Archivos de la etiqueta: authentication

12Nov/24

American Data Privacy and Protection Act. (ADPPA)

American Data Privacy and Protection Act. (ADPPA). House of Representatives 8152, 117th Congress 2021-2022). June 21, 2022. Reported in House 12/30/2022. Union Calendar nº 488

Union Calendar No. 488

117th CONGRESS

2d Session

H. R. 8152

[Report No. 117–669]

To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.

IN THE HOUSE OF REPRESENTATIVES

June 21, 2022

Mr. Pallone (for himself, Mrs. Rodgers of Washington, Ms. Schakowsky, and Mr. Bilirakis) introduced the following bill; which was referred to the Committee on Energy and Commerce

December 30, 2022

Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed

[Strike out all after the enacting clause and insert the part printed in italic][For text of introduced bill, see copy of bill as introduced on June 21, 2022]

A BILL

To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title; table of contents.

(a) Short title.—This Act may be cited as the “American Data Privacy and Protection Act”.

(b) Table of contents.—The table of contents of this Act is as follows:

Sec. 1. Short title; table of contents.

Sec. 2. Definitions.

TITLE I—DUTY OF LOYALTY

Sec. 101. Data minimization.

Sec. 102. Loyalty duties.

Sec. 103. Privacy by design.

Sec. 104. Loyalty to individuals with respect to pricing.

TITLE II—CONSUMER DATA RIGHTS

Sec. 201. Consumer awareness.

Sec. 202. Transparency.

Sec. 203. Individual data ownership and control.

Sec. 204. Right to consent and object.

Sec. 205. Data protections for children and minors.

Sec. 206. Third-party collecting entities.

Sec. 207. Civil rights and algorithms.

Sec. 208. Data security and protection of covered data.

Sec. 209. Small business protections.

Sec. 210. Unified opt-out mechanisms.

TITLE III—CORPORATE ACCOUNTABILITY

Sec. 301. Executive responsibility.

Sec. 302. Service providers and third parties.

Sec. 303. Technical compliance programs.

Sec. 304. Commission approved compliance guidelines.

Sec. 305. Digital content forgeries.

TITLE IV—ENFORCEMENT, APPLICABILITY, AND MISCELLANEOUS

Sec. 401. Enforcement by the Federal Trade Commission.

Sec. 402. Enforcement by States.

Sec. 403. Enforcement by persons.

Sec. 404. Relationship to Federal and State laws.

Sec. 405. Severability.

Sec. 406. COPPA.

Sec. 407. Authorization of appropriations.

Sec. 408. Effective date.

SEC. 2. Definitions.

In this Act:

(1) AFFIRMATIVE EXPRESS CONSENT.—

(A) IN GENERAL.—The term “affirmative express consent” means an affirmative act by an individual that clearly communicates the individual’s freely given, specific, and unambiguous authorization for an act or practice after having been informed, in response to a specific request from a covered entity that meets the requirements of subparagraph (B).

(B) REQUEST REQUIREMENTS.—The requirements of this subparagraph with respect to a request from a covered entity to an individual are the following:

(i) The request is provided to the individual in a clear and conspicuous standalone disclosure made through the primary medium used to offer the covered entity’s product or service, or only if the product or service is not offered in a medium that permits the making of the request under this paragraph, another medium regularly used in conjunction with the covered entity’s product or service.

(ii) The request includes a description of the processing purpose for which the individual’s consent is sought and—

(I) clearly states the specific categories of covered data that the covered entity shall collect, process, and transfer necessary to effectuate the processing purpose; and

(II) includes a prominent heading and is written in easy-to-understand language that would enable a reasonable individual to identify and understand the processing purpose for which consent is sought and the covered data to be collected, processed, or transferred by the covered entity for such processing purpose.

(iii) The request clearly explains the individual’s applicable rights related to consent.

(iv) The request is made in a manner reasonably accessible to and usable by individuals with disabilities.

(v) The request is made available to the individual in each covered language in which the covered entity provides a product or service for which authorization is sought.

(vi) The option to refuse consent shall be at least as prominent as the option to accept, and the option to refuse consent shall take the same number of steps or fewer as the option to accept.

(vii) Processing or transferring any covered data collected pursuant to affirmative express consent for a different processing purpose than that for which affirmative express consent was obtained shall require affirmative express consent for the subsequent processing purpose.

(C) EXPRESS CONSENT REQUIRED.—A covered entity may not infer that an individual has provided affirmative express consent to an act or practice from the inaction of the individual or the individual’s continued use of a service or product provided by the covered entity.

(D) PRETEXTUAL CONSENT PROHIBITED.—A covered entity may not obtain or attempt to obtain the affirmative express consent of an individual through—

(i) the use of any false, fictitious, fraudulent, or materially misleading statement or representation; or

(ii) the design, modification, or manipulation of any user interface with the purpose or substantial effect of obscuring, subverting, or impairing a reasonable individual’s autonomy, decision making, or choice to provide such consent or any covered data.

(2) AUTHENTICATION.—The term “authentication” means the process of verifying an individual or entity for security purposes.

(3) BIOMETRIC INFORMATION.—

(A) IN GENERAL.—The term “biometric information” means any covered data generated from the technological processing of an individual’s unique biological, physical, or physiological characteristics that is linked or reasonably linkable to an individual, including—

(i) fingerprints;

(ii) voice prints;

(iii) iris or retina scans;

(iv) facial or hand mapping, geometry, or templates; or

(v) gait or personally identifying physical movements.

(B) EXCLUSION.—The term “biometric information” does not include—

(i) a digital or physical photograph;

(ii) an audio or video recording; or

(iii) data generated from a digital or physical photograph, or an audio or video recording, that cannot be used to identify an individual.

(4) COLLECT; COLLECTION.—The terms “collect” and “collection” mean buying, renting, gathering, obtaining, receiving, accessing, or otherwise acquiring covered data by any means.

(5) COMMISSION.—The term “Commission” means the Federal Trade Commission.

(6) CONTROL.—The term “control” means, with respect to an entity—

(A) ownership of, or the power to vote, more than 50 percent of the outstanding shares of any class of voting security of the entity;

(B) control over the election of a majority of the directors of the entity (or of individuals exercising similar functions); or

(C) the power to exercise a controlling influence over the management of the entity.

(7) COVERED ALGORITHM.—The term “covered algorithm” means a computational process that uses machine learning, natural language processing, artificial intelligence techniques, or other computational processing techniques of similar or greater complexity and that makes a decision or facilitates human decision-making with respect to covered data, including to determine the provision of products or services or to rank, order, promote, recommend, amplify, or similarly determine the delivery or display of information to an individual.

(8) COVERED DATA.—

(A) IN GENERAL.—The term “covered data” means information that identifies or is linked or reasonably linkable, alone or in combination with other information, to an individual or a device that identifies or is linked or reasonably linkable to an individual, and may include derived data and unique persistent identifiers.

(B) EXCLUSIONS.—The term “covered data” does not include—

(i) de-identified data;

(ii) employee data;

(iii) publicly available information; or

(iv) inferences made exclusively from multiple independent sources of publicly available information that do not reveal sensitive covered data with respect to an individual.

(C) EMPLOYEE DATA DEFINED.—For purposes of subparagraph (B), the term “employee data” means—

(i) information relating to a job applicant collected by a covered entity acting as a prospective employer of such job applicant in the course of the application, or hiring process, if such information is collected, processed, or transferred by the prospective employer solely for purposes related to the employee’s status as a current or former job applicant of such employer;

(ii) information processed by an employer relating to an employee who is acting in a professional capacity for the employer, provided that such information is collected, processed, or transferred solely for purposes related to such employee’s professional activities on behalf of the employer;

(iii) the business contact information of an employee, including the employee’s name, position or title, business telephone number, business address, or business email address that is provided to an employer by an employee who is acting in a professional capacity, if such information is collected, processed, or transferred solely for purposes related to such employee’s professional activities on behalf of the employer;

(iv) emergency contact information collected by an employer that relates to an employee of that employer, if such information is collected, processed, or transferred solely for the purpose of having an emergency contact on file for the employee and for processing or transferring such information in case of an emergency; or

(v) information relating to an employee (or a spouse, dependent, other covered family member, or beneficiary of such employee) that is necessary for the employer to collect, process, or transfer solely for the purpose of administering benefits to which such employee (or spouse, dependent, other covered family member, or beneficiary of such employee) is entitled on the basis of the employee’s position with that employer.

(9) COVERED ENTITY.—

(A) IN GENERAL.—The term “covered entity”—

(i) means any entity or any person, other than an individual acting in a non-commercial context, that alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data and—

(I) is subject to the Federal Trade Commission Act (15 U.S.C. 41 et seq.);

(II) is a common carrier subject to the Communications Act of 1934 (47 U.S.C. 151 et seq.) and all Acts amendatory thereof and supplementary thereto; or

(III) is an organization not organized to carry on business for its own profit or that of its members; and

(ii) includes any entity or person that controls, is controlled by, or is under common control with the covered entity.

(B) EXCLUSIONS.—The term “covered entity” does not include—

(i) a Federal, State, Tribal, territorial, or local government entity such as a body, authority, board, bureau, commission, district, agency, or political subdivision of the Federal Government or a State, Tribal, territorial, or local government;

(ii) a person or an entity that is collecting, processing, or transferring covered data on behalf of a Federal, State, Tribal, territorial, or local government entity, in so far as such person or entity is acting as a service provider to the government entity; or

(iii) an entity that serves as a congressionally designated nonprofit, national resource center, and clearinghouse to provide assistance to victims, families, child-serving professionals, and the general public on missing and exploited children issues.

(C) NON-APPLICATION TO SERVICE PROVIDERS.—An entity shall not be considered to be a covered entity for purposes of this Act in so far as the entity is acting as a service provider (as defined in paragraph (29)).

(10) COVERED LANGUAGE.—The term “covered language” means the ten languages with the most users in the United States, according to the most recent United States Census.

(11) COVERED MINOR.—The term “covered minor” means an individual under the age of 17.

(12) DE-IDENTIFIED DATA.—The term “de-identified data” means information that does not identify and is not linked or reasonably linkable to a distinct individual or a device, regardless of whether the information is aggregated, and if the covered entity or service provider—

(A) takes reasonable technical measures to ensure that the information cannot, at any point, be used to re-identify any individual or device that identifies or is linked or reasonably linkable to an individual;

(B) publicly commits in a clear and conspicuous manner—

(i) to process and transfer the information solely in a de-identified form without any reasonable means for re-identification; and

(ii) to not attempt to re-identify the information with any individual or device that identifies or is linked or reasonably linkable to an individual; and

(C) contractually obligates any person or entity that receives the information from the covered entity or service provider—

(i) to comply with all of the provisions of this paragraph with respect to the information; and

(ii) to require that such contractual obligations be included contractually in all subsequent instances for which the data may be received.

(13) DERIVED DATA.—The term “derived data” means covered data that is created by the derivation of information, data, assumptions, correlations, inferences, predictions, or conclusions from facts, evidence, or another source of information or data about an individual or an individual’s device.

(14) DEVICE.—The term “device” means any electronic equipment capable of collecting, processing, or transferring covered data that is used by one or more individuals.

(15) EMPLOYEE.—The term “employee” means an individual who is an employee, director, officer, staff member individual working as an independent contractor that is not a service provider, trainee, volunteer, or intern of an employer, regardless of whether such individual is paid, unpaid, or employed on a temporary basis.

(16) EXECUTIVE AGENCY.—The “Executive agency” has the meaning given such term in section 105 of title 5, United States Code.

(17) FIRST PARTY ADVERTISING OR MARKETING.—The term “first party advertising or marketing” means advertising or marketing conducted by a first party either through direct communications with a user such as direct mail, email, or text message communications, or advertising or marketing conducted entirely within the first-party context, such as in a physical location operated by the first party, or on a web site or app operated by the first party.

(18) GENETIC INFORMATION.—The term “genetic information” means any covered data, regardless of its format, that concerns an individual’s genetic characteristics, including—

(A) raw sequence data that results from the sequencing of the complete, or a portion of the, extracted deoxyribonucleic acid (DNA) of an individual; or

(B) genotypic and phenotypic information that results from analyzing raw sequence data described in subparagraph (A).

(19) INDIVIDUAL.—The term “individual” means a natural person residing in the United States.

(20) KNOWLEDGE.—

(A) IN GENERAL.—The term “knowledge” means—

(i) with respect to a covered entity that is a covered high-impact social media company, the entity knew or should have known the individual was a covered minor;

(ii) with respect to a covered entity or service provider that is a large data holder, and otherwise is not a covered high-impact social media company, that the covered entity knew or acted in willful disregard of the fact that the individual was a covered minor; and

(iii) with respect to a covered entity or service provider that does not meet the requirements of clause (i) or (ii), actual knowledge.

(B) COVERED HIGH-IMPACT SOCIAL MEDIA COMPANY.—For purposes of this paragraph, the term “covered high-impact social media company” means a covered entity that provides any internet-accessible platform where—

(i) such covered entity generates $3,000,000,000 or more in annual revenue;

(ii) such platform has 300,000,000 or more monthly active users for not fewer than 3 of the preceding 12 months on the online product or service of such covered entity; and

(iii) such platform constitutes an online product or service that is primarily used by users to access or share, user-generated content.

(21) LARGE DATA HOLDER.—

(A) IN GENERAL.—The term “large data holder” means a covered entity or service provider that, in the most recent calendar year—

(i) had annual gross revenues of $250,000,000 or more; and

(ii) collected, processed, or transferred—

(I) the covered data of more than 5,000,000 individuals or devices that identify or are linked or reasonably linkable to 1 or more individuals, excluding covered data collected and processed solely for the purpose of initiating, rendering, billing for, finalizing, completing, or otherwise collecting payment for a requested product or service; and

(II) the sensitive covered data of more than 200,000 individuals or devices that identify or are linked or reasonably linkable to 1 or more individuals.

(B) EXCLUSIONS.—The term “large data holder” does not include any instance in which the covered entity or service provider would qualify as a large data holder solely on the basis of collecting or processing—

(i) personal email addresses;

(ii) personal telephone numbers; or

(iii) log-in information of an individual or device to allow the individual or device to log in to an account administered by the covered entity or service provider.

(C) REVENUE.—For purposes of determining whether any covered entity or service provider is a large data holder, the term “revenue”, with respect to any covered entity or service provider that is not organized to carry on business for its own profit or that of its members—

(i) means the gross receipts the covered entity or service provider received, in whatever form, from all sources, without subtracting any costs or expenses; and

(ii) includes contributions, gifts, grants, dues or other assessments, income from investments, and proceeds from the sale of real or personal property.

(22) MARKET RESEARCH.—The term “market research” means the collection, processing, or transfer of covered data as reasonably necessary and proportionate to investigate the market for or marketing of products, services, or ideas, where the covered data is not—

(A) integrated into any product or service;

(B) otherwise used to contact any individual or individual’s device; or

(C) used to advertise or market to any individual or individual’s device.

(23) MATERIAL.—The term “material” means, with respect to an act, practice, or representation of a covered entity (including a representation made by the covered entity in a privacy policy or similar disclosure to individuals) involving the collection, processing, or transfer of covered data, that such act, practice, or representation is likely to affect a reasonable individual’s decision or conduct regarding a product or service.

(24) PRECISE GEOLOCATION INFORMATION.—

(A) IN GENERAL.—The term “precise geolocation information” means information that is derived from a device or technology that reveals the past or present physical location of an individual or device that identifies or is linked or reasonably linkable to 1 or more individuals, with sufficient precision to identify street level location information of an individual or device or the location of an individual or device within a range of 1,850 feet or less.

(B) EXCLUSION.—The term “precise geolocation information” does not include geolocation information identifiable or derived solely from the visual content of a legally obtained image, including the location of the device that captured such image.

(25) PROCESS.—The term “process” means to conduct or direct any operation or set of operations performed on covered data, including analyzing, organizing, structuring, retaining, storing, using, or otherwise handling covered data.

(26) PROCESSING PURPOSE.—The term “processing purpose” means a reason for which a covered entity or service provider collects, processes, or transfers covered data that is specific and granular enough for a reasonable individual to understand the material facts of how and why the covered entity or service provider collects, processes, or transfers the covered data.

(27) PUBLICLY AVAILABLE INFORMATION.—

(A) IN GENERAL.—The term “publicly available information” means any information that a covered entity or service provider has a reasonable basis to believe has been lawfully made available to the general public from—

(i) Federal, State, or local government records, if the covered entity collects, processes, and transfers such information in accordance with any restrictions or terms of use placed on the information by the relevant government entity;

(ii) widely distributed media;

(iii) a website or online service made available to all members of the public, for free or for a fee, including where all members of the public, for free or for a fee, can log in to the website or online service;

(iv) a disclosure that has been made to the general public as required by Federal, State, or local law; or

(v) the visual observation of the physical presence of an individual or a device in a public place, not including data collected by a device in the individual’s possession.

(B) CLARIFICATIONS; LIMITATIONS.—

(i) AVAILABLE TO ALL MEMBERS OF THE PUBLIC.—For purposes of this paragraph, information from a website or online service is not available to all members of the public if the individual who made the information available via the website or online service has restricted the information to a specific audience.

(ii) OTHER LIMITATIONS.—The term “publicly available information” does not include—

(I) any obscene visual depiction (as defined in section 1460 of title 18, United States Code);

(II) any inference made exclusively from multiple independent sources of publicly available information that reveals sensitive covered data with respect to an individual;

(III) biometric information;

(IV) publicly available information that has been combined with covered data;

(V) genetic information, unless otherwise made available by the individual to whom the information pertains as described in clause (ii) or (iii) of subparagraph (A); or

(VI) intimate images known to be nonconsensual.

(28) SENSITIVE COVERED DATA.—

(A) IN GENERAL.—The term “sensitive covered data” means the following types of covered data:

(i) A government-issued identifier, such as a Social Security number, passport number, or driver’s license number, that is not required by law to be displayed in public.

(ii) Any information that describes or reveals the past, present, or future physical health, mental health, disability, diagnosis, or healthcare condition or treatment of an individual.

(iii) A financial account number, debit card number, credit card number, or information that describes or reveals the income level or bank account balances of an individual, except that the last four digits of a debit or credit card number shall not be deemed sensitive covered data.

(iv) Biometric information.

(v) Genetic information.

(vi) Precise geolocation information.

(vii) An individual’s private communications such as voicemails, emails, texts, direct messages, or mail, or information identifying the parties to such communications, voice communications, video communications, and any information that pertains to the transmission of such communications, including telephone numbers called, telephone numbers from which calls were placed, the time calls were made, call duration, and location information of the parties to the call, unless the covered entity or a service provider acting on behalf of the covered entity is the sender or an intended recipient of the communication. Communications are not private for purposes of this clause if such communications are made from or to a device provided by an employer to an employee insofar as such employer provides conspicuous notice that such employer may access such communications.

(viii) Account or device log-in credentials, or security or access codes for an account or device.

(ix) Information identifying the sexual behavior of an individual in a manner inconsistent with the individual’s reasonable expectation regarding the collection, processing, or transfer of such information.

(x) Calendar information, address book information, phone or text logs, photos, audio recordings, or videos, maintained for private use by an individual, regardless of whether such information is stored on the individual’s device or is accessible from that device and is backed up in a separate location. Such information is not sensitive for purposes of this paragraph if such information is sent from or to a device provided by an employer to an employee insofar as such employer provides conspicuous notice that it may access such information.

(xi) A photograph, film, video recording, or other similar medium that shows the naked or undergarment-clad private area of an individual.

(xii) Information revealing the video content requested or selected by an individual collected by a covered entity that is not a provider of a service described in section 102(4). This clause does not include covered data used solely for transfers for independent video measurement.

(xiii) Information about an individual when the covered entity or service provider has knowledge that the individual is a covered minor.

(xiv) An individual’s race, color, ethnicity, religion, or union membership.

(xv) Information identifying an individual’s online activities over time and across third party websites or online services.

(xvi) Any other covered data collected, processed, or transferred for the purpose of identifying the types of covered data listed in clauses (i) through (xv).

(B) RULEMAKING.—The Commission may commence a rulemaking pursuant to section 553 of title 5, United States Code, to include in the definition of “sensitive covered data” any other type of covered data that may require a similar level of protection as the types of covered data listed in clauses (i) through (xvi) of subparagraph (A) as a result of any new method of collecting, processing, or transferring covered data.

(29) SERVICE PROVIDER.—

(A) IN GENERAL.—The term “service provider” means a person or entity that—

(i) collects, processes, or transfers covered data on behalf of, and at the direction of, a covered entity or a Federal, State, Tribal, territorial, or local government entity; and

(ii) receives covered data from or on behalf of a covered entity or a Federal, State, Tribal, territorial, or local government entity.

(B) TREATMENT WITH RESPECT TO SERVICE PROVIDER DATA.—A service provider that receives service provider data from another service provider as permitted under this Act shall be treated as a service provider under this Act with respect to such data.

(30) SERVICE PROVIDER DATA.—The term “service provider data” means covered data that is collected or processed by or has been transferred to a service provider by or on behalf of a covered entity, a Federal, State, Tribal, territorial, or local government entity, or another service provider for the purpose of allowing the service provider to whom such covered data is transferred to perform a service or function on behalf of, and at the direction of, such covered entity or Federal, State, Tribal, territorial, or local government entity.

(31) STATE.—The term “State” means any of the 50 States, the District of Columbia, the Commonwealth of Puerto Rico, the Virgin Islands of the United States, Guam, American Samoa, or the Commonwealth of the Northern Mariana Islands.

(32) STATE PRIVACY AUTHORITY.—The term “State privacy authority” means—

(A) the chief consumer protection officer of a State; or

(B) a State consumer protection agency with expertise in data protection, including the California Privacy Protection Agency.

(33) SUBSTANTIAL PRIVACY RISK.—The term “substantial privacy risk” means the collection, processing, or transfer of covered data in a manner that may result in any reasonably foreseeable substantial physical injury, economic injury, highly offensive intrusion into the privacy expectations of a reasonable individual under the circumstances, or discrimination on the basis of race, color, religion, national origin, sex, or disability.

(34) TARGETED ADVERTISING.—The term “targeted advertising”—

(A) means presenting to an individual or device identified by a unique identifier, or groups of individuals or devices identified by unique identifiers, an online advertisement that is selected based on known or predicted preferences, characteristics, or interests associated with the individual or a device identified by a unique identifier; and

(B) does not include—

(i) advertising or marketing to an individual or an individual’s device in response to the individual’s specific request for information or feedback;

(ii) contextual advertising, which is when an advertisement is displayed based on the content in which the advertisement appears and does not vary based on who is viewing the advertisement; or

(iii) processing covered data solely for measuring or reporting advertising or content, performance, reach, or frequency, including independent measurement.

(35) THIRD PARTY.—The term “third party”—

(A) means any person or entity, including a covered entity, that—

(i) collects, processes, or transfers covered data that the person or entity did not collect directly from the individual linked or linkable to such covered data; and

(ii) is not a service provider with respect to such data; and

(B) does not include a person or entity that collects covered data from another entity if the 2 entities are related by common ownership or corporate control, but only if a reasonable consumer’s reasonable expectation would be that such entities share information.

(36) THIRD-PARTY COLLECTING ENTITY.—

(A) IN GENERAL.—The term “third-party collecting entity”—

(i) means a covered entity whose principal source of revenue is derived from processing or transferring covered data that the covered entity did not collect directly from the individuals linked or linkable to the covered data; and

(ii) does not include a covered entity insofar as such entity processes employee data collected by and received from a third party concerning any individual who is an employee of the third party for the sole purpose of such third party providing benefits to the employee.

(B) PRINCIPAL SOURCE OF REVENUE DEFINED.—For purposes of this paragraph, the term “principal source of revenue” means, for the prior 12-month period, either—

(i) more than 50 percent of all revenue of the covered entity; or

(ii) obtaining revenue from processing or transferring the covered data of more than 5,000,000 individuals that the covered entity did not collect directly from the individuals linked or linkable to the covered data.

(C) NON-APPLICATION TO SERVICE PROVIDERS.—An entity may not be considered to be a third-party collecting entity for purposes of this Act if the entity is acting as a service provider.

(37) THIRD PARTY DATA.—The term “third party data” means covered data that has been transferred to a third party.

(38) TRANSFER.—The term “transfer” means to disclose, release, disseminate, make available, license, rent, or share covered data orally, in writing, electronically, or by any other means.

