaries are obligated to provide the information of the telecommunications sales intermediary applicant to consumers under certain conditions in accordance with the Electronic Commerce Act. A particularly problematic area is related to the ‘collection and provision of personal information of the telecommunications sales intermediary applicant.’

Differences depending on whether the telecommunications sales intermediary applicant is a business or a non-business entity

Paragraph 2 of Article 20 of the "Act on Consumer Protection in Electronic Commerce" (hereinafter "Electronic Commerce Act") imposes an obligation on telecommunications sales intermediaries to collect and provide information about the telecommunications sales intermediary applicant (the party who requested the telecommunications sales intermediary service) within a certain scope to consumers.

- When the telecommunications sales intermediary applicant is a business

When the telecommunications sales intermediary applicant is a business, the telecommunications sales intermediary must provide the consumer with the name (if the business entity is a corporation, the name of the corporation and the name of the representative), address, date of birth, email address, telephone number, and information that can be verified for telecommunications business registration.

- When the telecommunications sales intermediary applicant is a non-business entity

When the telecommunications sales intermediary applicant is a non-business entity, the telecommunications sales intermediary must verify the name, date of birth, address, telephone number, and email address of the telecommunications sales intermediary applicant and provide a method for the parties involved in the transaction to view this information. Therefore, unlike when the telecommunications sales intermediary applicant is a business, when a telecommunications sales intermediary performs intermediary services for a non-business telecommunications sales intermediary applicant and a consumer, the telecommunications sales intermediary does not legally obligated to provide the consumer with the personal information of the non-business applicant, such as address.

However, even when a telecommunications sales intermediary has transacted with a non-business telecommunications sales intermediary applicant, it is obligated to provide a method for viewing this information when a consumer requests information about that telecommunications sales intermediary applicant. Therefore, it appears that there is a need to collect personal information of the non-business telecommunications sales intermediary applicant in order to indirectly or directly provide the applicant's personal information in response to a consumer’s request for information about the transaction partner.

Obligation of telecommunications sales intermediaries to comply with the Personal Information Protection Act

Telecommunications sales intermediaries must use the personal information collected from the telecommunications sales intermediary applicant only within the scope of fulfilling legal obligations, collect only the minimum amount of information, and clearly establish criteria for storage and deletion.

How to minimize legal risks by collecting personal information?

When a telecommunications sales intermediary collects information from a telecommunications sales intermediary applicant, it may collect personal information as defined in the "Personal Information Protection Act." Therefore, telecommunications sales intermediaries must comply with the Personal Information Protection Act throughout the entire process from the point of collection to storage, use, and destruction.

Telecommunications sales intermediaries must follow the procedures stipulated in the Personal Information Protection Act when collecting personal information from the telecommunications sales intermediary applicant. Particularly, they must clearly define the purpose of collection and scope of use, considering the obligation to provide information upon consumer review, and may be liable if used beyond the scope stipulated by law. Also, separate protection measures may be necessary if there is a possibility of collecting unique identifiers. It is desirable to set the information provision method in advance in anticipation of consumer requests.

Practical considerations for telecommunications sales intermediaries

The following are practical considerations for telecommunications sales intermediaries to properly collect and manage information of non-business telecommunications sales intermediaries.

Preparation of service terms and conditions and personal information processing policy

It is necessary to prepare service terms and conditions and a personal information processing policy. The purpose of collection and use of personal information, retention period, possibility of disclosure, and matters related to the telecommunications sales intermediary applicant's personal information processing must be clearly stated.

Establishment of information request process

It is also important to establish an information request process. Because the telecommunications sales intermediary must provide the information of the telecommunications sales intermediary applicant in accordance with what is stipulated by law when a consumer requests it, a procedure for internally reviewing requests when information requests are received, and adopting appropriate procedures for personal information protection must be established.

Establishment of secure storage and deletion procedures

Secure storage and deletion procedures for personal information must be established. Thoroughly manage the server where information is stored and access permissions, and take measures such as safely deleting unnecessary personal information after a certain period.

Continuous checks for legal compliance

Continuous checks for legal compliance are necessary. Policies and systems should be periodically checked to reflect amendments to the Personal Information Protection Act, Electronic Commerce Act, and other relevant laws, and internal processes should be modified or supplemented as needed.

As the e-commerce market continues to change, telecommunications sales intermediaries must develop strategies to balance legal obligations and personal information protection to secure consumer trust and minimize legal risks.

Law firm Veat provides various practical support, such as design of personal information collection and processing policies, preparation of terms and conditions, and establishment of dispute resolution systems. We will be a practical partner for companies who want to secure both legal stability and operational efficiency of telecommunications sales intermediary platforms.

If you need legal advice regarding personal information and related matters during telecommunications sales intermediary services or telecommunications business operations, please feel free to contact Law firm Veat.

This case study can also be viewed on the Law firm Veat blog.

- [Telecommunications sales intermediary] What is the limit of lawful obligation for personal information provision of telecommunications sales intermediary applicant?

Thank you.

Law firm Veat