(39) UNIQUE PERSISTENT IDENTIFIER.—The term “unique identifier”—

(A) means an identifier to the extent that such identifier is reasonably linkable to an individual or device that identifies or is linked or reasonably linkable to 1 or more individuals, including a device identifier, Internet Protocol address, cookie, beacon, pixel tag, mobile ad identifier, or similar technology, customer number, unique pseudonym, user alias, telephone number, or other form of persistent or probabilistic identifier that is linked or reasonably linkable to an individual or device; and

(B) does not include an identifier assigned by a covered entity for the specific purpose of giving effect to an individual’s exercise of affirmative express consent or opt-outs of the collection, processing, and transfer of covered data pursuant to section 204 or otherwise limiting the collection, processing, or transfer of such information.

(40) WIDELY DISTRIBUTED MEDIA.—The term “widely distributed media” means information that is available to the general public, including information from a telephone book or online directory, a television, internet, or radio program, the news media, or an internet site that is available to the general public on an unrestricted basis, but does not include an obscene visual depiction (as defined in section 1460 of title 18, United States Code).

TITLE I—Duty of Loyalty

SEC. 101. Data minimization.

(a) In general.—A covered entity may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate to—

(1) provide or maintain a specific product or service requested by the individual to whom the data pertains; or

(2) effect a purpose permitted under subsection (b).

(b) Permissible purposes.—A covered entity may collect, process, or transfer covered data for any of the following purposes if the collection, processing, or transfer is limited to what is reasonably necessary and proportionate to such purpose:

(1) To initiate, manage, or complete a transaction or fulfill an order for specific products or services requested by an individual, including any associated routine administrative, operational, and account-servicing activity such as billing, shipping, delivery, storage, and accounting.

(2) With respect to covered data previously collected in accordance with this Act, notwithstanding this exception—

(A) to process such data as necessary to perform system maintenance or diagnostics;

(B) to develop, maintain, repair, or enhance a product or service for which such data was collected;

(C) to conduct internal research or analytics to improve a product or service for which such data was collected;

(D) to perform inventory management or reasonable network management;

(E) to protect against spam; or

(F) to debug or repair errors that impair the functionality of a service or product for which such data was collected.

(3) To authenticate users of a product or service.

(4) To fulfill a product or service warranty.

(5) To prevent, detect, protect against, or respond to a security incident. For purposes of this paragraph, security is defined as network security and physical security and life safety, including an intrusion or trespass, medical alerts, fire alarms, and access control security.

(6) To prevent, detect, protect against, or respond to fraud, harassment, or illegal activity. For purposes of this paragraph, the term “illegal activity” means a violation of a Federal, State, or local law punishable as a felony or misdemeanor that can directly harm.

(7) To comply with a legal obligation imposed by Federal, Tribal, local, or State law, or to investigate, establish, prepare for, exercise, or defend legal claims involving the covered entity or service provider.

(8) To prevent an individual, or group of individuals, from suffering harm where the covered entity or service provider believes in good faith that the individual, or group of individuals, is at risk of death, serious physical injury, or other serious health risk.

(9) To effectuate a product recall pursuant to Federal or State law.

(10) (A) To conduct a public or peer-reviewed scientific, historical, or statistical research project that—

(i) is in the public interest; and

(ii) adheres to all relevant laws and regulations governing such research, including regulations for the protection of human subjects, or is excluded from criteria of the institutional review board.

(B) Not later than 18 months after the date of enactment of this Act, the Commission should issue guidelines to help covered entities ensure the privacy of affected users and the security of covered data, particularly as data is being transferred to and stored by researchers. Such guidelines should consider risks as they pertain to projects using covered data with special considerations for projects that are exempt under part 46 of title 45, Code of Federal Regulations (or any successor regulation) or are excluded from the criteria for institutional review board review.

(11) To deliver a communication that is not an advertisement to an individual, if the communication is reasonably anticipated by the individual within the context of the individual’s interactions with the covered entity.

(12) To deliver a communication at the direction of an individual between such individual and one or more individuals or entities.

(13) To transfer assets to a third party in the context of a merger, acquisition, bankruptcy, or similar transaction when the third party assumes control, in whole or in part, of the covered entity’s assets, only if the covered entity, in a reasonable time prior to such transfer, provides each affected individual with—

(A) a notice describing such transfer, including the name of the entity or entities receiving the individual’s covered data and their privacy policies as described in section 202; and

(B) a reasonable opportunity to withdraw any previously given consents in accordance with the requirements of affirmative express consent under this Act related to the individual’s covered data and a reasonable opportunity to request the deletion of the individual’s covered data, as described in section 203.

(14) To ensure the data security and integrity of covered data, as described in section 208.

(15) With respect to covered data previously collected in accordance with this Act, a service provider acting at the direction of a government entity, or a service provided to a government entity by a covered entity, and only insofar as authorized by statute, to prevent, detect, protect against or respond to a public safety incident, including trespass, natural disaster, or national security incident. This paragraph does not permit, however, the transfer of covered data for payment or other valuable consideration to a government entity.

(16) With respect to covered data collected in accordance with this Act, notwithstanding this exception, to process such data as necessary to provide first party advertising or marketing of products or services provided by the covered entity for individuals who are not-covered minors.

(17) With respect to covered data previously collected in accordance with this Act, notwithstanding this exception and provided such collection, processing, and transferring otherwise complies with the requirements of this Act, including section 204(c), to provide targeted advertising.

(c) Guidance.—The Commission shall issue guidance regarding what is reasonably necessary and proportionate to comply with this section. Such guidance shall take into consideration—

(1) the size of, and the nature, scope, and complexity of the activities engaged in by, the covered entity, including whether the covered entity is a large data holder, nonprofit organization, covered entity meeting the requirements of section 209, third party, or third-party collecting entity;

(2) the sensitivity of covered data collected, processed, or transferred by the covered entity;

(3) the volume of covered data collected, processed, or transferred by the covered entity; and

(4) the number of individuals and devices to which the covered data collected, processed, or transferred by the covered entity relates.

(d) Deceptive marketing of a product or service.—A covered entity or service provider may not engage in deceptive advertising or marketing with respect to a product or service offered to an individual.

(e) Journalism.—Nothing in this Act shall be construed to limit or diminish First Amendment freedoms guaranteed under the Constitution.

SEC. 102. Loyalty duties.

Notwithstanding section 101 and unless an exception applies, with respect to covered data, a covered entity or service provider may not—

(1) collect, process, or transfer a Social Security number, except when necessary to facilitate an extension of credit, authentication, fraud and identity fraud detection and prevention, the payment or collection of taxes, the enforcement of a contract between parties, or the prevention, investigation, or prosecution of fraud or illegal activity, or as otherwise required by Federal, State, or local law;

(2) collect or process sensitive covered data, except where such collection or processing is strictly necessary to provide or maintain a specific product or service requested by the individual to whom the covered data pertains, or is strictly necessary to effect a purpose enumerated in paragraphs (1) through (12) and (14) through (15) of section 101(b);

(3) transfer an individual’s sensitive covered data to a third party, unless—

(A) the transfer is made pursuant to the affirmative express consent of the individual;

(B) the transfer is necessary to comply with a legal obligation imposed by Federal, State, Tribal, or local law, or to establish, exercise, or defend legal claims;

(C) the transfer is necessary to prevent an individual from imminent injury where the covered entity believes in good faith that the individual is at risk of death, serious physical injury, or serious health risk;

(D) with respect to covered data collected in accordance with this Act, notwithstanding this exception, a service provider acting at the direction of a government entity, or a service provided to a government entity by a covered entity, and only insofar as authorized by statute, the transfer is necessary to prevent, detect, protect against or respond to a public safety incident including trespass, natural disaster, or national security incident. This paragraph does not permit, however, the transfer of covered data for payment or other valuable consideration to a government entity;

(E) in the case of the transfer of a password, the transfer is necessary to use a designated password manager or is to a covered entity for the exclusive purpose of identifying passwords that are being re-used across sites or accounts;

(F) in the case of the transfer of genetic information, the transfer is necessary to perform a medical diagnosis or medical treatment specifically requested by an individual, or to conduct medical research in accordance with conditions of section 101(b)(10); or

(G) to transfer assets in the manner described in paragraph (13) of section 101(b); or

(4) in the case of a provider of broadcast television service, cable service, satellite service, streaming media service, or other video programming service described in section 713(h)(2) of the Communications Act of 1934 (47 U.S.C. 613(h)(2)), transfer to an unaffiliated third party covered data that reveals the video content or services requested or selected by an individual from such service, except with the affirmative express consent of the individual or pursuant to one of the permissible purposes enumerated in paragraphs (1) through (15) of section 101(b).

SEC. 103. Privacy by design.

(a) Policies, practices, and procedures.—A covered entity and a service provider shall establish, implement, and maintain reasonable policies, practices, and procedures that reflect the role of the covered entity or service provider in the collection, processing, and transferring of covered data and that—

(1) consider applicable Federal laws, rules, or regulations related to covered data the covered entity or service provider collects, processes, or transfers;

(2) identify, assess, and mitigate privacy risks related to covered minors (including, if applicable, with respect to a covered entity that is not an entity meeting the requirements of section 209, in a manner that considers the developmental needs of different age ranges of covered minors) to result in reasonably necessary and proportionate residual risk to covered minors;

(3) mitigate privacy risks, including substantial privacy risks, related to the products and services of the covered entity or the service provider, including in the design, development, and implementation of such products and services, taking into account the role of the covered entity or service provider and the information available to it; and

(4) implement reasonable training and safeguards within the covered entity and service provider to promote compliance with all privacy laws applicable to covered data the covered entity collects, processes, or transfers or covered data the service provider collects, processes, or transfers on behalf of the covered entity and mitigate privacy risks, including substantial privacy risks, taking into account the role of the covered entity or service provider and the information available to it.

(b) Factors to consider.—The policies, practices, and procedures established by a covered entity and a service provider under subsection (a), shall correspond with, as applicable—

(1) the size of the covered entity or the service provider and the nature, scope, and complexity of the activities engaged in by the covered entity or service provider, including whether the covered entity or service provider is a large data holder, nonprofit organization, entity meeting the requirements of section 209, third party, or third-party collecting entity, taking into account the role of the covered entity or service provider and the information available to it;

(2) the sensitivity of the covered data collected, processed, or transferred by the covered entity or service provider;

(3) the volume of covered data collected, processed, or transferred by the covered entity or service provider;

(4) the number of individuals and devices to which the covered data collected, processed, or transferred by the covered entity or service provider relates; and

(5) the cost of implementing such policies, practices, and procedures in relation to the risks and nature of the covered data.

(c) Commission guidance.—Not later than 1 year after the date of enactment of this Act, the Commission shall issue guidance as to what constitutes reasonable policies, practices, and procedures as required by this section. The Commission shall consider unique circumstances applicable to nonprofit organizations, to entities meeting the requirements of section 209, and to service providers.

SEC. 104. Loyalty to individuals with respect to pricing.

(a) Retaliation through service or pricing prohibited.—A covered entity may not retaliate against an individual for exercising any of the rights guaranteed by the Act, or any regulations promulgated under this Act, including denying goods or services, charging different prices or rates for goods or services, or providing a different level of quality of goods or services.

(b) Rules of construction.—Nothing in subsection (a) may be construed to—

(1) prohibit the relation of the price of a service or the level of service provided to an individual to the provision, by the individual, of financial information that is necessarily collected and processed only for the purpose of initiating, rendering, billing for, or collecting payment for a service or product requested by the individual;

(2) prohibit a covered entity from offering a different price, rate, level, quality or selection of goods or services to an individual, including offering goods or services for no fee, if the offering is in connection with an individual’s voluntary participation in a bona fide loyalty program;

(3) require a covered entity to provide a bona fide loyalty program that would require the covered entity to collect, process, or transfer covered data that the covered entity otherwise would not collect, process, or transfer;

(4) prohibit a covered entity from offering a financial incentive or other consideration to an individual for participation in market research;

(5) prohibit a covered entity from offering different types of pricing or functionalities with respect to a product or service based on an individual’s exercise of a right under section 203(a)(3); or

(6) prohibit a covered entity from declining to provide a product or service insofar as the collection and processing of covered data is strictly necessary for such product or service.

(c) Bona fide loyalty program defined.—For purposes of this section, the term “bona fide loyalty program” includes rewards, premium features, discount or club card programs.

TITLE II—Consumer Data Rights

SEC. 201. Consumer awareness.

(a) In general.—Not later than 90 days after the date of enactment of this Act, the Commission shall publish, on the public website of the Commission, a webpage that describes each provision, right, obligation, and requirement of this Act, listed separately for individuals and for covered entities and service providers, and the remedies, exemptions, and protections associated with this Act, in plain and concise language and in an easy-to-understand manner.

(b) Updates.—The Commission shall update the information published under subsection (a) on a quarterly basis as necessitated by any change in law, regulation, guidance, or judicial decisions.

(c) Accessibility.—The Commission shall publish the information required to be published under subsection (a) in the ten languages with the most users in the United States, according to the most recent United States Census.

SEC. 202. Transparency.

(a) In general.—Each covered entity shall make publicly available, in a clear, conspicuous, not misleading, and easy-to-read and readily accessible manner, a privacy policy that provides a detailed and accurate representation of the data collection, processing, and transfer activities of the covered entity.

(b) Content of privacy policy.—A covered entity or service provider shall have a privacy policy that includes, at a minimum, the following:

(1) The identity and the contact information of—

(A) the covered entity or service provider to which the privacy policy applies (including the covered entity’s or service provider’s points of contact and generic electronic mail addresses, as applicable for privacy and data security inquiries); and

(B) any other entity within the same corporate structure as the covered entity or service provider to which covered data is transferred by the covered entity.

(2) The categories of covered data the covered entity or service provider collects or processes.

(3) The processing purposes for each category of covered data the covered entity or service provider collects or processes.

(4) Whether the covered entity or service provider transfers covered data and, if so, each category of service provider and third party to which the covered entity or service provider transfers covered data, the name of each third-party collecting entity to which the covered entity or service provider transfers covered data, and the purposes for which such data is transferred to such categories of service providers and third parties or third-party collecting entities, except for a transfer to a governmental entity pursuant to a court order or law that prohibits the covered entity or service provider from disclosing such transfer, except for transfers to governmental entities pursuant to a court order or law that prohibits the covered entity from disclosing the transfer.

(5) The length of time the covered entity or service provider intends to retain each category of covered data, including sensitive covered data, or, if it is not possible to identify that timeframe, the criteria used to determine the length of time the covered entity or service provider intends to retain categories of covered data.

(6) A prominent description of how an individual can exercise the rights described in this Act.

(7) A general description of the covered entity’s or service provider’s data security practices.

(8) The effective date of the privacy policy.

(9) Whether or not any covered data collected by the covered entity or service provider is transferred to, processed in, stored in, or otherwise accessible to the People’s Republic of China, Russia, Iran, or North Korea.

(c) Languages.—The privacy policy required under subsection (a) shall be made available to the public in each covered language in which the covered entity or service provider—

(1) provides a product or service that is subject to the privacy policy; or

(2) carries out activities related to such product or service.

(d) Accessibility.—The covered entity or service provider shall also provide the disclosures under this section in a manner that is reasonably accessible to and usable by individuals with disabilities.

(e) Material changes.—

(1) AFFIRMATIVE EXPRESS CONSENT.—If a covered entity makes a material change to its privacy policy or practices, the covered entity shall notify each individual affected by such material change before implementing the material change with respect to any prospectively collected covered data and, except as provided in paragraphs (1) through (15) of section 101(b), provide a reasonable opportunity for each individual to withdraw consent to any further materially different collection, processing, or transfer of previously collected covered data under the changed policy.

(2) NOTIFICATION.—The covered entity shall take all reasonable electronic measures to provide direct notification regarding material changes to the privacy policy to each affected individual, in each covered language in which the privacy policy is made available, and taking into account available technology and the nature of the relationship.

(3) CLARIFICATION.—Nothing in this section may be construed to affect the requirements for covered entities under section 102 or 204.

(4) LOG OF MATERIAL CHANGES.—Each large data holder shall retain copies of previous versions of its privacy policy for at least 10 years beginning after the date of enactment of this Act and publish them on its website. Such large data holder shall make publicly available, in a clear, conspicuous, and readily accessible manner, a log describing the date and nature of each material change to its privacy policy over the past 10 years. The descriptions shall be sufficient for a reasonable individual to understand the material effect of each material change. The obligations in this paragraph shall not apply to any previous versions of a large data holder’s privacy policy, or any material changes to such policy, that precede the date of enactment of this Act.

(f) Short-form notice to consumers by large data holders.—

(1) IN GENERAL.—In addition to the privacy policy required under subsection (a), a large data holder that is a covered entity shall provide a short-form notice of its covered data practices in a manner that is—

(A) concise, clear, conspicuous, and not misleading;

(B) readily accessible to the individual, based on what is reasonably anticipated within the context of the relationship between the individual and the large data holder;

(C) inclusive of an overview of individual rights and disclosures to reasonably draw attention to data practices that may reasonably be unexpected to a reasonable person or that involve sensitive covered data; and

(D) no more than 500 words in length.

(2) RULEMAKING.—The Commission shall issue a rule pursuant to section 553 of title 5, United States Code, establishing the minimum data disclosures necessary for the short-form notice required under paragraph (1), which shall not exceed the content requirements in subsection (b) and shall include templates or models of short-form notices.

SEC. 203. Individual data ownership and control.

(a) Access to, and correction, deletion, and portability of, covered data.—In accordance with subsections (b) and (c), a covered entity shall provide an individual, after receiving a verified request from the individual, with the right to—

(1) access—

(A) in a human-readable format that a reasonable individual can understand and download from the internet, the covered data (except covered data in a back-up or archival system) of the individual making the request that is collected, processed, or transferred by the covered entity or any service provider of the covered entity within the 24 months preceding the request;

(B) the categories of any third party, if applicable, and an option for consumers to obtain the names of any such third party as well as and the categories of any service providers to whom the covered entity has transferred for consideration the covered data of the individual, as well as the categories of sources from which the covered data was collected; and

(C) a description of the purpose for which the covered entity transferred the covered data of the individual to a third party or service provider;

(2) correct any verifiable substantial inaccuracy or substantially incomplete information with respect to the covered data of the individual that is processed by the covered entity and instruct the covered entity to make reasonable efforts to notify all third parties or service providers to which the covered entity transferred such covered data of the corrected information;

(3) delete covered data of the individual that is processed by the covered entity and instruct the covered entity to make reasonable efforts to notify all third parties or service provider to which the covered entity transferred such covered data of the individual’s deletion request; and

(4) to the extent technically feasible, export to the individual or directly to another entity the covered data of the individual that is processed by the covered entity, including inferences linked or reasonably linkable to the individual but not including other derived data, without licensing restrictions that limit such transfers in—

(A) a human-readable format that a reasonable individual can understand and download from the internet; and

(B) a portable, structured, interoperable, and machine-readable format.

(b) Individual autonomy.—A covered entity may not condition, effectively condition, attempt to condition, or attempt to effectively condition the exercise of a right described in subsection (a) through—

(1) the use of any false, fictitious, fraudulent, or materially misleading statement or representation; or

(2) the design, modification, or manipulation of any user interface with the purpose or substantial effect of obscuring, subverting, or impairing a reasonable individual’s autonomy, decision making, or choice to exercise such right.

(c) Timing.—

(1) IN GENERAL.—Subject to subsections (d) and (e), each request under subsection (a) shall be completed by any—

(A) large data holder within 45 days of such request from an individual, unless it is demonstrably impracticable or impracticably costly to verify such individual;

(B) covered entity that is not a large data holder or a covered entity meeting the requirements of section 209 within 60 days of such request from an individual, unless it is demonstrably impracticable or impracticably costly to verify such individual; or

(C) covered entity meeting the requirements of section 209 within 90 days of such request from an individual, unless it is demonstrably impracticable or impracticably costly to verify such individual.

(2) EXTENSION.—A response period set forth in this subsection may be extended once by 45 additional days when reasonably necessary, considering the complexity and number of the individual’s requests, so long as the covered entity informs the individual of any such extension within the initial 45-day response period, together with the reason for the extension.

(d) Frequency and cost of access.—A covered entity—

(1) shall provide an individual with the opportunity to exercise each of the rights described in subsection (a); and

(2) with respect to—

(A) the first 2 times that an individual exercises any right described in subsection (a) in any 12-month period, shall allow the individual to exercise such right free of charge; and

(B) any time beyond the initial 2 times described in subparagraph (A), may allow the individual to exercise such right for a reasonable fee for each request.

(e) Verification and exceptions.—

(1) REQUIRED EXCEPTIONS.—A covered entity may not permit an individual to exercise a right described in subsection (a), in whole or in part, if the covered entity—

(A) cannot reasonably verify that the individual making the request to exercise the right is the individual whose covered data is the subject of the request or an individual authorized to make such a request on the individual’s behalf;

(B) reasonably believes that the request is made to interfere with a contract between the covered entity and another individual;

(C) determines that the exercise of the right would require access to or correction of another individual’s sensitive covered data;

(D) reasonably believes that the exercise of the right would require the covered entity to engage in an unfair or deceptive practice under section 5 of the Federal Trade Commission Act (15 U.S.C. 45); or

(E) reasonably believes that the request is made to further fraud, support criminal activity, or the exercise of the right presents a data security threat.

(2) ADDITIONAL INFORMATION.—If a covered entity cannot reasonably verify that a request to exercise a right described in subsection (a) is made by the individual whose covered data is the subject of the request (or an individual authorized to make such a request on the individual’s behalf), the covered entity—

(A) may request that the individual making the request to exercise the right provide any additional information necessary for the sole purpose of verifying the identity of the individual; and

(B) may not process or transfer such additional information for any other purpose.

(3) PERMISSIVE EXCEPTIONS.—

(A) IN GENERAL.—A covered entity may decline, with adequate explanation to the individual, to comply with a request to exercise a right described in subsection (a), in whole or in part, that would—

(i) require the covered entity to retain any covered data collected for a single, one-time transaction, if such covered data is not processed or transferred by the covered entity for any purpose other than completing such transaction;

(ii) be demonstrably impracticable or prohibitively costly to comply with, and the covered entity shall provide a description to the requestor detailing the inability to comply with the request;

(iii) require the covered entity to attempt to re-identify de-identified data;

(iv) require the covered entity to maintain covered data in an identifiable form or collect, retain, or access any data in order to be capable of associating a verified individual request with covered data of such individual;

(v) result in the release of trade secrets or other privileged or confidential business information;

(vi) require the covered entity to correct any covered data that cannot be reasonably verified as being inaccurate or incomplete;

(vii) interfere with law enforcement, judicial proceedings, investigations, or reasonable efforts to guard against, detect, prevent, or investigate fraudulent, malicious, or unlawful activity, or enforce valid contracts;

(viii) violate Federal or State law or the rights and freedoms of another individual, including under the Constitution of the United States;

(ix) prevent a covered entity from being able to maintain a confidential record of deletion requests, maintained solely for the purpose of preventing covered data of an individual from being recollected after the individual submitted a deletion request and requested that the covered entity no longer collect, process, or transfer such data;

(x) fall within an exception enumerated in the regulations promulgated by the Commission pursuant to subparagraph (D); or

(xi) with respect to requests for deletion—

(I) unreasonably interfere with the provision of products or services by the covered entity to another person it currently serves;

(II) delete covered data that relates to a public figure and for which the requesting individual has no reasonable expectation of privacy;

(III) delete covered data reasonably necessary to perform a contract between the covered entity and the individual;

(IV) delete covered data that the covered entity needs to retain in order to comply with professional ethical obligations;

(V) delete covered data that the covered entity reasonably believes may be evidence of unlawful activity or an abuse of the covered entity’s products or services; or

(VI) for private elementary and secondary schools as defined by State law and private institutions of higher education as defined by title I of the Higher Education Act of 1965, delete covered data that would unreasonably interfere with the provision of education services by or the ordinary operation of the school or institution.

(B) PARTIAL COMPLIANCE.—In a circumstance that would allow a denial pursuant to subparagraph (A), a covered entity shall partially comply with the remainder of the request if it is possible and not unduly burdensome to do so.

(C) NUMBER OF REQUESTS.—For purposes of subparagraph (A)(ii), the receipt of a large number of verified requests, on its own, may not be considered to render compliance with a request demonstrably impracticable.

(D) FURTHER EXCEPTIONS.—The Commission may, by regulation as described in subsection (g), establish additional permissive exceptions necessary to protect the rights of individuals, alleviate undue burdens on covered entities, prevent unjust or unreasonable outcomes from the exercise of access, correction, deletion, or portability rights, or as otherwise necessary to fulfill the purposes of this section. In establishing such exceptions, the Commission should consider any relevant changes in technology, means for protecting privacy and other rights, and beneficial uses of covered data by covered entities.

(f) Large data holder metrics reporting.—A large data holder that is a covered entity shall, for each calendar year in which it was a large data holder, do the following:

(1) Compile the following metrics for the prior calendar year:

(A) The number of verified access requests under subsection (a)(1).

(B) The number of verified deletion requests under subsection (a)(3).

(C) The number of requests to opt-out of covered data transfers under section 204(b).

(D) The number of requests to opt-out of targeted advertising under section 204(c).

(E) The number of requests in each of subparagraphs (A) through (D) that such large data holder (i) complied with in whole or in part and (ii) denied.

(F) The median or mean number of days within which such large data holder substantively responded to the requests in each of subparagraphs (A) through (D).

(2) Disclose by July 1 of each applicable calendar year the information compiled in paragraph (1) within such large data holder’s privacy policy required under section 202 or on the publicly accessible website of such large data holder that is accessible from a hyperlink included in the privacy policy.

(g) Regulations.—Not later than 2 years after the date of enactment of this Act, the Commission shall promulgate regulations, pursuant to section 553 of title 5, United States Code, as necessary to establish processes by which covered entities are to comply with the provisions of this section. Such regulations shall take into consideration—

(1) the size of, and the nature, scope, and complexity of the activities engaged in by the covered entity, including whether the covered entity is a large data holder, nonprofit organization, covered entity meeting the requirements of section 209, third party, or third-party collecting entity;

(2) the sensitivity of covered data collected, processed, or transferred by the covered entity;

(3) the volume of covered data collected, processed, or transferred by the covered entity;

(4) the number of individuals and devices to which the covered data collected, processed, or transferred by the covered entity relates; and

(5) after consulting the National Institute of Standards and Technology, standards for ensuring the deletion of covered data under this Act where appropriate.

(h) Accessibility.—A covered entity shall facilitate the ability of individuals to make requests under subsection (a) in any covered language in which the covered entity provides a product or service. The mechanisms by which a covered entity enables individuals to make requests under subsection (a) shall be readily accessible and usable by with individuals with disabilities.

SEC. 204. Right to consent and object.

(a) Withdrawal of consent.—A covered entity shall provide an individual with a clear and conspicuous, easy-to-execute means to withdraw any affirmative express consent previously provided by the individual that is as easy to execute by a reasonable individual as the means to provide consent, with respect to the processing or transfer of the covered data of the individual.

(b) Right to opt out of covered data transfers.—

(1) IN GENERAL.—A covered entity—

(A) may not transfer or direct the transfer of the covered data of an individual to a third party if the individual objects to the transfer; and

(B) shall allow an individual to object to such a transfer through an opt-out mechanism, as described in section 210.

(2) EXCEPTION.—Except as provided in section 206(b)(3)(C), a covered entity need not allow an individual to opt out of the collection, processing, or transfer of covered data made pursuant to the exceptions in paragraphs (1) through (15) of section 101(b).

(c) Right to opt out of targeted advertising.—

(1) A covered entity or service provider that directly delivers a targeted advertisement shall—

(A) prior to engaging in targeted advertising to an individual or device and at all times thereafter, provide such individual with a clear and conspicuous means to opt out of targeted advertising;

(B) abide by any opt-out designation by an individual with respect to targeted advertising and notify the covered entity that directed the service provider to deliver the targeted advertisement of the opt-out decision; and

(C) allow an individual to make an opt-out designation with respect to targeted advertising through an opt-out mechanism, as described in section 210.

(2) A covered entity or service provider that receives an opt-out notification pursuant to paragraph (1)(B) or this paragraph shall abide by such opt-out designations by an individual and notify any other person that directed the covered entity or service provider to serve, deliver, or otherwise handle the advertisement of the opt-out decision.

(d) Individual autonomy.—A covered entity may not condition, effectively condition, attempt to condition, or attempt to effectively condition the exercise of any individual right under this section through—

(1) the use of any false, fictitious, fraudulent, or materially misleading statement or representation; or

(2) the design, modification, or manipulation of any user interface with the purpose or substantial effect of obscuring, subverting, or impairing a reasonable individual’s autonomy, decision making, or choice to exercise any such right.

SEC. 205. Data protections for children and minors.

(a) Prohibition on targeted advertising to children and minors.—A covered entity may not engage in targeted advertising to any individual if the covered entity has knowledge that the individual is a covered minor.

(b) Data transfer requirements related to covered minors.—

(1) IN GENERAL.—A covered entity may not transfer or direct the transfer of the covered data of a covered minor to a third party if the covered entity—

(A) has knowledge that the individual is a covered minor; and

(B) has not obtained affirmative express consent from the covered minor or the covered minor’s parent or guardian.

(2) EXCEPTION.—A covered entity or service provider may collect, process, or transfer covered data of an individual the covered entity or service provider knows is under the age of 18 solely in order to submit information relating to child victimization to law enforcement or to the nonprofit, national resource center and clearinghouse congressionally designated to provide assistance to victims, families, child-serving professionals, and the general public on missing and exploited children issues.

(c) Youth privacy and marketing division.—

(1) ESTABLISHMENT.—There is established within the Commission in the privacy bureau established in this Act, a division to be known as the “Youth Privacy and Marketing Division” (in this section referred to as the “Division”).

(2) DIRECTOR.—The Division shall be headed by a Director, who shall be appointed by the Chair of the Commission.

(3) DUTIES.—The Division shall be responsible for assisting the Commission in addressing, as it relates to this Act—

(A) the privacy of children and minors; and

(B) marketing directed at children and minors.

(4) STAFF.—The Director of the Division shall hire adequate staff to carry out the duties described in paragraph (3), including by hiring individuals who are experts in data protection, digital advertising, data analytics, and youth development.

(5) REPORTS.—Not later than 2 years after the date of enactment of this Act, and annually thereafter, the Commission shall submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Energy and Commerce of the House of Representatives a report that includes—

(A) a description of the work of the Division regarding emerging concerns relating to youth privacy and marketing practices; and

(B) an assessment of how effectively the Division has, during the period for which the report is submitted, assisted the Commission to address youth privacy and marketing practices.

(6) PUBLICATION.—Not later than 10 days after the date on which a report is submitted under paragraph (5), the Commission shall publish the report on its website.

(d) Report by the inspector general.—

(1) IN GENERAL.—Not later than 2 years after the date of enactment of this Act, and biennially thereafter, the Inspector General of the Commission shall submit to the Commission and to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Energy and Commerce of the House of Representatives a report regarding the safe harbor provisions in section 1304 of the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6503), which shall include—

(A) an analysis of whether the safe harbor provisions are—

(i) operating fairly and effectively; and

(ii) effectively protecting the interests of children and minors; and

(B) any proposal or recommendation for policy changes that would improve the effectiveness of the safe harbor provisions.

(2) PUBLICATION.—Not later than 10 days after the date on which a report is submitted under paragraph (1), the Commission shall publish the report on the website of the Commission.

SEC. 206. Third-party collecting entities.

(a) Notice.—Each third-party collecting entity shall place a clear, conspicuous, not misleading, and readily accessible notice on the website or mobile application of the third-party collecting entity (if the third-party collecting entity maintains such a website or mobile application) that—

(1) notifies individuals that the entity is a third-party collecting entity using specific language that the Commission shall develop through rulemaking under section 553 of title 5, United States Code;

(2) includes a link to the website established under subsection (b)(3); and

(3) is reasonably accessible to and usable by individuals with disabilities.

(b) Third-party collecting entity registration.—

(1) IN GENERAL.—Not later than January 31 of each calendar year that follows a calendar year during which a covered entity acted as a third-party collecting entity and processed covered data pertaining to more than 5,000 individuals or devices that identify or are linked or reasonably linkable to an individual, such covered entity shall register with the Commission in accordance with this subsection.

(2) REGISTRATION REQUIREMENTS.—In registering with the Commission as required under paragraph (1), a third-party collecting entity shall do the following:

(A) Pay to the Commission a registration fee of $100.

(B) Provide the Commission with the following information:

(i) The legal name and primary physical, email, and internet addresses of the third-party collecting entity.

(ii) A description of the categories of covered data the third-party collecting entity processes and transfers.

(iii) The contact information of the third-party collecting entity, including a contact person, a telephone number, an e-mail address, a website, and a physical mailing address.

(iv) A link to a website through which an individual may easily exercise the rights provided under this subsection.

(3) THIRD-PARTY COLLECTING ENTITY REGISTRY.—The Commission shall establish and maintain on a website a searchable, publicly available, central registry of third-party collecting entities that are registered with the Commission under this subsection that includes the following:

(A) A listing of all registered third-party collecting entities and a search feature that allows members of the public to identify individual third-party collecting entities.

(B) For each registered third-party collecting entity, the information provided under paragraph (2)(B).

(C) (i) A “Do Not Collect” registry link and mechanism by which an individual may, easily submit a request to all registered third-party collecting entities that are not consumer reporting agencies (as defined in section 603(f) of the Fair Credit Reporting Act (15 U.S.C. 1681a(f))), and to the extent such third-party collecting entities are not acting as consumer reporting agencies (as so defined), to—

(I) delete all covered data related to such individual that the third-party collecting entity did not collect from such individual directly or when acting as a service provider; and

(II) ensure that the third-party collecting entity no longer collects covered data related to such individual without the affirmative express consent of such individual, except insofar as the third-party collecting entity is acting as a service provider.

(ii) Each third-party collecting entity that receives such a request from an individual shall delete all the covered data of the individual not later than 30 days after the request is received by the third-party collecting entity.

(iii) Notwithstanding the provisions of clauses (i) and (ii), a third-party collecting entity may decline to fulfill a “Do Not Collect” request from an individual who it has actual knowledge has been convicted of a crime related to the abduction or sexual exploitation of a child, and the data the entity is collecting is necessary to effectuate the purposes of a national or State-run sex offender registry or the congressionally designated entity that serves as the nonprofit national resource center and clearinghouse to provide assistance to victims, families, child-serving professionals, and the general public on missing and exploited children issues.

(c) Penalties.—

(1) IN GENERAL.—A third-party collecting entity that fails to register or provide the notice as required under this section shall be liable for—

(A) a civil penalty of $100 for each day the third-party collecting entity fails to register or provide notice as required under this section, not to exceed a total of $10,000 for any year; and

(B) an amount equal to the registration fees due under paragraph (2)(A) of subsection (b) for each year that the third-party collecting entity failed to register as required under paragraph (1) of such subsection.

(2) RULE OF CONSTRUCTION.—Nothing in this subsection shall be construed as altering, limiting, or affecting any enforcement authorities or remedies under this Act.

SEC. 207. Civil rights and algorithms.

(a) Civil rights protections.—

(1) IN GENERAL.—A covered entity or a service provider may not collect, process, or transfer covered data in a manner that discriminates in or otherwise makes unavailable the equal enjoyment of goods or services on the basis of race, color, religion, national origin, sex, or disability.

(2) EXCEPTIONS.—This subsection shall not apply to—

(A) the collection, processing, or transfer of covered data for the purpose of—

(i) a covered entity’s or a service provider’s self-testing to prevent or mitigate unlawful discrimination; or

(ii) diversifying an applicant, participant, or customer pool; or

(B) any private club or group not open to the public, as described in section 201(e) of the Civil Rights Act of 1964 (42 U.S.C. 2000a(e)).

(b) FTC enforcement assistance.—

(1) IN GENERAL.—Whenever the Commission obtains information that a covered entity or service provider may have collected, processed, or transferred covered data in violation of subsection (a), the Commission shall transmit such information as allowable under Federal law to any Executive agency with authority to initiate enforcement actions or proceedings relating to such violation.

(2) ANNUAL REPORT.—Not later than 3 years after the date of enactment of this Act, and annually thereafter, the Commission shall submit to Congress a report that includes a summary of—

(A) the types of information the Commission transmitted to Executive agencies under paragraph (1) during the previous 1-year period; and

(B) how such information relates to Federal civil rights laws.

(3) TECHNICAL ASSISTANCE.—In transmitting information under paragraph (1), the Commission may consult and coordinate with, and provide technical and investigative assistance, as appropriate, to such Executive agency.

(4) COOPERATION WITH OTHER AGENCIES.—The Commission may implement this subsection by executing agreements or memoranda of understanding with the appropriate Executive agencies.

(c) Covered algorithm impact and evaluation.—

(1) COVERED ALGORITHM IMPACT ASSESSMENT.—

(A) IMPACT ASSESSMENT.—Notwithstanding any other provision of law, not later than 2 years after the date of enactment of this Act, and annually thereafter, a large data holder that uses a covered algorithm in a manner that poses a consequential risk of harm to an individual or group of individuals, and uses such covered algorithm solely or in part, to collect, process, or transfer covered data shall conduct an impact assessment of such algorithm in accordance with subparagraph (B).

(B) IMPACT ASSESSMENT SCOPE.—The impact assessment required under subparagraph (A) shall provide the following:

(i) A detailed description of the design process and methodologies of the covered algorithm.

(ii) A statement of the purpose and proposed uses of the covered algorithm.

(iii) A detailed description of the data used by the covered algorithm, including the specific categories of data that will be processed as input and any data used to train the model that the covered algorithm relies on, if applicable.

(iv) A description of the outputs produced by the covered algorithm.

(v) An assessment of the necessity and proportionality of the covered algorithm in relation to its stated purpose.

(vi) A detailed description of steps the large data holder has taken or will take to mitigate potential harms from the covered algorithm to an individual or group of individuals, including related to—

(I) covered minors;

(II) making or facilitating advertising for, or determining access to, or restrictions on the use of housing, education, employment, healthcare, insurance, or credit opportunities;

(III) determining access to, or restrictions on the use of, any place of public accommodation, particularly as such harms relate to the protected characteristics of individuals, including race, color, religion, national origin, sex, or disability;

(IV) disparate impact on the basis of individuals’ race, color, religion, national origin, sex, or disability status; or

(V) disparate impact on the basis of individuals’ political party registration status.

(2) ALGORITHM DESIGN EVALUATION.—Notwithstanding any other provision of law, not later than 2 years after the date of enactment of this Act, a covered entity or service provider that knowingly develops a covered algorithm that is designed to, solely or in part, to collect, process, or transfer covered data in furtherance of a consequential decision shall prior to deploying the covered algorithm in interstate commerce evaluate the design, structure, and inputs of the covered algorithm, including any training data used to develop the covered algorithm, to reduce the risk of the potential harms identified under paragraph (1)(B).

(3) OTHER CONSIDERATIONS.—

(A) FOCUS.—In complying with paragraphs (1) and (2), a covered entity and a service provider may focus the impact assessment or evaluation on any covered algorithm, or portions of a covered algorithm, that will be put to use and may reasonably contribute to the risk of the potential harms identified under paragraph (1)(B).

(B) AVAILABILITY.—

(i) IN GENERAL.—A covered entity and a service provider—

(I) shall, not later than 30 days after completing an impact assessment or evaluation, submit the impact assessment or evaluation conducted under paragraph (1) or (2) to the Commission;

(II) shall, upon request, make such impact assessment and evaluation available to Congress; and

(III) may make a summary of such impact assessment and evaluation publicly available in a place that is easily accessible to individuals.

(ii) TRADE SECRETS.—Covered entities and service providers may redact and segregate any trade secret (as defined in section 1839 of title 18, United States Code) or other confidential or proprietary information from public disclosure under this subparagraph and the Commission shall abide by its obligations under section 6(f) of the Federal Trade Commission Act (15 U.S.C. 46(f)) in regard to such information.

(C) ENFORCEMENT.—The Commission may not use any information obtained solely and exclusively through a covered entity or a service provider’s disclosure of information to the Commission in compliance with this section for any purpose other than enforcing this Act with the exception of enforcing consent orders, including the study and report provisions in paragraph (6). This subparagraph does not preclude the Commission from providing this information to Congress in response to a subpoena.

(4) GUIDANCE.—Not later than 2 years after the date of enactment of this Act, the Commission shall, in consultation with the Secretary of Commerce, or their respective designees, publish guidance regarding compliance with this section.

(5) RULEMAKING AND EXEMPTION.—The Commission shall have authority under section 553 of title 5, United States Code, to promulgate regulations as necessary to establish processes by which a large data holder—

(A) shall submit an impact assessment to the Commission under paragraph (3)(B)(i)(I); and

(B) may exclude from this subsection any covered algorithm that presents low or minimal consequential risk of harm to an individual or group of individuals.

(6) STUDY AND REPORT.—

(A) STUDY.—The Commission, in consultation with the Secretary of Commerce or the Secretary’s designee, shall conduct a study, to review any impact assessment or evaluation submitted under this subsection. Such study shall include an examination of—

(i) best practices for the assessment and evaluation of covered algorithms; and

(ii) methods to reduce the risk of harm to individuals that may be related to the use of covered algorithms.

(B) REPORT.—

(i) INITIAL REPORT.—Not later than 3 years after the date of enactment of this Act, the Commission, in consultation with the Secretary of Commerce or the Secretary’s designee, shall submit to Congress a report containing the results of the study conducted under subparagraph (A), together with recommendations for such legislation and administrative action as the Commission determines appropriate.

(ii) ADDITIONAL REPORTS.—Not later than 3 years after submission of the initial report under clause (i), and as the Commission determines necessary thereafter, the Commission shall submit to Congress an updated version of such report.

SEC. 208. Data security and protection of covered data.

(a) Establishment of data security practices.—

(1) IN GENERAL.—A covered entity or service provider shall establish, implement, and maintain reasonable administrative, technical, and physical data security practices and procedures to protect and secure covered data against unauthorized access and acquisition.

(2) CONSIDERATIONS.—The reasonable administrative, technical, and physical data security practices required under paragraph (1) shall be appropriate to—

(A) the size and complexity of the covered entity or service provider;

(B) the nature and scope of the covered entity or the service provider’s collecting, processing, or transferring of covered data;

(C) the volume and nature of the covered data collected, processed, or transferred by the covered entity or service provider;

(D) the sensitivity of the covered data collected, processed, or transferred;

(E) the current state of the art (and limitations thereof) in administrative, technical, and physical safeguards for protecting such covered data; and

(F) the cost of available tools to improve security and reduce vulnerabilities to unauthorized access and acquisition of such covered data in relation to the risks and nature of the covered data.

(b) Specific requirements.—The data security practices of the covered entity and of the service provider required under subsection (a) shall include, for each respective entity’s own system or systems, at a minimum, the following practices:

(1) ASSESS VULNERABILITIES.—Identifying and assessing any material internal and external risk to, and vulnerability in, the security of each system maintained by the covered entity that collects, processes, or transfers covered data, or service provider that collects, processes, or transfers covered data on behalf of the covered entity, including unauthorized access to or risks to such covered data, human vulnerabilities, access rights, and the use of service providers. With respect to large data holders, such activities shall include a plan to receive and reasonably respond to unsolicited reports of vulnerabilities by any entity or individual and by performing a reasonable investigation of such reports.

(2) PREVENTIVE AND CORRECTIVE ACTION.—Taking preventive and corrective action designed to mitigate reasonably foreseeable risks or vulnerabilities to covered data identified by the covered entity or service provider, consistent with the nature of such risk or vulnerability and the entity’s role in collecting, processing, or transferring the data. Such action may include implementing administrative, technical, or physical safeguards or changes to data security practices or the architecture, installation, or implementation of network or operating software, among other actions.

(3) EVALUATION OF PREVENTIVE AND CORRECTIVE ACTION.—Evaluating and making reasonable adjustments to the action described in paragraph (2) in light of any material changes in technology, internal or external threats to covered data, and the covered entity or service provider’s own changing business arrangements or operations.

(4) INFORMATION RETENTION AND DISPOSAL.—Disposing of covered data in accordance with a retention schedule that shall require the deletion of covered data when such data is required to be deleted by law or is no longer necessary for the purpose for which the data was collected, processed, or transferred, unless an individual has provided affirmative express consent to such retention. Such disposal shall include destroying, permanently erasing, or otherwise modifying the covered data to make such data permanently unreadable or indecipherable and unrecoverable to ensure ongoing compliance with this section. Service providers shall establish practices to delete or return covered data to a covered entity as requested at the end of the provision of services unless retention of the covered data is required by law, consistent with section 302(a)(6).

(5) TRAINING.—Training each employee with access to covered data on how to safeguard covered data and updating such training as necessary.

(6) DESIGNATION.—Designating an officer, employee, or employees to maintain and implement such practices.

(7) INCIDENT RESPONSE.—Implementing procedures to detect, respond to, or recover from security incidents, including breaches.

(c) Regulations.—The Commission may promulgate, in accordance with section 553 of title 5, United States Code, technology-neutral regulations to establish processes for complying with this section. The Commission shall consult with the National Institute of Standards and Technology in establishing such processes.

SEC. 209. Small business protections.

(a) Establishment of exemption.—Any covered entity or service provider that can establish that it met the requirements described in subsection (b) for the period of the 3 preceding calendar years (or for the period during which the covered entity or service provider has been in existence if such period is less than 3 years) shall—

(1) be exempt from compliance with section 203(a)(4), paragraphs (1) through (3) and (5) through (7) of section 208(b), and section 301(c); and

(2) at the covered entity’s sole discretion, have the option of complying with section 203(a)(2) by, after receiving a verified request from an individual to correct covered data of the individual under such section, deleting such covered data in its entirety instead of making the requested correction.

(b) Exemption requirements.—The requirements of this subsection are, with respect to a covered entity or a service provider, the following:

(1) The covered entity or service provider’s average annual gross revenues during the period did not exceed $41,000,000.

(2) The covered entity or service provider, on average, did not annually collect or process the covered data of more than 200,000 individuals during the period beyond the purpose of initiating, rendering, billing for, finalizing, completing, or otherwise collecting payment for a requested service or product, so long as all covered data for such purpose was deleted or de-identified within 90 days, except when necessary to investigate fraud or as consistent with a covered entity’s return policy.

(3) The covered entity or service provider did not derive more than 50 percent of its revenue from transferring covered data during any year (or part of a year if the covered entity has been in existence for less than 1 year) that occurs during the period.

(c) Revenue defined.—For purposes of this section, the term “revenue” as it relates to any covered entity or service provider that is not organized to carry on business for its own profit or that of its members, means the gross receipts the covered entity or service provider received in whatever form from all sources without subtracting any costs or expenses, and includes contributions, gifts, grants, dues or other assessments, income from investments, or proceeds from the sale of real or personal property.

SEC. 210. Unified opt-out mechanisms.

(a) In general.—For the rights established under subsection (b) of section 204, subsection (c) of section 204 (except as provided for under section 101(b)(16)), and section 206(b)(3)(C), following public notice and opportunity to comment and not later than 18 months after the date of enactment of this Act, the Commission shall establish or recognize one or more acceptable privacy protective, centralized mechanisms, including global privacy signals such as browser or device privacy settings, other tools offered by covered entities or service providers, and registries of identifiers, for individuals to exercise all such rights through a single interface for a covered entity or service provider to utilize to allow an individual to make such opt out designations with respect to covered data related to such individual.

(b) Requirements.—Any such centralized opt-out mechanism shall—

(1) require covered entities or service providers acting on behalf of covered entities to inform individuals about the centralized opt-out choice;

(2) not be required to be the default setting, but may be the default setting provided that in all cases the mechanism clearly represents the individual’s affirmative, freely given, and unambiguous choice to opt out;

(3) be consumer-friendly, clearly described, and easy-to-use by a reasonable individual;

(4) permit the covered entity or service provider acting on behalf of a covered entity to have an authentication process the covered entity or service provider acting on behalf of a covered entity may use to determine if the mechanism represents a legitimate request to opt out;

(5) be provided in any covered language in which the covered entity provides products or services subject to the opt-out; and

(6) be provided in a manner that is reasonably accessible to and usable by individuals with disabilities.

TITLE III—Corporate Accountability

SEC. 301. Executive responsibility.

(a) In general.—Beginning 1 year after the date of enactment of this Act, an executive officer of a large data holder shall annually certify, in good faith, to the Commission, in a manner specified by the Commission by regulation under section 553 of title 5, United States Code, that the entity maintains—

(1) internal controls reasonably designed to comply with this Act; and

(2) internal reporting structures to ensure that such certifying executive officer is involved in and responsible for the decisions that impact the compliance by the large data holder with this Act.

(b) Requirements.—A certification submitted under subsection (a) shall be based on a review of the effectiveness of the internal controls and reporting structures of the large data holder that is conducted by the certifying executive officer not more than 90 days before the submission of the certification. A certification submitted under subsection (a) is made in good faith if the certifying officer had, after a reasonable investigation, reasonable ground to believe and did believe, at the time that certification was submitted, that the statements therein were true and that there was no omission to state a material fact required to be stated therein or necessary to make the statements therein not misleading.

(c) Designation of privacy and data security officer.—

(1) IN GENERAL.—A covered entity or service provider that have more than 15 employees, shall designate—

(A) 1 or more qualified employees as privacy officers; and

(B) 1 or more qualified employees (in addition to any employee designated under subparagraph (A)) as data security officers.

(2) REQUIREMENTS FOR OFFICERS.—An employee who is designated by a covered entity or a service provider as a privacy officer or a data security officer pursuant to paragraph (1) shall, at a minimum—

(A) implement a data privacy program and data security program to safeguard the privacy and security of covered data in compliance with the requirements of this Act; and

(B) facilitate the covered entity or service provider’s ongoing compliance with this Act.

(3) ADDITIONAL REQUIREMENTS FOR LARGE DATA HOLDERS.—A large data holder shall designate at least 1 of the officers described in paragraph (1) to report directly to the highest official at the large data holder as a privacy protection officer who shall, in addition to the requirements in paragraph (2), either directly or through a supervised designee or designees—

(A) establish processes to periodically review and update the privacy and security policies, practices, and procedures of the large data holder, as necessary;

(B) conduct biennial and comprehensive audits to ensure the policies, practices, and procedures of the large data holder ensure the large data holder is in compliance with this Act and ensure such audits are accessible to the Commission upon request;

(C) develop a program to educate and train employees about compliance requirements of this Act;

(D) maintain updated, accurate, clear, and understandable records of all material privacy and data security practices undertaken by the large data holder; and

(E) serve as the point of contact between the large data holder and enforcement authorities.

(d) Large data holder privacy impact assessments.—

(1) IN GENERAL.—Not later than 1 year after the date of enactment of this Act or 1 year after the date on which a covered entity first meets the definition of large data holder, whichever is earlier, and biennially thereafter, each covered entity that is a large data holder shall conduct a privacy impact assessment that weighs the benefits of the large data holder’s covered data collecting, processing, and transfer practices against the potential adverse consequences of such practices, including substantial privacy risks, to individual privacy.

(2) ASSESSMENT REQUIREMENTS.—A privacy impact assessment required under paragraph (1) shall be—

(A) reasonable and appropriate in scope given—

(i) the nature of the covered data collected, processed, and transferred by the large data holder;

(ii) the volume of the covered data collected, processed, and transferred by the large data holder; and

(iii) the potential material risks posed to the privacy of individuals by the collecting, processing, and transfer of covered data by the large data holder;

(B) documented in written form and maintained by the large data holder unless rendered out of date by a subsequent assessment conducted under paragraph (1); and

(C) approved by the privacy protection officer designated in subsection (c)(3) of the large data holder, as applicable.

(3) ADDITIONAL FACTORS TO INCLUDE IN ASSESSMENT.—In assessing the privacy risks, including substantial privacy risks, the large data holder must include reviews of the means by which technologies, including blockchain and distributed ledger technologies and other emerging technologies, are used to secure covered data.

(e) Other privacy impact assessments.—

(1) IN GENERAL.—Not later than 1 year after the date of enactment of this Act and biennially thereafter, each covered entity that is not large data holder and does not meet the requirements for covered entities under section 209 shall conduct a privacy impact assessment. Such assessment shall weigh the benefits of the covered entity’s covered data collecting, processing, and transfer practices that may cause a substantial privacy risk against the potential material adverse consequences of such practices to individual privacy.

(2) ASSESSMENT REQUIREMENTS.—A privacy impact assessment required under paragraph (1) shall be—

(A) reasonable and appropriate in scope given—

(i) the nature of the covered data collected, processed, and transferred by the covered entity;

(ii) the volume of the covered data collected, processed, and transferred by the covered entity; and

(iii) the potential risks posed to the privacy of individuals by the collecting, processing, and transfer of covered data by the covered entity; and

(B) documented in written form and maintained by the covered entity unless rendered out of date by a subsequent assessment conducted under paragraph (1).

(3) ADDITIONAL FACTORS TO INCLUDE IN ASSESSMENT.—In assessing the privacy risks, including substantial privacy risks, the covered entity may include reviews of the means by which technologies, including blockchain and distributed ledger technologies and other emerging technologies, are used to secure covered data.

SEC. 302. Service providers and third parties.

(a) Service providers.—A service provider—

(1) shall adhere to the instructions of a covered entity and only collect, process, and transfer service provider data to the extent necessary and proportionate to provide a service requested by the covered entity, as set out in the contract required by subsection (b), and this paragraph does not require a service provider to collect, process, or transfer covered data if the service provider would not otherwise do so;

(2) may not collect, process, or transfer service provider data if the service provider has actual knowledge that a covered entity violated this Act with respect to such data;

(3) shall assist a covered entity in responding to a request made by an individual under section 203 or 204, by either—

(A) providing appropriate technical and organizational measures, taking into account the nature of the processing and the information reasonably available to the service provider, for the covered entity to comply with such request for service provider data; or

(B) fulfilling a request by a covered entity to execute an individual rights request that the covered entity has determined should be complied with, by either—

(i) complying with the request pursuant to the covered entity’s instructions; or

(ii) providing written verification to the covered entity that it does not hold covered data related to the request, that complying with the request would be inconsistent with its legal obligations, or that the request falls within an exception to section 203 or 204;

(4) may engage another service provider for purposes of processing service provider data on behalf of a covered entity only after providing that covered entity with notice and pursuant to a written contract that requires such other service provider to satisfy the obligations of the service provider with respect to such service provider data, including that the other service provider be treated as a service provider under this Act;

(5) shall, upon the reasonable request of the covered entity, make available to the covered entity information necessary to demonstrate the compliance of the service provider with the requirements of this Act, which may include making available a report of an independent assessment arranged by the service provider on terms agreed to by the service provider and the covered entity, providing information necessary to enable the covered entity to conduct and document a privacy impact assessment required by subsection (d) or (e) of section 301, and making available the report required under section 207(c)(2);

(6) shall, at the covered entity’s direction, delete or return all covered data to the covered entity as requested at the end of the provision of services, unless retention of the covered data is required by law;

(7) shall develop, implement, and maintain reasonable administrative, technical, and physical safeguards that are designed to protect the security and confidentiality of covered data the service provider processes consistent with section 208; and

(8) shall allow and cooperate with, reasonable assessments by the covered entity or the covered entity’s designated assessor; alternatively, the service provider may arrange for a qualified and independent assessor to conduct an assessment of the service provider’s policies and technical and organizational measures in support of the obligations under this Act using an appropriate and accepted control standard or framework and assessment procedure for such assessments. The service provider shall provide a report of such assessment to the covered entity upon request.

(b) Contracts Between Covered Entities and Service Providers.—

(1) REQUIREMENTS.—A person or entity may only act as a service provider pursuant to a written contract between the covered entity and the service provider, or a written contract between one service provider and a second service provider as described under subsection (a)(4), if the contract—

(A) sets forth the data processing procedures of the service provider with respect to collection, processing, or transfer performed on behalf of the covered entity or service provider;

(B) clearly sets forth—

(i) instructions for collecting, processing, or transferring data;

(ii) the nature and purpose of collecting, processing, or transferring;

(iii) the type of data subject to collecting, processing, or transferring;

(iv) the duration of processing; and

(v) the rights and obligations of both parties, including a method by which the service provider shall notify the covered entity of material changes to its privacy practices;

(C) does not relieve a covered entity or a service provider of any requirement or liability imposed on such covered entity or service provider under this Act; and

(D) prohibits—

(i) collecting, processing, or transferring covered data in contravention to subsection (a); and

(ii) combining service provider data with covered data which the service provider receives from or on behalf of another person or persons or collects from the interaction of the service provider with an individual, provided that such combining is not necessary to effectuate a purpose described in paragraphs (1) through (15) of section 101(b) and is otherwise permitted under the contract required by this subsection.

(2) CONTRACT TERMS.—Each service provider shall retain copies of previous contracts entered into in compliance with this subsection with each covered entity to which it provides requested products or services.

(c) Relationship Between Covered Entities and Service Providers.—

(1) Determining whether a person is acting as a covered entity or service provider with respect to a specific processing of covered data is a fact-based determination that depends upon the context in which such data is processed.

(2) A person that is not limited in its processing of covered data pursuant to the instructions of a covered entity, or that fails to adhere to such instructions, is a covered entity and not a service provider with respect to a specific processing of covered data. A service provider that continues to adhere to the instructions of a covered entity with respect to a specific processing of covered data remains a service provider. If a service provider begins, alone or jointly with others, determining the purposes and means of the processing of covered data, it is a covered entity and not a service provider with respect to the processing of such data.

(3) A covered entity that transfers covered data to a service provider or a service provider that transfers covered data to a covered entity or another service provider, in compliance with the requirements of this Act, is not liable for a violation of this Act by the service provider or covered entity to whom such covered data was transferred, if at the time of transferring such covered data, the covered entity or service provider did not have actual knowledge that the service provider or covered entity would violate this Act.

(4) A covered entity or service provider that receives covered data in compliance with the requirements of this Act is not in violation of this Act as a result of a violation by a covered entity or service provider from which such data was received.

(d) Third parties.—A third party—

(1) shall not process third party data for a processing purpose other than, in the case of sensitive covered data, the processing purpose for which the individual gave affirmative express consent or to effect a purpose enumerated in paragraph (1), (3), or (5) of section 101(b) and, in the case of non-sensitive data, the processing purpose for which the covered entity made a disclosure pursuant to section 202(b)(4); and

(2) for purposes of paragraph (1), may reasonably rely on representations made by the covered entity that transferred the third party data if the third party conducts reasonable due diligence on the representations of the covered entity and finds those representations to be credible.

(e) Additional obligations on covered entities.—

(1) IN GENERAL.—A covered entity or service provider shall exercise reasonable due diligence in—

(A) selecting a service provider; and

(B) deciding to transfer covered data to a third party.

(2) GUIDANCE.—Not later than 2 years after the date of enactment of this Act, the Commission shall publish guidance regarding compliance with this subsection, taking into consideration the burdens on large data holders, covered entities who are not large data holders, and covered entities meeting the requirements of section 209.

(f) Rule of construction.—Solely for the purposes of this section, the requirements for service providers to contract with, assist, and follow the instructions of covered entities shall be read to include requirements to contract with, assist, and follow the instructions of a government entity if the service provider is providing a service to a government entity.

SEC. 303. Technical compliance programs.

(a) In general.—Not later than 3 years after the date of enactment of this Act, the Commission shall promulgate regulations under section 553 of title 5, United States Code, to establish a process for the proposal and approval of technical compliance programs under this section used by a covered entity to collect, process, or transfer covered data.

(b) Scope of programs.—The technical compliance programs established under this section shall, with respect to a technology, product, service, or method used by a covered entity to collect, process, or transfer covered data—

(1) establish publicly available guidelines for compliance with this Act; and

(2) meet or exceed the requirements of this Act.

(c) Approval process.—

(1) IN GENERAL.—Any request for approval, amendment, or repeal of a technical compliance program may be submitted to the Commission by any person, including a covered entity, a representative of a covered entity, an association of covered entities, or a public interest group or organization. Within 90 days after the request is made, the Commission shall publish the request and provide an opportunity for public comment on the proposal.

(2) EXPEDITED RESPONSE TO REQUESTS.—Beginning 1 year after the date of enactment of this Act, the Commission shall act upon a request for the proposal and approval of a technical compliance program not later than 1 year after the filing of the request, and shall set forth publicly in writing the conclusions of the Commission with regard to such request.

(d) Right to Appeal.—Final action by the Commission on a request for approval, amendment, or repeal of a technical compliance program, or the failure to act within the 1-year period after a request for approval, amendment, or repeal of a technical compliance program is made under subsection (c), may be appealed to a Federal district court of the United States of appropriate jurisdiction as provided for in section 702 of title 5, United States Code.

(e) Effect on enforcement.—

(1) IN GENERAL.—Prior to commencing an investigation or enforcement action against any covered entity under this Act, the Commission and State attorney general shall consider the covered entity’s history of compliance with any technical compliance program approved under this section and any action taken by the covered entity to remedy noncompliance with such program. If such enforcement action described in section 403 is brought, the covered entity’s history of compliance with any technical compliance program approved under this section and any action taken by the covered entity to remedy noncompliance with such program shall be taken into consideration when determining liability or a penalty. The covered entity’s history of compliance with any technical compliance program shall not affect any burden of proof or the weight given to evidence in an enforcement or judicial proceeding.

(2) COMMISSION AUTHORITY.—Approval of a technical compliance program shall not limit the authority of the Commission, including the Commission’s authority to commence an investigation or enforcement action against any covered entity under this Act or any other Act.

(3) RULE OF CONSTRUCTION.—Nothing in this subsection shall provide any individual, class of individuals, or person with any right to seek discovery of any non-public Commission deliberation or activity or impose any pleading requirement on the Commission if the Commission brings an enforcement action of any kind.

SEC. 304. Commission approved compliance guidelines.

(a) Application for compliance guideline Approval.—

(1) IN GENERAL.—A covered entity that is not a third-party collecting entity and meets the requirements of section 209, or a group of such covered entities, may apply to the Commission for approval of 1 or more sets of compliance guidelines governing the collection, processing, and transfer of covered data by the covered entity or group of covered entities.

(2) APPLICATION REQUIREMENTS.—Such application shall include—

(A) a description of how the proposed guidelines will meet or exceed the requirements of this Act;

(B) a description of the entities or activities the proposed set of compliance guidelines is designed to cover;

(C) a list of the covered entities that meet the requirements of section 209 and are not third-party collecting entities, if any are known at the time of application, that intend to adhere to the compliance guidelines; and

(D) a description of how such covered entities will be independently assessed for adherence to such compliance guidelines, including the independent organization not associated with any of the covered entities that may participate in guidelines that will administer such guidelines.

(3) COMMISSION REVIEW.—

(A) INITIAL APPROVAL.—

(i) PUBLIC COMMENT PERIOD.—Within 90 days after the receipt of proposed guidelines submitted pursuant to paragraph (2), the Commission shall publish the application and provide an opportunity for public comment on such compliance guidelines.

(ii) APPROVAL.—The Commission shall approve an application regarding proposed guidelines under paragraph (2) if the applicant demonstrates that the compliance guidelines—

(I) meet or exceed requirements of this Act;

(II) provide for the regular review and validation by an independent organization not associated with any of the covered entities that may participate in the guidelines and that is approved by the Commission to conduct such reviews of the compliance guidelines of the covered entity or entities to ensure that the covered entity or entities continue to meet or exceed the requirements of this Act; and

(III) include a means of enforcement if a covered entity does not meet or exceed the requirements in the guidelines, which may include referral to the Commission for enforcement consistent with section 401 or referral to the appropriate State attorney general for enforcement consistent with section 402.

(iii) TIMELINE.—Within 1 year after receiving an application regarding proposed guidelines under paragraph (2), the Commission shall issue a determination approving or denying the application and providing its reasons for approving or denying such application.

(B) APPROVAL OF MODIFICATIONS.—

(i) IN GENERAL.—If the independent organization administering a set of guidelines makes material changes to guidelines previously approved by the Commission, the independent organization shall submit the updated guidelines to the Commission for approval. As soon as feasible, the Commission shall publish the updated guidelines and provide an opportunity for public comment.

(ii) TIMELINE.—The Commission shall approve or deny any material change to the guidelines within 1 year after receipt of the submission for approval.

(b) Withdrawal of Approval.—If at any time the Commission determines that the guidelines previously approved no longer meet the requirements of this Act or a regulation promulgated under this Act or that compliance with the approved guidelines is insufficiently enforced by the independent organization administering the guidelines, the Commission shall notify the covered entities or group of such entities and the independent organization of the determination of the Commission to withdraw approval of such guidelines and the basis for doing so. Within180 days after receipt of such notice, the covered entity or group of such entities and the independent organization may cure any alleged deficiency with the guidelines or the enforcement of such guidelines and submit each proposed cure to the Commission. If the Commission determines that such cures eliminate the alleged deficiency in the guidelines, then the Commission may not withdraw approval of such guidelines on the basis of such determination.

(c) Deemed compliance.—A covered entity that is eligible to participate under subsection (a)(1) and participates in guidelines approved under this section shall be deemed in compliance with the relevant provisions of this Act if such covered entity is in compliance with such guidelines.

SEC. 305. Digital content forgeries.

(a) Reports.—Not later than 1 year after the date of enactment of this Act, and annually thereafter, the Secretary of Commerce or the Secretary’s designee shall publish a report regarding digital content forgeries.

(b) Requirements.—Each report under subsection (a) shall include the following:

(1) A definition of digital content forgeries along with accompanying explanatory materials.

(2) A description of the common sources of digital content forgeries in the United States and commercial sources of digital content forgery technologies.

(3) An assessment of the uses, applications, and harms of digital content forgeries.

(4) An analysis of the methods and standards available to identify digital content forgeries as well as a description of the commercial technological counter-measures that are, or could be, used to address concerns with digital content forgeries, which may include the provision of warnings to viewers of suspect content.

(5) A description of the types of digital content forgeries, including those used to commit fraud, cause harm, or violate any provision of law.

(6) Any other information determined appropriate by the Secretary of Commerce or the Secretary’s designee.

TITLE IV—Enforcement, Applicability, and Miscellaneous

SEC. 401. Enforcement by the Federal Trade Commission.

(a) Bureau of Privacy.—

(1) IN GENERAL.—The Commission shall establish within the Commission a new bureau to be known as the “Bureau of Privacy”, which shall be of similar structure, size, organization, and authority as the existing bureaus within the Commission related to consumer protection and competition.

(2) MISSION.—The mission of the Bureau established under paragraph (1) shall be to assist the Commission in carrying out the duties of the Commission under this Act and related duties under other provisions of law.

(3) TIMELINE.—The Bureau required to be established under paragraph (1) shall be established, staffed, and fully operational not later than 1 year after the date of enactment of this Act.

(b) Office of Business Mentorship.—The Director of the Bureau established under subsection (a)(1) shall establish within the Bureau an office to be known as the “Office of Business Mentorship” to provide guidance and education to covered entities and service providers regarding compliance with this Act. Covered entities or service providers may request advice from the Commission or the Office with respect to a course of action that the covered entity or service provider proposes to pursue and that may relate to the requirements of this Act.

(c) Enforcement by the Federal Trade Commission.—

(1) UNFAIR OR DECEPTIVE ACTS OR PRACTICES.—A violation of this Act or a regulation promulgated under this Act shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

(2) POWERS OF THE COMMISSION.—

(A) IN GENERAL.—Except as provided in paragraphs (3), (4), and (5), the Commission shall enforce this Act and the regulations promulgated under this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act.

(B) PRIVILEGES AND IMMUNITIES.—Any person who violates this Act or a regulation promulgated under this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.).

(3) LIMITING CERTAIN ACTIONS UNRELATED TO THIS ACT.—If the Commission brings a civil action alleging that an act or practice violates this Act or a regulation promulgated under this Act, the Commission may not seek a cease and desist order against the same defendant under section 5(b) of the Federal Trade Commission Act (15 U.S.C. 45(b)) to stop that same act or practice on the grounds that such act or practice constitutes an unfair or deceptive act or practice.

(4) COMMON CARRIERS AND NONPROFIT ORGANIZATIONS.—Notwithstanding any jurisdictional limitation of the Commission with respect to consumer protection or privacy, the Commission shall enforce this Act and the regulations promulgated under this Act, in the same manner provided in paragraphs (1), (2), (3), and (5), with respect to common carriers subject to the Communications Act of 1934 (47 U.S.C. 151 et seq.) and all Acts amendatory thereof and supplementary thereto and organizations not organized to carry on business for their own profit or that of their members.

(5) PRIVACY AND SECURITY VICTIMS RELIEF FUND.—

(A) ESTABLISHMENT.—There is established in the Treasury of the United States a separate fund to be known as the “Privacy and Security Victims Relief Fund” in this paragraph referred to as the “Victims Relief Fund”).

(B) DEPOSITS.—Notwithstanding section 3302 of title 31, United States Code, in any judicial or administrative action to enforce this Act or a regulation promulgated under this Act, the amount of any civil penalty obtained against a covered entity or service provider, or any other monetary relief ordered to be paid by a covered entity or service provider to provide redress, payment, compensation, or other relief to individuals that cannot be located or the payment of which would otherwise not be practicable, shall be deposited into the Victims Relief Fund.

(C) USE OF FUNDS.—

(i) USE BY COMMISSION.—Amounts in the Victims Relief Fund shall be available to the Commission, without fiscal year limitation, to provide redress, payment, compensation, or other monetary relief to individuals affected by an act or practice for which relief has been obtained under this Act.

(ii) OTHER PERMISSIBLE USES.—To the extent that the individuals described in clause (i) cannot be located or such redress, payments, compensation, or other monetary relief are otherwise not practicable, the Commission may use such funds for the purpose of—

(I) funding the activities of the Office of Business Mentorship established under subsection (b); or

(II) engaging in technological research that the Commission considers necessary to enforce or administer this Act.

SEC. 402. Enforcement by States.

(a) Civil action.—In any case in which the attorney general or State Privacy Authority of a State has reason to believe that an interest of the residents of that State has been, may be, or is adversely affected by a violation of this Act or a regulation promulgated under this Act by a covered entity or service provider, the attorney general or State Privacy Authority may bring a civil action in the name of the State, or as parens patriae on behalf of the residents of the State. Any such action shall be brought exclusively in an appropriate Federal district court of the United States to—

(1) enjoin such act or practice;

(2) enforce compliance with this Act or such regulation;

(3) obtain damages, civil penalties, restitution, or other compensation on behalf of the residents of such State; or

(4) obtain reasonable attorneys’ fees and other litigation costs reasonably incurred.

(b) Rights of the Commission.—

(1) IN GENERAL.—Except as provided in paragraph (2), the attorney general or State Privacy Authority of a State shall notify the Commission in writing prior to initiating a civil action under subsection (a). Such notification shall include a copy of the complaint to be filed to initiate such action. Upon receiving such notification, the Commission may intervene in such action as a matter of right pursuant to the Federal Rules of Civil Procedure.

(2) FEASIBILITY.—If the notification required by paragraph (1) is not feasible, the attorney general or State Privacy Authority shall notify the Commission immediately after initiating the civil action.

(c) Actions by the Commission.—In any case in which a civil action is instituted by or on behalf of the Commission for violation of this Act or a regulation promulgated under this Act, no attorney general or State Privacy Authority of a State may, during the pendency of such action, institute a civil action against any defendant named in the complaint in the action instituted by or on behalf of the Commission for a violation of this Act or a regulation promulgated under this Act that is alleged in such complaint, if such complaint alleges such violation affected the residents of such State or individuals nationwide. If the Commission brings a civil action against a covered entity or service provider for a violation of this Act or a regulation promulgated under this Act that affects the interests of the residents of a State, the attorney general or State Privacy Authority of such State may intervene in such action as a matter of right pursuant to the Federal Rules of Civil Procedure.

(d) Rule of construction.—Nothing in this section may be construed to prevent the attorney general or State Privacy Authority of a State from exercising the powers conferred on the attorney general or State Privacy Authority to conduct investigations, to administer oaths or affirmations, or to compel the attendance of witnesses or the production of documentary or other evidence.

(e) Preservation of state powers.—Except as provided in subsection (c), nothing in this section may be construed as altering, limiting, or affecting the authority of the attorney general or State Privacy Authority of a State to—

(1) bring an action or other regulatory proceeding arising solely under the law in effect in the State that is preempted by this Act or under another applicable Federal law; or

(2) exercise the powers conferred on the attorney general or State Privacy Authority by the laws of the State, including the ability to conduct investigations, administer oaths or affirmations, or compel the attendance of witnesses or the production of documentary or other evidence.

SEC. 403. Enforcement by persons.

(a) Enforcement by persons.—

(1) IN GENERAL.—Beginning on the date that is 2 years after the date on which this Act takes effect, any person or class of persons for a violation of this Act or a regulation promulgated under this Act by a covered entity or service provider may bring a civil action against such entity in any Federal court of competent jurisdiction.

(2) RELIEF.—In a civil action brought under paragraph (1) in which a plaintiff prevails, the court may award the plaintiff—

(A) an amount equal to the sum of any compensatory damages;

(B) injunctive relief;

(C) declaratory relief; and

(D) reasonable attorney’s fees and litigation costs.

(3) RIGHTS OF THE COMMISSION AND STATE ATTORNEYS GENERAL.—

(A) IN GENERAL.—Prior to a person bringing a civil action under paragraph (1), such person shall notify the Commission and the attorney general of the State where such person resides in writing that such person intends to bring a civil action under such paragraph. Upon receiving such notice, the Commission and State attorney general shall each or jointly make a determination and respond to such person not later than 60 days after receiving such notice, as to whether they will intervene in such action pursuant to the Federal Rules of Civil Procedure. If a state attorney general does intervene, they shall only be heard with respect to the interests of the residents of their State

(B) RETAINED AUTHORITY.—Subparagraph (A) may not be construed to limit the authority of the Commission or any applicable State attorney general or State Privacy Authority to later commence a proceeding or civil action or intervene by motion if the Commission or State attorney general or State Privacy Authority does not commence a proceeding or civil action within the 60-day period.

(C) BAD FAITH.—Any written communication from counsel for an aggrieved party to a covered entity or service provider requesting a monetary payment from that covered entity or service provider regarding a specific claim described in a letter sent pursuant to subsection (d), not including filings in court proceedings, arbitrations, mediations, judgment collection processes, or other communications related to previously initiated litigation or arbitrations, shall be considered to have been sent in bad faith and shall be unlawful as defined in this Act, if the written communication was sent prior to the date that is 60 days after either a State attorney general or the Commission has received the notice required under subparagraph (A).

(4) FTC STUDY.—Beginning on the date that is 5 years after the date of enactment of this Act and every 5 years thereafter, the Commission’s Bureau of Economics and Bureau of Privacy shall assist the Commission in conducting a study to determine the economic impacts in the United States of demand letters sent pursuant to this section and the scope of the rights of a person under this section to bring forth civil actions against covered entities and service providers. Such study shall include the following:

(A) The impact on insurance rates in the United States.

(B) The impact on the ability of covered entities to offer new products or services.

(C) The impact on the creation and growth of new startup companies, including new technology companies.

(D) Any emerging risks, benefits, and long-term trends in relevant marketplaces, supply chains, and labor availability.

(E) The impact on reducing, preventing, or remediating harms to individuals, including from fraud, identity theft, spam, discrimination, defective products, and violations of rights.

(F) The impact on the volume and severity of data security incidents, and the ability to respond to data security incidents.

(G) Other intangible direct and indirect costs and benefits to individuals.

(5) REPORT TO CONGRESS.—Not later than 5 years after the first day on which persons and classes of persons are able to bring civil actions under this subsection, and annually thereafter, the Commission shall submit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report that contains the results of the study conducted under paragraph (4).

(b) Arbitration agreements and pre-dispute joint action waivers.—

(1) PRE-DISPUTE ARBITRATION AGREEMENTS.—

(A) Notwithstanding any other provision of law, no pre-dispute arbitration agreement with respect to an individual under the age of 18 is enforceable with regard to a dispute arising under this Act.

(B) Notwithstanding any other provision of law, no pre-dispute arbitration agreement is enforceable with regard to a dispute arising under this Act concerning a claim related to gender or partner-based violence or physical harm.

(2) PRE-DISPUTE JOINT-ACTION WAIVERS.—Notwithstanding any other provision of law, no pre-dispute joint-action waiver with respect to an individual under the age of 18 is enforceable with regard to a dispute arising under this Act.

(3) DEFINITIONS.—For purposes of this subsection:

(A) PRE-DISPUTE ARBITRATION AGREEMENT.—The term “pre-dispute arbitration agreement” means any agreement to arbitrate a dispute that has not arisen at the time of the making of the agreement.

(B) PRE-DISPUTE JOINT-ACTION WAIVER.—The term “pre-dispute joint-action waiver” means an agreement, whether or not part of a pre-dispute arbitration agreement, that would prohibit or waive the right of 1 of the parties to the agreement to participate in a joint, class, or collective action in a judicial, arbitral, administrative, or other related forum, concerning a dispute that has not yet arisen at the time of the making of the agreement.

(c) Right to cure.—

(1) NOTICE.—Subject to paragraph (3), with respect to a claim under this section for—

(A) injunctive relief; or

(B) an action against a covered entity or service provider that meets the requirements of section 209 of this Act, such claim may be brought by a person or class of persons if—prior to asserting such claim—the person or class or persons provides to the covered entity or service provider 45 days’ written notice identifying the specific provisions of this Act the person or class of persons alleges have been or are being violated.

(2) EFFECT OF CURE.—Subject to paragraph (3), in the event a cure is possible, if within the 45 days the covered entity or service provider demonstrates to the court that it has cured the noticed violation or violations and provides the person or class of persons an express written statement that the violation or violations has been cured and that no further violations shall occur, a claim for injunctive relief shall not be permitted and may be reasonably dismissed.

(3) RULE OF CONSTRUCTION.—The notice described in paragraph (1) and the reasonable dismissal in paragraph (2) shall not apply more than once to any alleged underlying violation by the same covered entity.

(d) Demand letter.—If a person or a identified members of a class of persons represented by counsel in regard to an alleged violation or violations of the Act and has correspondence sent to a covered entity or service provider by counsel alleging a violation or violations of the provisions of this Act and requests a monetary payment, such correspondence shall include the following language: “Please visit the website of the Federal Trade Commission for a general description of your rights under the American Data Privacy and Protection Act” followed by a hyperlink to the webpage of the Commission required under section 201. If such correspondence does not include such language and hyperlink, a civil action brought under this section by such person or identified members of the class of persons represented by counsel may be dismissed without prejudice and shall not be reinstated until such person or persons has complied with this subsection.

(e) Applicability.—

(1) IN GENERAL.—This section shall only apply to a claim alleging a violation of section 102, 104, 202, 203, 204, 205(a), 205(b), 206(b)(3)(C), 207(a), 208(a), or 302, or a regulation promulgated under any such section.

(2) EXCEPTION.—This section shall not apply to any claim against a covered entity that has less than $25,000,000 per year in revenue, collects, processes, or transfers the covered data of fewer than 50,000 individuals, and derives less than 50 percent of its revenue from transferring covered data.

SEC. 404. Relationship to Federal and State laws.

(a) Federal law preservation.—

(1) IN GENERAL.—Nothing in this Act or a regulation promulgated under this Act may be construed to limit—

(A) the authority of the Commission, or any other Executive agency, under any other provision of law;

(B) any requirement for a common carrier subject to section 64.2011 of title 47, Code of Federal Regulations (or any successor regulation) regarding information security breaches; or

(C) any other provision of Federal law, except as otherwise provided in this Act.

(2) ANTITRUST SAVINGS CLAUSE.—

(A) FULL APPLICATION OF THE ANTITRUST LAW.—Nothing in this Act may be construed to modify, impair or supersede the operation of the antitrust law or any other provision of law.

(B) NO IMMUNITY FROM THE ANTITRUST LAW.—Nothing in the regulatory regime adopted by this Act shall be construed as operating to limit any law deterring anticompetitive conduct or diminishing the need for full application of the antitrust law. Nothing in this Act explicitly or implicitly precludes the application of the antitrust law.

(C) DEFINITION OF ANTITRUST LAW.—For purposes of this section, the term antitrust law has the same meaning as in subsection (a) of the first section of the Clayton Act (15 U.S.C. 12), except that such term includes section 5 of the Federal Trade Commission Act (15 U.S.C. 45) to the extent that such section 5 applies to unfair methods of competition.

(3) APPLICABILITY OF OTHER PRIVACY REQUIREMENTS.—A covered entity that is required to comply with title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.), the Health Information Technology for Economic and Clinical Health Act (42 U.S.C. 17931 et seq.), part C of title XI of the Social Security Act (42 U.S.C. 1320d et seq.), the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), the Family Educational Rights and Privacy Act (20 U.S.C. 1232g; part 99 of title 34, Code of Federal Regulations) to the extent such covered entity is a school as defined in 20 U.S.C. 1232g(a)(3) or 34 C.F.R. 99.1(a), section 444 of the General Education Provisions Act (commonly known as the “Family Educational Rights and Privacy Act of 1974”) (20 U.S.C. 1232g) and part 99 of title 34, Code of Federal Regulations (or any successor regulation), the Confidentiality of Alcohol and Drug Abuse Patient Records at 42 U.S.C. 290dd-2 and its implementing regulations at 42 CFR part 2, the Genetic Information Non-discrimination Act (GINA), or the regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d–2 note), and is in compliance with the data privacy requirements of such regulations, part, title, or Act (as applicable), shall be deemed to be in compliance with the related requirements of this Act, except for section 208, solely and exclusively with respect to data subject to the requirements of such regulations, part, title, or Act. Not later than 1 year after the date of enactment of this Act, the Commission shall issue guidance describing the implementation of this paragraph.

(4) APPLICABILITY OF OTHER DATA SECURITY REQUIREMENTS.—A covered entity that is required to comply with title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.), the Health Information Technology for Economic and Clinical Health Act (42 U.S.C. 17931 et seq.), part C of title XI of the Social Security Act (42 U.S.C. 1320d et seq.), or the regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d–2 note), and is in compliance with the information security requirements of such regulations, part, title, or Act (as applicable), shall be deemed to be in compliance with the requirements of section 208, solely and exclusively with respect to data subject to the requirements of such regulations, part, title, or Act. Not later than 1 year after the date of enactment of this Act, the Commission shall issue guidance describing the implementation of this paragraph.

(b) Preemption of State laws.—

(1) IN GENERAL.—No State or political subdivision of a State may adopt, maintain, enforce, prescribe, or continue in effect any law, regulation, rule, standard, requirement, or other provision having the force and effect of law of any State, or political subdivision of a State, covered by the provisions of this Act, or a rule, regulation, or requirement promulgated under this Act.

(2) STATE LAW PRESERVATION.—Paragraph (1) may not be construed to preempt, displace, or supplant the following State laws, rules, regulations, or requirements:

(A) Consumer protection laws of general applicability, such as laws regulating deceptive, unfair, or unconscionable practices, except that the fact of a violation of this Act or a regulation promulgated under this Act may not be pleaded as an element of any violation of such a law.

(B) Civil rights laws.

(C) Provisions of laws, in so far as, that govern the privacy rights or other protections of employees, employee information, students, or student information.

(D) Laws that address notification requirements in the event of a data breach.

(E) Contract or tort law.

(F) Criminal laws.

(G) Civil laws governing fraud, theft (including identity theft), unauthorized access to information or electronic devices, unauthorized use of information, malicious behavior, or similar provisions of law.

(H) Civil laws regarding cyberstalking, cyberbullying, nonconsensual pornography, sexual harassment, child abuse material, child pornography, child abduction or attempted child abduction, coercion or enticement of a child for sexual activity, or child sex trafficking.

(I) Public safety or sector specific laws unrelated to privacy or security.

(J) Provisions of law, insofar as such provisions address public records, criminal justice information systems, arrest records, mug shots, conviction records, or non-conviction records.

(K) Provisions of law, insofar as such provisions address banking records, financial records, tax records, Social Security numbers, credit cards, consumer and credit reporting and investigations, credit repair, credit clinics, or check-cashing services.

(L) Provisions of law, insofar as such provisions address facial recognition or facial recognition technologies, electronic surveillance, wiretapping, or telephone monitoring.

(M) The Biometric Information Privacy Act (740 ICLS 14 et seq.) and the Genetic Information Privacy Act (410 ILCS 513 et seq.).

(N) Provisions of laws, in so far as, such provisions to address unsolicited email or text messages, telephone solicitation, or caller identification.

(O) Provisions of laws, in so far as, such provisions address health information, medical information, medical records, HIV status, or HIV testing.

(P) Provisions of laws, in so far as, such provisions pertain to public health activities, reporting, data, or services.

(Q) Provisions of law, insofar as such provisions address the confidentiality of library records.

(R) Section 1798.150 of the California Civil Code (as amended on November 3, 2020 by initiative Proposition 24, Section 16).

(S) Laws pertaining to the use of encryption as a means of providing data security.

(3) CPPA ENFORCEMENT.—Notwithstanding any other provisions of law, the California Privacy Protection Agency established under 1798.199.10(a) of the California Privacy Rights Act may enforce this Act, in the same manner, it would otherwise enforce the California Consumer Privacy Act, Section 1798.1050 et. seq.

(4) NONAPPLICATION OF FCC PRIVACY LAWS AND REGULATIONS TO CERTAIN COVERED ENTITIES.—Notwithstanding any other provision of law, sections 222, 338(i), and 631 of the Communications Act of 1934 (47 U.S.C. 222; 338(i); 551), and any regulations and orders promulgated by the Federal Communications Commission under any such section, do not apply to any covered entity with respect to the collection, processing, transfer, or security of covered data or its equivalent, and the related privacy and data security activities of a covered entity that would otherwise be regulated under such sections shall be governed exclusively by the provisions of this Act, except for—

(A) any emergency services, as defined in section 7 of the Wireless Communications and Public Safety Act of 1999 (47 U.S.C. 615b);

(B) subsections (b) and (g) of section 222 of the Communications Act of 1934 (47 U.S.C. 222); and

(C) any obligation of an international treaty related to the exchange of traffic implemented and enforced by the Federal Communications Commission.

(c) Preservation of common law or statutory causes of action for civil relief.—Nothing in this Act, nor any amendment, standard, rule, requirement, assessment, or regulation promulgated under this Act, may be construed to preempt, displace, or supplant any Federal or State common law rights or remedies, or any statute creating a remedy for civil relief, including any cause of action for personal injury, wrongful death, property damage, or other financial, physical, reputational, or psychological injury based in negligence, strict liability, products liability, failure to warn, an objectively offensive intrusion into the private affairs or concerns of the individual, or any other legal theory of liability under any Federal or State common law, or any State statutory law.

SEC. 405. Severability.

If any provision of this Act, or the application thereof to any person or circumstance, is held invalid, the remainder of this Act, and the application of such provision to other persons not similarly situated or to other circumstances, shall not be affected by the invalidation.

SEC. 406. COPPA.

(a) In general.—Nothing in this Act may be construed to relieve or change any obligation that a covered entity or other person may have under the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.).

(b) Updated regulations.—Not later than 180 days after the date of enactment of this Act, the Commission shall amend its rules issued pursuant to the regulations promulgated by the Commission under the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.) to make reference to the additional requirements placed on covered entities under this Act, in addition to the requirements under the Children’s Online Privacy Protection Act of 1998 that may already apply to certain covered entities.

SEC. 407. Authorization of appropriations.

There are authorized to be appropriated to the Commission such sums as may be necessary to carry out this Act.

SEC. 408. Effective date.

This Act shall take effect on the date that is 180 days after the date of enactment of this Act.

08Nov/21

Act nº 432, January 28, 1957. Copyright Act 1957

Act nº 432, January 28, 1957. Copyright Act 1957. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9529, Mar. 25, 2009; Act nº 9625, Apr. 22, 2009; Act nº 9785, Jul. 31, 2009; Act nº 10807, Jun. 30, 2011; Act nº 11110, Dec. 2, 2011; Act nº 11903 Jul. 16, 2013; Act nº 12137, Dec. 30, 2013; Act nº 13978, Feb. 3, 2016; Act nº 14083, Mar. 22, 2016; Act nº 14432, Dec. 20, 2016; Act nº 14634, Mar. 21, 2017) .

COPYRIGHT ACT

Expand Act nº 14634, Mar. 21, 2017

CHAPTER I.- GENERAL PROVISIONS

Article 1 (Purpose)          

The purpose of this Act is to protect the rights of authors and the rights neighboring on them and to promote fair use of works in order to contribute to the improvement and development of culture and related industries. (Amended by Act nº 9625, Apr. 22, 2009)

Article 2 (Definitions)

The terms used in this Act shall be defined as follows: (Amended by Act nº 9625, Apr. 22, 2009; Act nº 10807, Jun. 30, 2011; Act nº 11110, Dec. 2, 2011; Act nº 14083, Mar. 22, 2016)

1. The term “work” means a creative production that expresses human thoughts and emotions;

2. The term “author” means a person who creates a work;

3. The term “public performance” means to present to the public works, performances, phonograms or broadcasts by acting, musical playing, singing, narrating, reciting, screening, playback or other means, including transmission (excluding interactive transmission) made in the connected premises in the possession of one and the same person;

4. The term “performer” means a person who gives a stage performance by expressing works through acting, dancing, musical playing, singing, narrating, reciting or other artistic means or by expressing things other than works in a similar way, including a person who conducts, directs or supervises a stage performance;

5. The term “phonogram” means the medium in which the sound (referring to voice or sound; the same hereinafter) is fixed (including a digitalized sound): Provided, That excluding the sound fixed along with images;

6. The term “phonogram producer” means a person who makes an overall plan and takes charge of producing an original phonogram;

7. The term “public transmission” means transmitting works, stage performances, phonograms, broadcasts or database (hereinafter referred to as “works, etc.”) by making such available to the public by wire or wireless means so that the public may receive them or have access to them;

8. The term “broadcasting” means, among the public transmission, transmitting sound or image, or sound and image so that the public may receive it at the same time;

8-2. The term “encrypted broadcasting signal” means electronically encrypted broadcasting signals originated by a broadcasting organization or a person who has obtained consent from a broadcasting organization for the purpose to prevent or hinder from receiving broadcasting (limited to broadcasting by means of radio or satellite communications) without authorization;

9. The term “broadcast organization” means a person who engages in broadcasting business;

10. The term “interactive transmission” means, among types of public transmission, to make works, etc. available for the public so that the members of the public may have access at the time and place of their own choice, including transmission to be done accordingly;

11. The term “digital sound transmission” means, among types of public transmission, the transmission of sound in the digital form initiated at the request of the members of the public for the purpose of having the public receive simultaneously among the public transmission, excluding interactive transmission;

12. The term “digital sound transmission organizations” means a person who engages in digital sound transmission business;

13. The term “cinematographic work” means a creative production in which a series of images (regardless of whether accompanied by sound) are recorded, and which may be played by mechanical or electronic devices to be seen, or seen and heard through a reproduction;

14.  The term “producer of cinematographic works” means one who plans and takes responsibility for the whole in the production of cinematographic works;

15. The term “works of applied art” means the works of art that may be reproduced in the same shapes as article, and whose originality may be recognized apart from the articles used for reproduction. And designs, etc. are included;

16. The term “computer program work” means a creation expressed in a series of instructions or command which are directly or indirectly applied within devices having a capability of processing information, such as a computer (hereinafter referred to as “computer”), in order to obtain certain results;

17. The term “compilation” means the collections of works, symbols, letters, sounds, images and other forms of data (hereinafter referred to as “materials”), but shall include the database;

18. The term “compilation works” means the compilations which are of creative nature in terms of selection, arrangement or composition of their materials;

19. The term “database” means compilation whose materials are systematically arranged or composed, so that they may be individually accessed or retrieved;

20. The term “producer of database” means one who has made a substantial investment in human or material resource for the production of database, or for the renewal, verification or supplement of their materials (hereinafter referred to as “renewal, etc.”);

21. The term “joint works” means the works jointly created by two or more persons, and of which the part of their contributions may not be separately exploited;

22. The term “reproduction” means the temporary or permanent fixation of works in a tangible medium or a remaking of works by means of printing, photographing, copying, sound or visual recording, or other means; in cases of architectural structures, it includes carrying out construction of works in accordance with the models or plans for the relevant construction works;

23. The term “distribution” means a transfer by assignment or lending of the original or its reproduction etc. to the public for free or at charge;

24. The term “publication” means a reproduction and distribution of the works or phonograms to meet public demand;

25. The term “making works public” means to make the works open to the public by means of public performance, public transmission, or exhibit and by other means, and to publish the works;

26. The term “copyright trust service” means a business which continuously manages rights on behalf of the holder of economic rights of author, an exclusive publication right, publication right, or neighboring right or a person who has the right as a database producer, and which includes the case of a general agent regarding exploitation of works;

27. The term “copyright agency or brokerage service” means a business which acts as an agent or a broker on behalf of the holder of economic rights of author, an exclusive right of publication, publication right, or neighboring right or a person who has the right as a database producer, regarding exploitation of works;

28. The term “technological protection measures” means either of the following measures:

(a) Technological measures taken by a right holder or a person who has obtained the said holder’s consent, in order to effectively prevent or control the access to works, etc. protected under this Act, in relation to the exercise of copyright or other rights protected pursuant to this Act;

(b) Technological measures taken by a right holder or a person who has obtained the said holder’s consent in order to effectively prevent or restrict an act of infringing copyright or other rights protected pursuant to this Act;

29. The term “rights management information” means any of the following information or the numerals or symbols representing the said information, where each information is attached to the original or copies of the works, etc. protected by copyright or other rights protected pursuant to this Act, or is accompanied with public performance, implementation or public transmission thereof:

(a) Information to identify the works, etc.;

(b) Information to identify a person who has copyright or other rights protected pursuant to this Act;

(c) Information relating to the methods and conditions of the use of works, etc.;

30. The term “online service provider” means either of the following persons:

(a) A person who transmits, designates a route of, or provides connections to the works, etc. selected by users to deliver such works, etc. without any modification of their content through the information and communications networks (referring to the information and communications networks under Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.; hereinafter the same shall apply) between the points designated by users;

(b) A person who provides the services to allow users to access the information and communications networks or reproduce or interactively transmit the works, etc. through the information and communications networks, or who provides or operates facilities therefor;

31. The term “work made for hire” means a work made by an employee of a legal person, organization or other employers (hereinafter referred to as “juristic person, etc.”) during the course of his or her duties and on the initiative of legal person etc.;

32. The term “public” means a large number of unspecified persons (including a large number of specified persons);

33. The term “authentication” means to verify the justifiable holder of right for authorization of use of the works, etc.;

34. The term “decompilation of program code” means to reproduce or convert computer program work code in order to obtain information necessary for compatibility of independently created computer program works with other computer programs;

35. The term “label” means a sign to be attached, enclosed or added, or a sign devised for such purposes, to tangible copies, packages or documents of works, etc. in order to indicate that such copies have been produced with legitimate authority;

36. The term “movie theater, etc.” means movie theaters, premier theaters or other places to screen cinematographic works to the public, the entrance to which is controlled by a person who screen such works.

Article 2-2 (Formulation of Measures for Protection of Copyright)

(1) The Minister of Culture, Sports and Tourism may formulate and execute the following measures to achieve the purposes of this Act:

1. Matters concerning a basic policy for the protection of copyright and creation of an environment for fair use of works;

2. Matters concerning education and publicity for raising public awareness of copyright;

3. Matters concerning policies for the rights management information of works, etc. and for technological protection measures thereof.

(2) Matters necessary for formulation and enforcement of policies pursuant to paragraph (1) shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 3 (Foreigners’ Works)      

(1) Foreigners’ works shall be protected in accordance with the treaties which the Republic of Korea has acceded to or concluded.

(2) The works of foreigners who permanently reside in the Republic of Korea (including stateless persons and foreign legal persons whose principal offices are located in the Republic of Korea), or foreigners’ works which are first made public in the Republic of Korea (including works made public in the Republic of Korea within 30 days after their making public in a foreign country) shall be protected under this Act.

(3) Even when foreigners’ works are to be protected under paragraphs (1) and (2) (excluding foreigners who permanently reside in the Republic of Korea and stateless persons; hereinafter the same shall apply in this Article), if the relevant foreign country does not protect the works of the nationals of the Republic of Korea, their protection under treaties and this Act may be correspondingly restricted. (Amended by Act nº 10807, Jun. 30, 2011)

(4) Even in cases of foreigners’ works protected pursuant to paragraphs (1) and (2), where the period of protection has expired in the relevant foreign country, the period of protection under this Act shall not be recognized. (Inserted by Act nº 10807, Jun. 30, 2011)

CHAPTER II.- COPYRIGHT

SECTION 1.- Works

Article 4 (Examples of Works)     

(1) The following shall be the examples of works referred to in this Act:

1. Novels, poems, theses, lectures, speeches, plays and other literary works;

2. Musical works;

3. Theatrical works including dramas, choreographies, pantomimes, etc.;

4. Paintings, calligraphic works, sculptures, printmaking, crafts, works of applied art, and other works of art;

5. Architectural works including buildings, architectural models and design drawings;

6. Photographic works (including those produced by similar methods);

7. Cinematographic works;

8. Maps, charts, design drawings, sketches, models and other diagrammatic works;

9. Computer program works.

(2) Deleted. (by Act nº 9625, Apr. 22, 2009)

Article 5 (Derivative Works)         

(1) A creative work produced by means of translation, arrangement, alteration, dramatization, cinematization, etc. of an original work (hereinafter referred to as a “derivative work”) shall be protected as an independent work.

(2) The protection of a derivative work shall not affect the rights of the author of the original work.

Article 6 (Compilation Works)     

(1) Compilation works shall be protected as independent works.

(2) The protection of compilation works shall not affect the copyright of materials constituting such compilation work and other rights protected under this Act.

Article 7 (Works Not Protected)  

No work which falls under any of the following subparagraphs shall be protected under this Act:

1. Constitution, Acts, treaties, decrees, and municipal ordinances and rules;

2. Bulletins, public notifications, directives and others similar thereto which are issued by the central or local government;

3. Judgments, decisions, orders, or adjudications of courts, as well as rulings and decisions made by the administrative appeals procedures, or other similar procedures;

4. Compilations or translations of works as referred to in subparagraphs 1 through 3 which are produced by the central or local government;

5. Current news reporting which delivers simple facts.

SECTION 2.- Authors

Article 8 (Presumption of Authors, etc.)  

(1) Any person who falls under any of the following subparagraphs shall be presumed to have the copyright for his or her works as an author: (Amended by Act nº 10807, Jun. 30, 2011)

1.A person whose real name or well-known pseudonym (referring to the stage name, pen name, abbreviated name, etc.; hereinafter the same shall apply) is indicated as the name of the author in a usual manner on the original or copies of a work;

2.A person whose real name or well-known pseudonym is indicated as the name of the author in the public performance or public transmission of a work.

(2)If the name of the author is not indicated as prescribed under any of the subparagraphs of paragraph (1), the person who is indicated as a publisher, public performer or a person making the work public shall be presumed to have the copyright. (Amended by Act nº 9625, Apr. 22, 2009)

Article 9 (Author of Works Made for Hire)             

The authorship of a work made for hire which is made by an employee of a legal person, etc. during the course of his duties and is made public under the name of such a legal person, etc. as the author shall be attributed to that legal person, etc., unless otherwise stipulated in the contract or work regulation, etc.: Provided, That in cases of a computer program work (hereinafter referred to as “program”), being made public is not required. (Amended by Act nº 9625, Apr. 22, 2009)

Article 10 (Copyright)     

(1) The author shall hold the rights under Articles 11 through 13 (hereinafter referred to as “author’s moral right“) and the rights falling under Articles 16 through 22 (hereinafter referred to as “author’s economic right“).

(2) A copyright shall commence from the time of its creation, and shall not require a fulfillment of any procedures or formalities.

SECTION 3.- Author’s Moral Right

Article 11 (Right to Make Public)               

(1) The author shall have the right to decide whether or not to make his or her work public.

(2) If the author has transferred by assignment his or her economic right on a work which is not yet made public pursuant to Article 45, authorized its use pursuant to Article 46, or established the exclusive publication rights pursuant to Article 57 or publication rights pursuant to Article 63, he or she shall be presumed to have given the other party his or her consent to make it public. (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

(3) If the author has transferred by assignment the original of his or her work of art, architectural work or photographic work (hereinafter referred to as “work of art, etc.”) which has not been made public, he or she shall be presumed to have given the other party his or her consent to make it public in the manner of exhibition.

(4) If a derivative work or compilation work produced with the consent of the author has been made public, its original shall be also considered to have been made public.

(5) Where the author donates his or her pieces of unpublished work, etc. to libraries, etc. under Article 31, it shall be presumed that he or she consents to making them public at the time of his or her donation unless otherwise expressly stated. (Inserted by Act nº 11110, Dec. 2, 2011)

Article 12 (Right of Paternity)     

(1) The author shall have the right to indicate his or her real name or pseudonym on the original or copy of his or her work, or on the medium of publication by which his or her work is made public.

(2) Unless otherwise expressly stated by the author, the person using his or her work shall indicate the author’s name in accordance with the author’s manner of indicating his or her real name or pseudonym: Provided, That the same shall not apply where deemed unavoidable in the light of the nature of a work as well as the purpose and manner of its use.

Article 13 (Right of Integrity)       

(1) The author shall have a right to maintain the integrity of the content, form and title of his or her work.

(2) No author shall raise an objection to a modification falling under any of the following subparagraphs: Provided, That the same shall not apply to the modifications of substantial contents: (Amended by Act nº 9625, Apr. 22, 2009)

1. In cases of using a work pursuant to Article 25, the modification of expression within the limit as deemed unavoidable for the purpose of school education;

2. Extension, rebuilding or other modifications of an architectural structure;

3. Modification within the necessary limit to enable a program used only on a specific computer to be run on other computers;

4. Modification within the necessary limit to use a program more effectively for a specific computer than others;

5. Other modifications within the limit as deemed unavoidable in the light of the nature of a work as well as the purpose and manner of its use.

Article 14 (Inalienability of Author’s Moral Right)              

(1) Author’s moral rights shall belong exclusively to the author.

(2) Even after the death of the author, no person who use his or her work shall commit an act which would be prejudicial to author’s moral rights if he or she were alive: Provided, That if such act is deemed to have not defamed the honor of the author in the light of the nature and extent of the act, and in view of the prevailing social norms, the same shall not apply.

 Article 15 (Author’s Moral Right to Joint Work)  

(1) Author’s moral right to a joint work may not be exercised without the unanimous agreement of all the authors concerned. In such cases, each of the authors may not, in bad faith, prevent the agreement from being reached.

(2) Authors of a joint work may designate one of them as a representative in the exercise of their moral rights.

(3) Limitations imposed on the representation under paragraph (2), if any, shall not be effective against a bona fide third person.

SECTION 4.- Author’s Economic Right

SubSection 1.- Types of Author’s Economic Rights

Article 16 (Right of Reproduction)            

The author shall have the right to reproduce his or her work.

Article 17 (Right of Public Performance)                

The author shall have the right to perform his or her work publicly.

Article 18 (Right of Public Transmission)                

The author shall have the right to transmit his or her work in public.

Article 19 (Right of Exhibition)    

The author shall have the right to exhibit the original or copy of his or her work of art, etc.

Article 20 (Right of Distribution)                

The author shall have the right to distribute the original or copy of his or her work: Provided, That if the original or reproduction of the work has been offered to a deal by means of sale, etc. with permission of the relevant holder of author’s property right, the same shall not apply. (Amended by Act nº 9625, Apr. 22, 2009)

Article 21 (Right of Rental)           

Notwithstanding the proviso to Article 20, the author shall have the right to authorize the commercial rental of phonograms made public (hereinafter referred to as commercial phonograms”) or programs made public for pursuit of profit. (Amended by Act nº 9625, Apr. 22, 2009; Act nº 14083, Mar. 22, 2016)

Article 22 (Right of Production of Derivative Works )        

The author shall have the right to produce and use a derivative work based on his or her original work.

SubSection 2.- Limitations on Author’s Economic Rights

Article 23 (Reproduction for Judicial Proceedings, etc.)  

It shall be permissible to reproduce a work if and to the extent deemed necessary for the purpose of judicial proceedings and of internal use in the legislative or administrative bodies: Provided, That the same shall not apply where such reproduction unreasonably prejudice the interests of the holder of author’s economic rights in the light of the nature of a work as well as the number of copies and the nature of reproduction.

Article 24 (Use of Political Speech, etc.)  

Political speeches delivered in public and statements made in public in the court, the National Assembly or local councils may be used in some way or other: Provided, That if the speeches and statements of the same author are used after compilation, the same shall not apply.

Article 24-2 (Free Use of Public Works)   

(1) A work produced as part of official duties and already made public by the State or a local government, or a work of which the author’s economic right is owned in its entirety by the State or a local government under a contract, may be used without permission: Provided, That the same shall not apply when the work falls under any of the following cases:

1. Where it includes any information pertaining to national security;

2. Where it corresponds to an individual’s privacy or confidential business information;

3. Where it includes any information of which disclosure is limited under other Acts;

4. Where it is registered with the Korea Copyright Commission under Article 112, and is managed as State-owned property under the State Property Act or as public property under the Public Property and Commodity Management Act.

(2) The State may establish and enforce policies to invigorate use of public works, as prescribed by Presidential Decree, in order to promote the use of works which are produced and made public by a public institution or of which the author’s economic right is owned in its entirety under a contract by a public institution pursuant to Article 4 of the Act on the Management of Public Institutions.

(3) When it is acknowledged as necessary for free use, the State or a local government may permit the use of public works among those prescribed in paragraph (1) 4, as prescribed by Presidential Decree, notwithstanding the State Property Act or the Public Property and Commodity Management Act.

(Article Inserted by Act nº 12137, Dec. 30, 2013)

Article 25 (Use for the Purpose of School Education)        

(1) A work already made public may be reproduced in textbooks to the extent deemed necessary for the purpose of education at high schools, their equivalents or lower level schools.

(2) Schools established by special Acts, the Early Childhood Education Act, the Elementary and Secondary Education Act, or the Higher Education Act, educational institutions which are operated by the State or local governments and education supporting institutions belonging to the State or local governments to support lessons of those educational institutions may reproduce, distribute, perform in public, display, or publicly transmit part of the works already made public where it is recognized as necessary for the lessons and for the purpose of support thereof: Provided, That it is inevitable to the whole work in view of the character of the work, the purpose, form, etc. of the work, they may use the work in whole. (Amended by Act nº 9625, Apr. 22, 2009; Act nº 12137, Dec. 30, 2013)

(3) Those who receive education at an educational institution provided for in paragraph (2) may reproduce or interactively transmit the works made public within the extent of paragraph (2) where it is recognized as necessary for the purpose of education.

(4) Any person who intends to use a work pursuant to paragraphs (1) and (2) shall pay the relevant holder of author’s economic right the remuneration according to the standards stipulated and announced by the Minister of Culture, Sports and Tourism: Provided, That the reproduction, distribution, public performance, broadcasting, or interactive transmission of a work under paragraph (2) is done at high schools, their equivalents or lower level schools, no remuneration thereof shall be paid. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009)

(5)          The right to receive remuneration under paragraph (4) shall be exercised through an organization meeting the following requirements, which has been designated by the Minister of Culture, Sports and Tourism. When the Minister of Culture, Sports and Tourism designates an organization, he or she shall obtain prior consent from the organization: (Amended by Act nº 8852, Feb. 29, 2008)

1. Organization comprised of persons who have the right to receive remuneration within the Republic of Korea (hereinafter referred to as “holder of right to remuneration“);

2. Organization not aiming at profit-making;

3. Organization fully capable of performing the duties of collection, distribution, etc. of remuneration.

(6) When there is an application from the holder of a right to remuneration who is not a member of the organization, the organization under paragraph (5) shall not refuse to exercise the right for him or her. In such cases, the organization shall have the authority to perform an act in its own name in court or out of court regarding the right.

(7) Where an organization under paragraph (5) falls under any of the following cases, the Minister of Culture, Sports and Tourism may revoke the designation thereof: (Amended by Act nº 8852, Feb. 29, 2008)

1. When it fails to meet the requirements under paragraph (5);

2. When it violates regulations defining the duties on remuneration;

3. When it is possible to harm the interest of the holder of right to remuneration as it has suspended the duties on remuneration for a considerable period.

(8) Any organization under paragraph (5) may use the remuneration that has been left undistributed for three years from the date of public announcement of remuneration distribution for the purpose of public interest with approval by the Minister of Culture, Sports and Tourism. (Amended by Act nº 8852, Feb. 29, 2008)

(9) Matters necessary for the designation and revocation of an organization, work regulations, public announcement of remuneration distribution, approval for use of undistributed remuneration for the purpose of public interest, etc. under paragraphs (5), (7), and (8) shall be prescribed by Presidential Decree.

(10) Where an educational institution performs interactive transmission pursuant to the provisions of paragraph (2), it shall take necessary measures prescribed by Presidential Decree, such as the measures to prevent reproduction, in order to prevent infringement of copyright or other rights protected pursuant to this Act.

Article 26 (Use for News Reporting)         

In cases of reporting current events by means of broadcasts or newspapers, or by other means, it shall be permissible to reproduce, distribute, perform publicly, transmit publicly a work seen or heard in the relevant courses, to the extent justified by the reporting purpose.

 Article 27 (Reproduction, etc. of News Articles or Editorials)        

News articles or editorials inserted in the newspapers and online newspapers under Article 2 of the Act on the Promotion of Newspapers, etc. or the news agencies under Article 2 of the Act on the Promotion of News Communications may be reproduced, distributed or broadcasted by other media organizations: Provided, That if there is an indication prohibiting the use thereof, the same shall not apply. (Amended by Act nº 9785, Jul. 31, 2009)

Article 28 (Quotation from Works Made Public)  

Works already made public may be quoted for news report, criticism, education, research, etc., in compliance with the fair practices within the reasonable extent.

Article 29 (Public Performance and Broadcasting for Non-Profit Purposes)           

(1) It shall be permissible to perform publicly (excluding cases where any commercial phonograms or cinematographic works made public for commercial purposes are played) or broadcast a cinematographic work already made public for non-profit purposes and without receiving any benefit in return from audience, spectators or third persons: Provided, That the same shall not apply to cases where performers are paid any normal remuneration. (Amended by Act nº 14083, Mar. 22, 2016)

(2) It shall be permissible to play and perform publicly any commercial phonograms or cinematographic works made public for commercial purposes for the general public if no benefit in return for the relevant public performance is received from audience or spectators: Provided, That the same shall not apply to the cases as prescribed by Presidential Decree. (Amended by Act nº 14083, Mar. 22, 2016)

Article 30 (Reproduction for Private Use)              

It shall be permissible for a user to reproduce in private, without any commercial purposes, a work already made public, within the limit of personal, family or the equivalent use: Provided, That this shall not apply to the case of reproductions by a photocopier installed for the use by the general public.

Article 31 (Reproductions, etc. in Libraries, etc.)                

(1) Libraries under the Libraries Act and the facilities prescribed by Presidential Decree (including the heads of relevant facilities; hereinafter referred to as “libraries, etc.”) among facilities which provide books, documents, records and other materials (hereinafter referred to as “books, etc.”) designed for public access, may reproduce the works by using books, etc. held by the relevant libraries, etc. (including the books, etc. reproduced by or transmitted to the relevant libraries, etc. under the provisions of paragraph (3), in cases of subparagraph 1) when it falls under any of the following subparagraphs: Provided, That they shall not reproduce the works in digital format in the cases of subparagraphs 1 and 3:

1. Where a copy of a part of the books, etc. already made public is provided to one per person at the request of a user with the purpose of research and study;

2. Where it is necessary to make a self preservation of books, etc.;

3. Where copies of books, etc., which are hard to obtain due to out of print or other equivalent causes, are made and provided to other libraries, etc., at their request, for their preservation purposes.

(2) The libraries, etc. may reproduce or interactively transmit the books, etc. held thereby so as to have the users peruse them within the relevant libraries, etc. by using computers. In such cases, the number of users allowed to peruse simultaneously shall not exceed the number of copies of the books, etc. held by said libraries, etc. or authorized to be used by the person holding copyright or other rights protected under this Act. (Amended by Act nº 9625, Apr. 22, 2009)

(3) The libraries, etc. may reproduce or interactively transmit the books, etc. held by them so as to have the users peruse them inside other libraries, etc. by using computers: Provided, That the same shall not apply where the whole or part of books, etc. are published for commercial purposes, and five years have not passed from the date of their publication. (Amended by Act nº 9625, Apr. 22, 2009)

(4) In making any reproductions of the books, etc. under paragraph (1) 2 and those of the books, etc. under paragraphs (2) and (3), if the said books, etc. are sold in digital format, the libraries, etc., shall be prohibited from reproducing them in digital format.

(5) Where the libraries, etc. reproduce the books, etc. in digital format under paragraph (1) 1, and where they reproduce or interactively transmit the books, etc. pursuant to paragraph (3) so as to make them available for perusal inside other libraries, etc., they shall pay the remuneration to the holder of author’s economic right under the standards determined and published by the Minister of Culture, Sports and Tourism: Provided, That the same shall not apply to the case of books, etc. for which the holders of author’s economic right are the State, local governments or schools under Article 2 of the Higher Education Act (excluding the whole or part of books, etc. which have been published for commercial purposes). (Amended by Act nº 8852, Feb. 29, 2008)

(6) The provisions of Article 25 (5) through (9) shall apply mutatis mutandis to the payment, etc. of remuneration under paragraph (5).

(7) Where the libraries, etc. reproduce or interactively transmit the books, etc. in digital format pursuant to paragraphs (1) through (3), they shall take necessary measures prescribed by Presidential Decree, such as those to prevent any reproduction, in order to prevent any infringements on copyright and other rights protected under this Act.

(8) Where the National Library of Korea collects online materials to preserve pursuant to Article 20-2 of the Libraries Act, it may reproduce the relevant materials. (Inserted by Act nº 9529, Mar. 25, 2009)

Article 32 (Reproduction for Examination Questions)      

It shall be permissible to reproduce or distribute a work already made public in questions of entrance examinations or other examinations of knowledge and skills, within the reasonable extent deemed necessary for that purpose: Provided, That where it is for profit-making purposes, the same shall not apply. (Amended by Act nº 9625, Apr. 22, 2009)

Article 33 (Reproduction, etc. for the Visually Impaired, etc.)       

(1) It shall be permissible to reproduce the works already made public in braille, and distribute them for the visually impaired, etc.

(2) It shall be permissible for the facilities prescribed by Presidential Decree (including the heads of relevant facilities) from among those for the promotion of welfare of the visually impaired, etc. to make a sound recording of the literary works already made public, for the purpose of offering it for the use by the visually impaired, etc., but not for the profit-making purpose, or to reproduce, distribute or interactively transmit them by an exclusive recording method for the visually impaired, etc. prescribed by Presidential Decree. (Amended by Act nº 9529, Mar. 25, 2009)

(3) The scope of the visually impaired, etc. under paragraphs (1) and (2) shall be prescribed by Presidential Decree.

Article 33-2 (Reproduction, etc. for the Hearing Impaired, etc.)  

(1) It shall be permissible for anyone to convert the works already made public into Korean sign language, and reproduce, distribute, perform in public, or publicly transmit such Korean sign language for the hearing impaired, etc. (Amended by Act nº 13978, Feb.3, 2016)

(2) It shall be permissible for facilities prescribed by Presidential Decree (including the heads of relevant facilities) from among those for the promotion of welfare of the hearing impaired, etc. to convert the voice, sound, etc. contained in the works, etc. which have already been made public to any format that the hearing impaired can recognize, such as captions, for the purpose of offering it for the use by the hearing impaired, etc. but not for the profit-making purpose; or to reproduce, distribute, perform in public, or publicly transmit them for the hearing impaired, etc.

(3) The scope of the hearing impaired, etc. under paragraphs (1) and (2) shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 11903, Jul. 16, 2013)

 Article 34 (Ephemeral Sound or Visual Recordings by Broadcasting Organization)             

(1) Broadcasting organizations who have the authority to broadcast works may make ephemeral sound or visual recordings of a work for the purpose of their own broadcasting and by means of their own facilities.

(2) Sound or visual recordings made under paragraph (1) may not be kept for a period exceeding one year from the date of sound or visual recording: Provided, That if they are kept as materials for public records at places prescribed by Presidential Decree, the same shall not apply.

Article 35 (Exhibition or Reproduction of Works of Art, etc.)         

(1) The holder of the original of a work of art, etc., or a person who has obtained the holder’s consent, may exhibit the work in its original form: Provided, That where the work of art is to be permanently exhibited on the street, in the park, on the exterior of a building, or other places open to the public, the same shall not apply.

(2) Works of art, etc. exhibited at all times at an open place as referred to in the proviso to paragraph (1) may be reproduced and used by any means: Provided, That in any of the following cases, the same shall not apply:

1. Where a building is reproduced into another building;

2. Where a sculpture or painting is reproduced into another sculpture or painting;

3. Where the reproduction is made in order to exhibit permanently at an open place under the proviso to paragraph (1);

4. Where the reproduction is made for the purpose of selling its copies.

(3) A person who exhibits works of art, etc. pursuant to paragraph (1), or who intends to sell originals of works of art, etc., may reproduce and distribute them in a pamphlet for the purpose of explaining or introducing them.

(4) No portrait nor a similar photographic work produced by commission shall be used without the consent of the commissioner.

Article 35-2 (Temporary Reproduction in Course of Using Works, etc.)    

Where a person uses works, etc. on a computer, he or she may temporarily reproduce such works, etc. in that computer to the extent deemed necessary for the purpose of smooth and efficient information processing: Provided, That this shall not apply where the use of such works, etc. infringes on copyright.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 35-3 (Fair Use of Works, etc.)       

(1) Except as provided in Articles 23 through 35-2 and 101-3 through 101-5, where a person does not unreasonably prejudice an author’s legitimate interest without conflicting with the normal exploitation of works, he or she may use such works. (Amended by Act nº 14083, Mar. 22, 2016)

(2) In determining whether an act of using works, etc. falls under paragraph (1), the following shall be considered: (Amended by Act nº 14083, Mar. 22, 2016)

1. Purposes and characters of use including whether such use is for or not-for nonprofit;

2. Types and natures of works, etc.;

3. Amount and substantiality of portion used in relation to the whole works, etc.;

4. Effect of the use of works, etc. on the current or potential market for or value of such work etc.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 36 (Use by Means of Translation, etc.)     

(1) If a work is used under Article 24-2, 25, 29, 30 or 35-3, the work may be used by means of translation, arrangement, or adaptation. (Amended by Act nº 11110, Dec. 2, 2011; Act nº 12137, Dec. 30, 2013)

(2)          If a work is used under Article 23, 24, 26, 27, 28, 32, 33, or 33-2, the work may be used by means of translation. (Amended by Act nº 11110, Dec. 2, 2011; Act nº 11903, Jul. 16, 2013)

Article 37 (Indication of Sources)              

(1) A person who uses a work under this subsection shall indicate its sources: Provided, That the same shall not apply to the cases of Articles 26, 29 through 32, 34 and 35-2. (Amended by Act nº 11110, Dec. 2, 2011)

(2) The sources shall be clearly indicated in the manner and to the extent deemed reasonable by the situation in which the work is used, and in cases of a work which bears the author’s real name or pseudonym, such real name or pseudonym shall be indicated.

Article 37-2 (Exclusion from Application)               

Articles 23, 25, 30 and 32 shall not apply to programs.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 38 (Relationship with Author’s Moral Rights)        

No provisions of each Article of this Sub-section may be interpreted as affecting author’s moral rights.

SubSection 3.- Duration of Protection of Author’s Economic Right

Article 39 (Principles of Copyright Term)               

(1) The author’s economic right to a work shall continue to subsist during the lifetime of an author and until the end of a period of 70 years after the death of the author, unless otherwise provided in this Sub-section. (Amended by Act nº 10807, Jun. 30, 2011)

(2) The author’s economic right to a joint work shall continue to subsist for a period of 70 years after the death of the last surviving co-author. (Amended by Act nº 10807, Jun. 30, 2011)

Article 40 (Copyright Term of Anonymous and Pseudonymous Works)    

(1) The author’s economic right to a work that is anonymous or bears the pseudonym which is not widely known shall continue to subsist for a period of 70 years after it has been made public: Provided, That within such period, if there are reasonable grounds for recognizing that 70 years have lapsed after the death of the author, such economic right shall be deemed to be extinguished at the time when it deems that 70 years have lapsed after the death of the author. (Amended by Act nº 10807, Jun. 30, 2011)

(2) The provisions of paragraph (1) shall not apply to any of the following cases:

1. Where the real name or the well-known pseudonym of an author is revealed during the period referred to in paragraph (1);

2. Where the real name of an author is registered under Article 53 (1) during the period referred to in paragraph (1).

Article 41 (Copyright Term of Works Made for Hire)         

The author’s economic right to a work made for hire shall continue to subsist for a period of 70 years after it has been made public: Provided, That if it has not been made public within 50 years after its creation, the author’s economic right shall continue to exist for a period of 70 years after its creation. (Amended by Act nº 10807, Jun. 30, 2011)

Article 42 (Copyright Term of Cinematographic Works)  

Notwithstanding the provisions of Articles 39 and 40, the author’s economic right to cinematographic works shall continue to subsist for 70 years from the time of being made public: Provided, That if they have not been made public within 50 years from the time of their creation, the said right shall continue to subsist for 70 years from the time of creation. (Amended by Act nº 10807, Jun. 30, 2011)

Article 43 (Time when Serial Publications, etc. Have Been Made Public)  

(1) In cases of works which are made public in the form of volumes, issues, or installments or in cases of works which are completed by making public in parts in a successive manner, the time when a work has been made public pursuant to Article 40 (1) or 41 shall be determined by making public of each volume, issue or installment or by making public of the last part. (Amended by Act nº 10807, Jun. 30, 2011)

(2) In cases of works to be completed by making public in parts in a successive manner, the last part already made public shall be considered to be the last one under paragraph (1) if the part supposed to follow next is not made public after three years following the preceding part made public.

Article 44 (Commencement of Copyright Term)  

The protection period of author’s economic right prescribed under this subsection shall commence from the next year of the death of the author, or the creation of the work, or is the making public of the work.

SubSection 4.- Transfer, Exercise and Expiry of Author’s Economic Right

Article 45 (Transfer of Author’s Economic Right)                

(1) Author’s economic right may be transferred by assignment in whole or in part.

(2) Where author’s economic right is transferred by assignment in whole, the right of the production and use of a derivative work under Article 22 shall be presumed not to be included in the transfer, unless otherwise stipulated: Provided, That in cases of a program, the right of production of a derivative work shall be presumed to have been transferred together unless otherwise stipulated. (Amended by Act nº 9625, Apr. 22, 2009)

Article 46 (Authorization to Use Works)  

(1) The holder of author’s economic right may grant another person authorization to use the work.

(2) The person who obtained such authorization pursuant to paragraph (1) shall be entitled to exploit the work in such a manner and within the limit of such conditions so authorized.

(3) The right of exploitation as authorized under paragraph (1) may not be transferred by assignment to the third party without the consent of the holder of author’s economic right.

Article 47 (Exercise, etc. of Pledge Rights on Author’s Economic Right)    

(1) The pledge right on the author’s economic right may be exercised with respect to money or other goods to be received by the holder of author’s economic right as a result of a transfer of the author’s economic right or exploitation of the work (including remuneration for the establishment of the right of exclusive publication under Article 57 and the right of publication under Article 63): Provided, That the money or other goods shall be seized before payment or delivery. (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

(2) The author’s economic right which has become the object of the pledge rights shall be exercised by the holder of author’s economic right unless otherwise stipulated in the contract of establishment of the pledge rights. (Inserted by Act nº 9625, Apr. 22, 2009)

Article 48 (Exercise of Author’s Economic Right to Joint Works)  

(1) Author’s economic right to a joint work may not be exercised without the unanimous agreement of all the holders of author’s economic right, and no holder of author’s economic right shall be entitled to transfer by assignment or pledge his or her share of author’s economic right without the consent of the other authors. In such cases, each holder may not prevent the agreement from being reached or refuse the consent in bad faith.

(2) The profit accruing from the exploitation of a joint work may be apportioned among authors according to the degrees of contribution by each author, unless otherwise stipulated. In such cases, if the degree of each contribution is not clear, the profit may be equally apportioned to all the authors.

(3) The holder of author’s economic right to a joint work may renounce his or her share. In cases of renunciation or death of a holder of author’s economic right without heir, his or her share may be apportioned among other authors according to the ratio of their holding shares.

(4) The provisions of Article 15 (2) and (3) shall apply mutatis mutandis to the exercise of author’s economic right to a joint work.

Article 49 (Expiry of Author’s Economic Rights)   

Author’s economic right shall expire in any of the following cases:

1. Where, after the author’s death without heir, author’s economic right are attributed to the State according to provisions of the Civil Act and other Acts;

2. Where, after the dissolution of a legal person or an organization who is the holder of author’s economic right, author’s economic right are attributed to the State according to the provisions of the Civil Act and other Acts.

SECTION 5.- Exploitation of Works Under Statutory License

Article 50 (Exploitation of Works Whose Holder of Author’s Economic Right is Unknown)             

(1) Where any person fails, despite his or her considerable efforts to meet the standards prescribed by Presidential Decree, to identify the holder of author’s economic right to a work (excluding foreigners’ works) made public, or his or her place of residence, and therefore is unable to obtain any authorization for its exploitation, he or she may exploit the work by depositing a remuneration as determined by the Minister of Culture, Sports and Tourism after obtaining his or her approval as prescribed by Presidential Decree. (Amended by Act nº 8852, Feb. 29, 2008)

(2) The person who exploits a work pursuant to paragraph (1) shall indicate the intention to use and the approval date.

(3) When the work legally licensed pursuant to the provisions of paragraph (1) becomes the object of statutory license again, the procedures of considerable endeavors corresponding to the standards prescribed by Presidential Decree pursuant to the provisions of paragraph (1) may be omitted: Provided, That if the holder of author’s economic right raises an objection according to the procedures prescribed by Presidential Decree before approval on statutory license to the work, the same shall not apply.

(4) The Minister of Culture, Sports and Tourism shall post the content of statutory license on the information and communication network as prescribed by Presidential Decree. (Amended by Act nº 8852, Feb. 29, 2008)

Article 51 (Broadcasting of Works Made Public)  

Where a broadcasting organization which intends to broadcast a work already made public for the sake of the public benefit has negotiated with the holder of author’s economic rights but failed to reach an agreement, it may broadcast the work with approval of the Minister of Culture, Sports and Tourism as prescribed by Presidential Decree, and by paying to the holder of author’s economic right or depositing remuneration as determined by the Minister of Culture, Sports and Tourism. (Amended by Act nº 8852, Feb. 29, 2008)

Article 52 (Production of Commercial Phonogram)           

If three years have passed after the date of the first sale of a commercial phonogram in the Republic of Korea, and if any person who intends to produce a commercial phonogram by recording works already recorded on such phonogram has negotiated with the holder of author’s economic right but failed to reach an agreement, he or she may produce the phonogram with approval of the Minister of Culture, Sports and Tourism as prescribed by Presidential Decree, and by paying to the holder of author’s economic right or depositing remuneration under the standards determined by the Minister of Culture, Sports and Tourism. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 14083, Mar. 22, 2016)

SECTION 6.- Registration and Authentication

Article 53 (Registration of Copyright)      

(1) An author may register any of the following:

1. Real name, pseudonym (limited to the case where pseudonym is used at the time of making it public), nationality, domicile or residence of an author;

2. Title, types or date of creation of a work;

3. Whether a work has been made public, and the country and date/month/year in which the work was first made public;

4. Other matters prescribed by Presidential Decree.

(2) In the absence of any special intention of the author at his or her death, the person designated by the will of the author or his or her heir may register the items falling under any of the subparagraphs of paragraph (1).

(3) The person whose real name is registered as the author pursuant to paragraphs (1) and (2) shall be presumed to be the author of the registered work, and the work whose date of creation or the date on which it has been made public for the first time is registered shall be presumed to have been created or made public for the first time on the date it has been registered: Provided, That where the date, month and year of creation has been registered after one year passed from the time when a work had been created, it shall not be presumed to have been created on the date, month and year registered. (Amended by Act nº 9625, Apr. 22, 2009)

Article 54 (Registration and Effect of Changes in Rights, etc.)       

The following may be registered, and shall not bind third parties without their registration: (Amended by Act nº 11110, Dec. 2, 2011)

1. Transfer by assignment of author’s economic right (excluding that by inheritance or other successions in general), or limitation on the disposal of author’s economic right;

2. Establishment, transfer, alteration, extinction or limitation on the disposal of the right of exclusive publication under Article 57 or the right of publication under Article 63;

3. Establishment, transfer, alteration, or expiry, or the limitation on the disposal of the right of pledge on author’s property rights, exclusive rights of publication pursuant to Article 57, and publication rights pursuant to Article 63.

Article 55 (Procedures, etc. for Registration)       

(1) The registration under Articles 53 and 54 shall be made by the Minister of Culture, Sports and Tourism by making an entry in the copyright register (in cases of programs, referring to a program register; hereafter the same shall apply in this Article). (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009)

(2) Where it falls under any of the following subparagraphs, the Minister of Culture, Sports and Tourism may return the application: Provided, That if the deficiency in the application can be corrected and the applicant corrects it on the day, the same shall not apply: (Amended by Act nº 8852, Feb. 29, 2008)

1. Where the matters that have been applied for registration are not fit for registration;

2. Where the application for registration does not conform to the form stipulated by Ordinance of the Ministry of Culture, Sports and Tourism, or is not accompanied with other necessary materials or documents.

(3) The Minister of Culture, Sports and Tourism shall publish a registration gazette or post on the information and communications network regarding the registration stated on the copyright register pursuant to the provisions of paragraph (1), and where there is an applicant, he or she shall have him or her peruse the copyright register or deliver copies thereof. (Amended by Act nº 8852, Feb. 29, 2008)

(4) Matters necessary for registration under paragraphs (1) through (3), return of application for registration, publication of registration gazette or posting, perusal of the copyright register and issuance of copies thereof, etc. shall be prescribed by Presidential Decree.

Article 55-2 (Confidentiality Obligation)  

Any person who conducts registration business pursuant to Articles 53 through 55 and who was in that position shall not divulge any secret he or she obtained on his or her duty to others.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 56 (Authentication of Holder of Right, etc.)            

(1) The Minister of Culture, Sports and Tourism may designate an authentication organization for the security of transaction of works, etc. and protection of confidence. (Amended by Act nº 8852, Feb. 29, 2008)

(2) Matters necessary for the designation and revocation of the designation of authentication organization, authentication procedures, etc. pursuant to paragraph (1) shall be prescribed by Presidential Decree. (Amended by Act nº 9625, Apr. 22, 2009)

(3) The authentication organization under paragraph (1) may collect fees for authentication and the amount thereof shall be determined by the Minister of Culture, Sports and Tourism. (Amended by Act nº 8852, Feb. 29, 2008)

SECTION 7.- Exclusive Publication Right

Article 57 (Establishment of Exclusive Publication Right)                

(1) A person who holds the right to publish or reproduce and interactively transmit (hereinafter referred to as “publication, etc.”) works, etc. may establish an exclusive right (hereinafter referred to as “exclusive publication right” and excluding the right of publication under Article 63; hereinafter the same shall apply) for a person who intends to use such works, etc. for publication, etc. (Amended by Act nº 11110, Dec. 2, 2011)

(2) The holder of author’s economic right may establish a new exclusive publication right to the extent that the methods and conditions of publication, etc. of relevant works, etc. do not overlap. (Inserted by Act nº 11110, Dec. 2, 2011)

(3) The person for whom the exclusive publication right (hereinafter referred to as “holder of the exclusive publication right”) has been established under paragraph (1) shall have the right to use the work that is the object of such exclusive publication right by means of publication, etc., according to the terms of the contract of establishment. (Amended by Act nº 11110, Dec. 2, 2011)

(4) If the right of pledge is established on the right of reproduction, distribution or interactive transmission of a work, the holder of author’s economic right may establish the exclusive publication right only with the authorization of the pledgee. (Amended by Act nº 11110, Dec. 2, 2011)

Article 58 (Obligations of Holder of Exclusive Publication Right)  

(1) Unless otherwise stipulated in the contract of establishment, the holder of the exclusive publication right shall use the work by means of publication, etc. within the period of nine months from the date when he or she received manuscripts or other similar materials which are necessary for the reproduction of the work. (Amended by Act nº 11110, Dec. 2, 2011)

(2) Unless otherwise stipulated in the contract of establishment, the holder of the exclusive publication right shall continue to use the work by means of publication, etc. in accordance with customary practice. (Amended by Act nº 11110, Dec. 2, 2011)

(3) Unless otherwise stipulated in the contract, the holder of the exclusive publication right shall put a mark of holder of author’s economic right on each reproduction, as stipulated by Presidential Decree. (Amended by Act nº 11110, Dec. 2, 2011)

Article 58-2 (Revision, Addition or Reduction of Work)    

(1) If the holder of the exclusive publication right reuses a work that is the object of its right by means of publication, etc., the author may revise, add or reduce the contents of the work to the extent that it is justified. (Amended by Act nº 11110, Dec. 2, 2011)

(2) Whenever the holder of the exclusive publication right intends to reuse a work that is the object of its right by means of publication, etc., unless otherwise stipulated in the contract, he or she shall notify the author of his or her intention in advance. (Amended by Act nº 11110, Dec. 2, 2011)

Article 59 (Duration, etc. of Exclusive Publication Right)  

(1) The duration of the exclusive publication right shall be three years from the date of its first publication, etc., unless otherwise stipulated in the contract of establishment: Provided, That the duration shall be five years where the exclusive publication right is established to cinematize such work. (Amended by Act nº 11110, Dec. 2, 2011)

(2) If the author of the work which is the object of the exclusive publication right dies within the duration of the exclusive publication right, the holder of author’s economic right, notwithstanding the provisions of paragraph (1), may reproduce the work in a complete collection of works or other compilation work, or use the work by means of publication, etc. by separating it from a complete collection of works or other compilation work. (Amended by Act nº 11110, Dec. 2, 2011)

Article 60 (Notification of Termination of Exclusive Publication Right)      

(1) If the holder of the exclusive publication right has violated Article 58 (1) or (2), the holder of author’s economic right may call on him or her to fulfill his or her obligation for a prescribed period of not shorter than six months. If the holder of the exclusive publication right fails to do so during such period, the holder of author’s economic right may notify him or her of the termination of his or her exclusive publication right. (Amended by Act nº 11110, Dec. 2, 2011)

(2) The holder of author’s economic right may immediately notify the holder of the exclusive right of publication of its termination, notwithstanding the provisions of paragraph (1), when it is obvious that it is impossible for the holder of the exclusive publication right to use the work by means of publication, etc., or that he or she has no intention to do so. (Amended by Act nº 11110, Dec. 2, 2011)

(3) When the termination of the exclusive publication right is notified under the provisions of paragraph (1) or (2), the exclusive publication right is presumed to have been terminated on the date the holder of the exclusive publication right has received such notification. (Amended by Act nº 11110, Dec. 2, 2011)

(4) In cases of paragraph (3), the holder of author’s economic right may, at any time, claim to the holder of the exclusive publication right for restitution or compensation for damages accruing from the suspension of publication, etc. of the work. (Amended by Act nº 11110, Dec. 2, 2011)

 Article 61 (Distribution of Reproductions after Termination of Exclusive Publication Right)           

After the termination of the exclusive publication right on account of the expiration of the duration of the right or other reasons, the holder of the exclusive publication right shall not distribute copies reproduced within the duration of the right, except in any of the following cases: (Amended by Act nº 11110, Dec. 2, 2011)

1. Where otherwise stipulated in the contract of establishment;

2. Where he or she has already paid any remuneration to the holder of author’s economic right for publication, etc. within the duration of the exclusive publication right, and he or she distributes the number of copies equivalent to such payment.

Article 62 (Transfer by Assignment of, and Limitations on, Exclusive Publication Right, etc.)          

(1) No holder of the exclusive publication right shall transfer or pledge such right without the consent of the holder of author’s economic right.

(2) Articles 23, 24, 25 (1) through (3), 26 through 28, 30 through 33, 35 (2) and (3), 35-2, 35-3, 36 and 37 shall apply mutatis mutandis to the reproduction, etc. of works, etc. that are the object of the exclusive publication right.

(Article Amended by Act nº 11110, Dec. 2, 2011)

SECTION 7-2.- Special Provisions Concerning Publication

Article 63 (Establishment of Publication Right)    

(1) A person who holds the right to reproduce or distribute a work (hereinafter referred to as “holder of the right of reproduction“) may establish the right to publish such work (hereinafter referred to as “publication right“) for a person who intends to publish such work in documents or pictures by printing them or by other method similar thereto.

(2) A person for whom the publication right is established pursuant to paragraph (1) (hereinafter referred to as “holder of the publication right“) may hold the right to publish the original copy of the work that is the object of the publication right as prescribed by the act of establishment.

(3) Where the pledge has been established for the right of reproduction of relevant work, the holder of the right of reproduction may establish the publication right therefor only with the pledgee’s permit.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 63-2 (Mutatis Mutandis Application)         

Articles 58 through 62 shall apply mutatis mutandis to the publication right. In such cases, “exclusive publication right” shall be construed as “publication right” and “holder of author’s economic right” as “holder of the right of reproduction.”

(Article Inserted by Act nº 11110, Dec. 2, 2011)

CHAPTER III.- NEIGHBORING RIGHTS

SECTION 1.- General Provisions

Article 64 (Protected Performance, Phonogram and Broadcast)  

(1) The following performances, phonogram and broadcasts shall be protected pursuant to this Act: (Amended by Act nº 11110, Dec. 2, 2011)

1. Performances:

(a) Performances conducted by nationals of the Republic of Korea (including legal persons established under the Acts of the Republic of Korea, and foreign legal persons maintaining their principal offices in the Republic of Korea; hereinafter the same shall apply);

(b) Performances protected under the international treaties to which the Republic of Korea has acceded or which it has ratified;

(c) Performances fixed in phonograms as referred to in any item of subparagraph 2;

(d) Performances transmitted by broadcasts as referred to in any item of subparagraph 3 (excluding those included in sound or visual recordings before transmission);

2. Phonograms:

(a) Phonograms produced by nationals of the Republic of Korea;

(b) Phonograms in which sounds have been fixed for the first time in the Republic of Korea;

(c) Phonograms in which sounds have been fixed for the first time in a foreign country party to the treaties and thus protected under such treaties to which the Republic of Korea has acceded or which it has ratified and thus protected under such treaties;

(d) Phonograms which are protected according to treaties in which the Republic of Korea has acceded to or concluded, and whose producers are nationals (including any legal person established pursuant to the Acts of the relevant contracting country and any legal person whose main office is located in the relevant contracting country) of the contracting country;

3. Broadcasts:

(a) Broadcasts made by broadcasting organizations which are nationals of the Republic of Korea;

(b) Broadcasts made from broadcasting facilities located in the Republic of Korea;

(c) Broadcasts made by broadcasting organizations who are nationals of a foreign country party, from broadcasting facilities located in the foreign country party to the treaties to which the Republic of Korea has acceded or which it has ratified and thus protected under such treaties.

(2) Even in cases of performances, phonogram and broadcasts of foreigners protected pursuant to paragraph (1), where the period of protection has expired in the relevant foreign country, the period of protection under this Act shall not be recognized. (Inserted by Act nº 11110, Dec. 2, 2011)

Article 64-2 (Presumption of Performers, etc.)   

A person whose real name or widely known pseudonym as a performer, phonogram producer, or broadcasting organizations is indicated in a general manner in relation to performance, phonogram or broadcasting protected pursuant to this Act shall be presumed to have the right for such performance, phonogram or broadcasts as a performer, phonogram producer or broadcasting organizations, respectively.

(Article Inserted by Act nº 10807, Jun. 30, 2011)

Article 65 (Relationship with Copyright)  

The provisions of each Article in this Chapter shall not be construed as affecting copyright.

SECTION 2.- Performers Right

Article 66 (Right of Paternity)     

(1) A performer shall have the right to indicate his or her real name or pseudonym on his or her performance or the copy of his or her performance.

(2) Those who intend to exploit a performance shall indicate the real name or pseudonym of the performer as he or she has indicated insofar as there is no special declaration of intention by the performer: Provided, That if it is recognized as unavoidable in view of the character of the performance, the purpose and form of exploitation, etc., the same shall not apply.

Article 67 (Right of Integrity)       

A performer shall have the right to maintain the identity of the content and form of his or her performance: Provided, That if it is recognized as unavoidable in view of the nature, or the purpose and manner of exploitation, etc., the same shall not apply.

Article 68 (Inalienability of Performer’s Moral Rights)     

The rights prescribed in Articles 66 and 67 (hereinafter referred to as “moral rights of performer”) shall belong exclusively to the performer.

Article 69 (Right of Reproduction)            

A Performer shall have the right to reproduce his or her performances.

Article 70 (Right of Distribution)                

Performers shall have the right to distribute the copies of his or her performance: Provided, That if the copies of performance have been offered to transactions by means of sale, etc. with authorization of the performer, the same shall not apply.

Article 71 (Right of Rental)           

Performers shall have the right to lend the commercial phonogram, in which his or her performance is recorded, for profit-making purpose notwithstanding the provisions of the proviso to Article 70. (Amended by Act nº 14083, Mar. 22, 2016)

Article 72 (Right of Public Performance)                

Performers shall have the right to perform his or her performance publicly which has not been fixed: Provided, That if the performance is for broadcasting, the same shall not apply.

Article 73 (Right of Broadcasting)              

Performers shall have the right to broadcast their stage performances: Provided, That the same shall not apply to the performance which has been recorded with authorization of the performer.

Article 74 (Right of Interactive Transmission)      

Performers shall have the right to interactively transmit their performances.

Article 75 (Remuneration by Broadcasting Organizations to Performers)               

(1) When a broadcasting organizations sends out a broadcast by using commercial phonograms in which performances are recorded, it shall pay reasonable remuneration to the performers: Provided, That when the performer is a foreigner and the relevant foreign country does not recognize remuneration pursuant to the provisions of this paragraph to the performer who is a national of the Republic of Korea, the same shall not apply. (Amended by Act nº 14083, Mar. 22, 2016)

(2) The provisions of Article 25 (5) through (9) shall apply mutatis mutandis to the payment, etc. of remuneration under paragraph (1).

(3) The amount of remuneration which the organization referred to in paragraph (2) may claim on behalf of the holder of right to remuneration shall be determined each year by an agreement between the relevant organization and the broadcasting organizations.

(4) If the organization and the broadcasting organization fails to reach an agreement pursuant to paragraph (3), the organization or the broadcasting organization may request for conciliation to the Korea Copyright Commission under Article 112 as prescribed by Presidential Decree. (Amended by Act nº 9625, Apr. 22, 2009)

 Article 76 (Remuneration by Digital Audio Transmission Organizations to Performers)   

(1) When a digital audio transmission organization transmits by using phonogram in which stage performances are recorded, it shall pay reasonable remuneration to the performer.

(2) The provisions of Article 25 (5) through (9) shall apply mutatis mutandis to payment of remuneration, etc. under paragraph (1).

(3) The amount of remuneration which the organization referred to in paragraph (2) may claim on behalf of the holder of right to remuneration shall be determined every year by an agreement between the organization and the digital audio transmission organization within the period prescribed by Presidential Decree.

(4) If an agreement referred to in paragraph (3) is not reached, the amount fixed and announced in public by the Minister of Culture, Sports and Tourism shall be paid. (Amended by Act nº 8852, Feb. 29, 2008)

Article 76-2 (Remuneration to Performers by Persons Doing Public Performance Using Commercial Phonograms)             

(1) Any person doing a public performance using commercial phonogram on which the performance is recorded shall pay a reasonable remuneration to the relevant performer: Provided, That where a performer is a foreigner, the same shall not apply when the performer’s country does not recognize a remuneration under this paragraph to a performer who is a national of the Republic of Korea. (Amended by Act nº 14083, Mar. 22, 2016)

(2) Articles 25 (5) through (9) and 76 (3) and (4) shall apply mutatis mutandis to the payment, amount, etc. of a remuneration under paragraph (1).

(Article Inserted by Act nº 9529, Mar. 25, 2009)

Article 77 (Joint Performers)       

(1) If two or more performers perform jointly in a chorus, concert, or drama, etc., the rights of performers (excluding the performer’s moral right) prescribed under this Section shall be exercised by a representative elected by the joint performers: Provided, That where such a representative is not elected, the conductor or director shall exercise the rights.

(2) In exercising the rights of performers under paragraph (1), if a solo vocalist or a solo instrument player participates in the performance, the consent of such vocalist or instrument player shall be obtained.

(3) The provisons of Article 15 shall apply mutatis mutandis to the exercise of the moral rights of joint performers.

SECTION 3.- Rights of Phonogram Producers

Article 78 (Right of Reproduction)            

Phonogram producers shall have the right to reproduce their phonogram.

Article 79 (Right of Distribution)                

Phonogram producers shall have the right to distribute their phonogram: Provided, That the copies of phonogram have been offered to transactions by means of sale, etc. with authorization of the phonogram producers, the same shall not apply.

Article 80 (Right of Rental)           

Notwithstanding the provisions of the proviso to Article 79, phonogram producers shall have the right to authorize commercial rental of phonogram for the purpose of making profits. (Amended by Act nº 14083, Mar. 22, 2016)

Article 81 (Right of Interactive Transmission)      

Phonogram producers shall have the right to interactively transmit their phonograms.

Article 82 (Remuneration to Phonogram Producers by Broadcasting Organization)            

(1) Where a broadcasting organization sends out broadcasts by using commercial phonograms, it shall pay reasonable remuneration to the phonograms producer: Provided, That when the phonograms producer is a foreigner and the foreign country concerned does not recognize remuneration under this paragraph to the phonograms producer who is a national of the Republic of Korea, the same shall not apply. (Amended by Act nº 14083, Mar. 22, 2016)

(2) The provisions of Articles 25 (5) through (9) and 75 (3) and (4) shall apply mutatis mutandis to the payment, amount, etc. of remuneration under paragraph (1).

Article 83 (Remuneration to Phonogram Producers by Digital Audio Transmission Organization)                 

(1) Where a digital audio transmission organization transmits by using commercial phonogram, it shall pay reasonable remuneration to the phonogram producer.

(2) The provisions of Articles 25 (5) through (9) and 76 (3) and (4) shall apply mutatis mutandis to the payment, amount, etc. of remuneration under paragraph (1).

Article 83-2 (Remuneration to Phonogram Producers by Persons Performing in Public Using Commercial Phonogram)    

(1) Any person doing a public performance using a commercial phonogram shall pay a reasonable remuneration to the relevant phonogram producer: Provided, That where a phonogram producer is a foreigner, the same shall not apply when the producer’s country does not recognize remuneration under this paragraph to a phonogram producer who is a national of the Republic of Korea. (Amended by Act nº 14083, Mar. 22, 2016)

(2) Articles 25 (5) through (9) and 76 (3) and (4) shall apply mutatis mutandis to the payment, amount, etc. of a remuneration under paragraph (1).

(Article Inserted by Act nº 9529, Mar. 25, 2009)

SECTION 4.- Rights of Broadcasting Organization

Article 84 (Right of Reproduction)            

Broadcasting organizations shall have the right to reproduce their broadcasts.

Article 85 (Right of Simultaneous Broadcasting)  

Broadcasting organizations shall have the right to authorize their broadcasts to rebroadcast simultaneously.

Article 85-2 (Right of Public Performance)            

A broadcasting organization has the right to publicly perform its broadcasts, when the public performance is made in place ccesible to the general public charging an entrance fee with regard to watching the broadcast.

(Article Inserted by Act nº 10807, Jun. 30, 2011)

SECTION 5.- Term of Protection for Neighboring Right

 Article 86 (Term of Protection)  

(1) Neighboring rights shall commence from the time that falls under the following and shall not require any procedures or formalities: (Amended by Act nº 11110, Dec. 2, 2011)

1. For performances, when the performance took place;

2. For phonograms, when the first fixation of sound was done;

3. For broadcasts, when the broadcasts was sent out.

(2) Neighboring rights (excluding moral rights of performers; hereinafter the same shall apply) shall continue to remain for 70 years (50 years in cases of broadcasts) counting from the year following the year falling under any of the following: (Amended by Act nº 11110, Dec. 2, 2011)

1. For performances, when the performance took place: Provided, That if a phonogram on which the performance is fixed is published within 50 years from the time such performance took place, when the phonogram is published;

2. For phonogram, when the phonogram was released: Provided, That phonograms have not been released until after 50 years have passed counting from the year after the year when the sound was first fixed on the phonogram, the time when the sound was first fixed on the phonogram;

3. For broadcasts, when the broadcast was sent out.

SECTION 6.- Limitations on, Transfers of Ownership, Exercise, etc. of Neighboring Rights

Article 87 (Limitations on Neighboring Rights)     

(1) Articles 23, 24, 25 (1) through (3), 26 through 32, 33 (2), 34, 35-2, 35-3, 36 and 37 shall apply mutatis mutandis to the use of performances, phonograms or broadcasts that are the objects of neighboring rights. (Amended by Act nº 11110, Dec. 2, 2011)

(2) Where a digital audio transmission organization transmits by making use of a phonogram on which performance is recorded pursuant to Articles 76 (1) and 83 (1), he or she may temporarily reproduce a phonogram on which performance is recorded by his or her own means. In such cases, Article 34 (2) shall apply mutatis mutandis to the period of keeping such copy. (Inserted by Act nº 9625, Apr. 22, 2009)

Article 88 (Transfers by Assignment, Exercise, etc. of Neighboring Rights)              

Article 45 (1) shall apply mutatis mutandis to the transfer by assignment of neighboring rights; Article 46 to authorization to exploit performance, phonogram or broadcast; Article 47 to the exercise of the right of pledge established on neighboring rights; Article 49 to the termination of neighboring rights; and Articles 57 through 62 to the establishment, etc. of the exclusive publication right of performance, phonogram or broadcast, respectively.

(Article Amended by Act nº 11110, Dec. 2, 2011)

Article 89 (Statutory License for Use of Performance, Phonogram and Broadcast)             

The provisions of Articles 50 through 52 shall apply mutatis mutandis to the use of performances, phonograms and broadcasts.

Article 90 (Registration of Neighboring Rights)    

Articles 53 through 55 and 55-2 shall apply mutatis mutandis to the registration of neighboring rights or the right of exclusive publication of neighboring rights. In such cases, the term “copyright register” in Article 55 shall be construed as “register of neighboring rights“. (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

CHAPTER IV.- PROTECTION OF DATABASE PRODUCERS

Article 91 (Database Under Protection)  

(1) The database of persons falling under any of the following subparagraphs shall be protected under this Act:

1. Nationals of the Republic of Korea;

2. Foreign nationals protected by the treaties to which the Republic of Korea has acceded or which it has concluded in relation with the protection of database.

(2) Even for a foreign national database protected under paragraph (1), if the foreigner’s country does not protect the database of nationals of the Republic of Korea, the protection under the treaties and this Act may be limited proportionately therewith.

Article 92 (Exception from Application)  

The provisions of this Chapter shall not be applicable to the database falling under either of the following subparagraphs:

1. Computer programs which are used for the production, renewal, etc. or operation of the database;

2. Database which are produced or renewed, etc. in order to have wireless or wire communications technically possible.

Article 93 (Rights of Database Producers)             

(1) Database producers shall hold the rights to reproduce, distribute, broadcast, or interactively transmit (hereafter referred to as the “reproduction, etc.” in this Article) the whole or considerable parts of relevant database.

(2) Individual materials of the database shall not be considered as the considerable parts of relevant database under the provisions of paragraph (1): Provided, That even for the reproductions, etc. of individual materials of database or of the portions falling short of their considerable parts, if the said reproductions conflict with the normal exploitation of relevant database, or infringe unduly on the interests of database producers, by making them repeatedly or systematically for specific purposes, they shall be considered as the reproductions, etc. of the considerable parts of relevant database.

(3) Protections under this Chapter shall not affect the copyright of materials forming constituent parts of the database, and other rights protected under this Act.

(4) Protections under this Chapter shall not extend to the materials themselves forming constituent parts of the database.

Article 94 (Limitations on Rights of Database Producers)               

(1) Articles 23, 28 through 34, 35-2, 35-3, 36 and 37 shall apply mutatis mutandis to the use of database which is the object of the rights of database producers. (Amended by Act nº 11110, Dec. 2, 2011)

(2) In either of the following cases, a person may reproduce, distribute, broadcast or interactively transmit the whole or considerable parts of database: Provided, That the same shall not apply where it is in conflict with the normal exploitation of relevant database:

1. Where being used for education, scholarship or research: Provided, That the same shall not apply to the case aiming at profit-making;

2. Where being used for the news reporting.

Article 95 (Period of Protection)                

(1) The rights of database producers shall commence from the time of completing a production of database, and shall continue to exist for five years counting from the next year of the completion.

(2) Where a considerable investment in human or material resources has been made for the renewal, etc. of database, the rights of database producers for the relevant parts shall commence from the time of making relevant renewal, etc., and shall remain effective for five years counting from the next year of the renewal.

Article 96 (Transfer, Exercise, etc. of Rights of Database Producers)         

The proviso to Article 20 shall apply mutatis mutandis to the offer of database for transaction, Article 45 (1) to the transfer of rights of database producers, Article 46 to the authorization of the use of database, Article 47 to the exercise of the right of pledge established on the rights of database producers, Article 48 to the exercise of rights by the database producers of joint databases, Article 49 to the termination of rights of database producers, and Articles 57 through 62 to the establishment, etc. of the exclusive publication right of database, respectively.

(Article Amended by Act nº 11110, Dec. 2, 2011)

Article 97 (Statutory License for Use of Database)             

The provisions of Articles 50 and 51 shall apply mutatis mutandis to the use of database.

Article 98 (Registration of Rights of Database Producers)              

Articles 53 through 55 and 55-2 shall apply mutatis mutandis to the registration of rights of database producers and the exclusive publication right of database producer’s right. In such cases, the term “copyright register” in Article 55 shall be construed as “database producer’s right register“. (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

CHAPTER V.- SPECIAL CASES CONCERNING CINEMATOGRAPHIC WORKS

Article 99 (Cinematization of Works)       

(1) If the holder of author’s economic right authorizes another person to exploit his or her work by means of cinematization, such authorization shall be presumed to include the following rights, unless otherwise expressly stipulated:

1. To dramatize a work for the production of a cinematographic work;

2. To publicly screen a cinematographic work aiming at a public screening;

3. To broadcast a cinematographic work aiming at broadcasting;

4. To interactively transmit a cinematographic work aiming at a interactive transmission;

5. To reproduce and distribute a cinematographic work for its original purpose;

6. To exploit the translation of a cinematographic work in the same manner as the cinematographic work.

(2) If the holder of author’s economic right authorizes a person to exploit his or her work by means of cinematization, unless otherwise stipulated, he or she may authorize, after the lapse of five years from the date of his or her authorization, the cinematization of the work in another form of cinematographic work.

Article 100 (Rights to Cinematographic Works)   

(1) Where a producer of a cinematographic work and a person who agreed to cooperate in the production of a cinematographic work have obtained a copyright to the said cinematographic work, the rights necessary for the exploitation of such cinematographic work shall be presumed to have been transferred to the producer of the cinematographic work unless otherwise expressly stipulated.

(2) The copyright to a novel, play, work of art or musical work used for the production of a cinematographic work shall not be affected by the provision of paragraph (1).

(3) The right to reproduce under Article 69, the right to distribute under Article 70, the right to broadcast under Article 73, and the right to interactively transmit under Article 74 with regard to the use of a cinematographic work of a performer who agreed with the producer of a cinematographic work to cooperate in the production of a cinematographic work shall be presumed to have been transferred to the producer of cinematographic works, unless otherwise expressly stipulated.

Article 101 (Rights of Producers of Cinematographic Works)        

(1) Rights necessary for the exploitation of a cinematographic work to be transferred by a person, who agreed to cooperate in the production of a cinematographic work, to a producer of a cinematographic work shall be the right to exploit the cinematographic work by means of reproduction, distribution, public presentation, broadcasting, interactive transmission, and others, and the said producer may transfer the rights, or establish the pledge thereon.

(2) The right to be transferred from a performer to a producer of a cinematographic work shall be the right to reproduce, distribute, broadcast or interactive transmit the said cinematographic work, and it may be interactively transferred or a pledge may be established thereon.

CHAPTER V-2.- SPECIAL RULES CONCERNING CINEMATOGRAPHIC WORKS

Article 101-2 (Objects of Protection)       

This Act shall not apply to the following subparagraphs used to prepare programs:

1. Programming language: Characters, symbols and their systems as means expressing programs;

2. Protocol: A special agreement on how to use programming language in a specific program;

3. Algorithm: Combination methods of instructions and commands in a program.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 101-3 (Limitations on Author’s Economic Right of Program)           

(1) In any of the following cases, a program released may be reproduced or distributed to the extent necessary for that purpose: Provided, That where it unreasonably prejudices the interest of the holder of author’s economic right in the light of types and purposes of programs, relative importance of a reproduced part in a program and the number of copies of reproduction or such, the same shall not apply:

1. Where a program is reproduced for a trial or investigation;

2. Where a program is reproduced or distributed for the purpose of providing it to a course of lessons by any person who is responsible for education at schools under the Early Childhood Education Act, the Elementary and Secondary Education Act and the Higher Education Act, and in educational institutions (limited to educational institutions by which educational attainments for entrance into a school of higher level are authorized or which confer an academic degree) established pursuant to other Acts;

3. Where a program is reproduced to be published in textbooks for the educational purpose of schools under the Elementary and Secondary Education Act and schools equivalent thereto;

4. Where a program is reproduced for personal purposes (excluding cases for the purpose of profit-making) in the confined place like home;

5. Where a program is reproduced or distributed for the purpose (excluding cases for the purpose of profit-making) of entrance examinations of schools under the Elementary and Secondary Education Act and the Higher Education Act and of schools equivalent thereto, or of other examinations or official approval for scholarship or skill;

6. Where a program is reproduced for the purpose of research, study, test of functions of a program to confirm ideas and principles which form the foundation of a program (only when any person who uses a program with legitimate authority is using the relevant program).

(2) Programs (limited to cases in which they are legitimately acquired) may be temporarily reproduced during the course of using a computer for the maintenance and repair of such computer. (Inserted by Act nº 11110, Dec. 2, 2011)

(3) Any person who intends to publish a program in textbooks pursuant to paragraph (1) 3 shall pay a remuneration under the standards determined and announced by the Minister of Culture, Sports and Tourism to the relevant holder of author’s economic right. The provisions of Article 25 (5) through (9) shall apply mutatis mutandis to payment of a remuneration.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 101-4 (Decompilation of Program Codes)               

(1) Where any person who uses a program with legitimate authority or any person who has obtained his or her permission cannot easily obtain necessary information for compatibility and it is inevitable for him or her to obtain the information, he or she may perform decompilation of program codes without obtaining permission of the holder of author’s economic right of the program limited to necessary part for compatibility of the relevant program.

(2) Where information obtained through decompilation of program codes under paragraph (1) falls under any of the following subparagraphs, it shall not be used:

1. Where information is exploited for the purpose other than the purpose of compatibility or is provided to a third party;

2. Where a program or expression subject to a reverse engineering of program code is exploited in development, production and sale of substantially similar programs or in infringement of copyright of the program.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 101-5 (Reproduction for Storage by Legitimate Users)      

(1) Any person who possesses and uses a copy of program with legitimate authority may reproduce the relevant copy to the extent necessary to provide against destruction, damage or deterioration or such of the copy.

(2) When any person who possesses or uses a copy of program has lost the right to possess and use a copy of the relevant program, he or she shall destroy the copy made pursuant to paragraph (1) unless the holder of author’s economic right of the program specially expresses his or her intention: Provided, That where he or she has lost the right to possess and use a copy of program because the relevant copy of program has been destroyed, the same shall not apply.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

 Article 101-6 (Article Amended by Act nº 11110, Dec. 2, 2011)

 Article 101-7 (Bailment of Program)       

(1) The holder of author’s economic right of a program and any person who has been authorized to use the program may bail the source code and technical information or such of the program to a person prescribed by Presidential Decree (hereafter referred to as “bailee” in this Article) by mutual consent.

(2) Any person who has been authorized to use a program may, when a reason stipulated in the consent obtained pursuant to paragraph (1) has arisen, request the bailee to provide him or her the source code and technical information or such of the program.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

CHAPTER VI.- LIMITATION ON LIABILITY OF ONLINE SERVICE PROVIDERS

Article 102 (Limitation on Liability of Online Service Providers)   

(1) Even if copyright or other rights protected pursuant to this Act are infringed in relation to any of the following subparagraphs, an online service provider shall not be responsible for such infringement, where he or she meets all of the following requirements in the items pursuant to each subparagraph: (Amended by Act nº 10807, Jun. 30, 2011; Act nº 11110, Dec. 2, 2011)  

1. An act of transmitting, routing or providing connections for works etc. without modifying their contents, or automatic, intermediate or temporary storage of such works etc. in the course thereof within a reasonably necessary period for such transmission:

(a) Where an online service provider has not initiate the transmission of works, etc.;

(b) Where an online service provider has not selected works, etc. or the recipients thereof;

(c) Where an online service provider has adopted and reasonably implemented a policy that provides for termination of the accounts (referring to the accounts with the right to use relevant services, used by an online service provider to identify and manage users; hereafter the same shall apply in this Article and Articles 103-2, 133-2 and 133-3) of persons who repeatedly infringe on copyright or other rights protected pursuant to this Act;

(d) Where the online service provider has accommodated and has not interfered with standard technical measures used by the holder of right that are designed to identify and protect works, etc. and meet the conditions under Presidential Decree;

2. An act of storing works, etc. transmitted at the request of service users in an automatic, mediating or temporary manner so that subsequent users can efficiently access or receive such works, etc.:

(a) Where the requirements under the items of subparagraph 1 are all met;

(b) Where an online service provider has not modified such works, etc.;

(c) If any condition exists to access such works, etc. provided, where the access to temporarily stored works, etc. is permitted to users who have complied with such condition;

(d) Where an online service provider has complied with the rules on updating works, etc. that are determined by a person who reproduces or interactively transmits works, etc. (hereinafter referred to as “interactive transmitter or reproducer”) under data communications protocol for computers or information and communications networks generally recognized in the industry: Provided, That this shall not apply where an interactive transmitter or reproducer has determined rules on updating for the purposes of unreasonably restricting such storage;

(e) Where an online service provider has not interfered with the use of technologies generally recognized within such industry, which are applied to obtain information on the use of works, etc. at the originating site of the works, etc.;

(f) Where an online service provider immediately removed or disabled access to the works etc., when an online service provider is required to suspend reproduction or interactive transmission under Article 103 (1), where such works, etc. are removed or made inaccessible at the original website, or where he or she actually becomes aware of the fact that the court or the head of a central administrative agency has issued an order to delete such works, etc. or make them inaccessible;

3. An act of storing works, etc. in the computer of an online service provider at the request of a reproducer or interactive transmitter:

(a) Where the requirements under the items of subparagraph 1 are all met;

(b) When an online service provider has the right and ability to control the infringing activity, where he or she has not obtained any financial benefit directly attributable to the infringing activity;

(c) When an online service provider actually becomes aware of infringement or obtains actual knowledge of the fact or circumstance that infringement is evident through the request, etc. to suspend reproduction or interactive transmission under Article 103 (1), where he or she has immediately suspended the reproduction or interactive transmission of such works, etc.;

(d) Where an online service provider has designated and announced a person to receive demand to suspend reproduction or interactive transmission pursuant to Article 103 (4);

4. An act of allowing users to know the location of works, etc. on information and communications networks or connecting them thereto through information search tools:

(a) Where the requirements under subparagraph 1 (a) are met;

(b) Where the requirements under subparagraph 3 (b) through (d) are met.

(2) Notwithstanding the provisions of paragraph (1), where it is technologically impossible for an online service provider to take measures under paragraph (1), he or she shall not be responsible for the infringement of copyright or other rights protected pursuant to this Act due to the reproduction or interactive transmission of works, etc. by other persons. (Amended by Act nº 10807, Jun. 30, 2011)

(3) In relation to the limitation on liability under paragraph (1), an online service provider shall not be obligated to monitor any infringement within his or her services or actively investigating such infringement. (Inserted by Act nº 10807, Jun. 30, 2011)

Article 103 (Suspension of Reproduction or Interactive Transmission)     

(1) Any person who claims that his or her copyright and other rights protected under this Act are infringed (hereafter referred to in this Article as “claimant to a right“) due to the reproduction or interactive transmission of works, etc. through the use of services by an online service provider (excluding cases under Article 102 (1) 1; hereafter the same shall apply in this Article), may demand the online service provider, by vindicating the said facts, to suspend the reproduction or interactive transmission of the works, etc. (Amended by Act nº 10807, Jun. 30, 2011)

(2) Where an online service provider is requested to suspend the reproduction or interactive transmission under paragraph (1), he or she shall immediately suspend the reproduction or interactive transmission of such works, etc. and notify a claimant to the right of such fact: Provided, That an online service provider referred to in Article 102 (1) 3 or 4 shall also notify the reproducer or interactive transmitter of such works, etc. (Amended by Act nº 10807, Jun. 30, 2011)

(3) Where the reproducer or interactive transmitter, upon receipt of notification under paragraph (2), vindicates that his or her reproduction or interactive transmission is made with legitimate authority, and demands a resumption of such reproduction or interactive transmission, the online service provider shall promptly notify the claimant to the right of the fact of demanding a resumption and the scheduled date of resumption, and shall have the reproduction or interactive transmission resumed on the said scheduled date: Provided, That this shall not apply where the claimant to a right notifies an online service provider before the scheduled date of resumption, of the fact that he or she has filed a lawsuit against the act of infringement of reproducer or interactive transmitter. (Amended by Act nº 11110, Dec. 2, 2011)

(4) The online service provider shall make an announcement, by designating the person who is demanded to suspend or to resume the reproduction or interactive transmission under paragraphs (1) and (3) (hereafter referred to in this Article as “recipient”), so as to have the users of facilities or services of the provider know with ease.

(5) Where the online service provider has made an announcement pursuant to paragraph (4), and has suspended or resumed the reproduction or interactive transmission of relevant works, etc. under paragraphs (2) and (3), the liability of the online service provider for the infringement on third parties’ copyright and other rights protected under this Act, and the liability of the online service provider for the losses incurred to the reproducer or interactive transmitter, shall be exempted: Provided, That this shall not apply to the liability arisen from the time when the online service provider has known the facts that the copyright and other rights protected under this Act were infringed due to the reproduction or interactive transmission of works, etc. by third parties to the time of demanding the suspension under paragraph (1). (Amended by Act nº 10807, Jun. 30, 2011; Act nº 11110, Dec. 2, 2011)  

(6) Any person who demands, without legitimate authority, the suspension or resumption of the reproduction or interactive transmission of relevant works, etc. under paragraphs (1) and (3), shall make a compensation for any losses incurred thereby.

(7) Matters necessary for the vindication, suspension, notification, resumption of reproduction or interactive transmission, designation of a recipient, and public notice, etc. under paragraphs (1) through (4) shall be prescribed by Presidential Decree. In such cases, the Minister of Culture, Sports and Tourism shall make a prior consultation with the heads of related central administrative agencies. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 10807, Jun. 30, 2011)  

Article 103-2 (Scope of Court Orders Issued to Online Service Providers)               

(1) Where the court orders necessary measures pursuant to Article 123 (3) to an online service provider who meets the requirements under Article 102 (1) 1, it may order the following measures only:

1. Termination of certain accounts;

2. Reasonable measures to prevent the access to specific foreign websites.

(2) Where the court orders necessary measures pursuant to Article 123 (3) to an online service provider who meets the requirements under Article 102 (1) 2 through 4, it may order the following measures only:

1. Deletion of illegal copies;

2. Measures to prevent the access to illegal copies;

3. Termination of specific accounts;

4. Other measures deemed by the court as necessary to the extent a minimum burden is imposed on an online service provider.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 103-3 (Request for Information on Reproducers and Interactive Transmitters)     

(1) Where the claimant to a right has requested an online service provider to provide information owned by such online service provider, such as the names and addresses of the relevant reproducer and interactive transmitter to the minimum extent necessary to file a civil lawsuit or bring criminal charges, but the online service provider has refused such request, the claimant to the right may request the Minister of Culture, Sports and Tourism to issue an order to the online service provider to provide such information.

(2) In receipt of a request under paragraph (1), the Minister of Culture, Sports and Tourism may order the online service provider to submit information on the relevant reproducer and interactive transmitter, after undergoing deliberation by the Copyright Protection Deliberation Committee referred to in Article 122-6. (Amended by Act nº 14083, Mar. 22, 2016)

(3) The online service provider shall submit relevant information to the Minister of Culture, Sports and Tourism within seven days from receipt of an order under paragraph (2), and the Minister of Culture, Sports and Tourism shall provide such information to a person who has made a request under paragraph (1), without delay.

(4) No person provided with information on the relevant reproducer or interactive transmitter pursuant to paragraph (3) shall use such information for the purposes other than those requested under paragraph (1).

(5) Other matters necessary for the provision of information on reproducers or interactive transmitters shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 104 (Obligation, etc. of Online Service Providers of Special Type)                

(1) The online service provider who aims principally at enabling interactive transmission of works, etc. by using computers between other persons (hereinafter referred to as “online service provider of special type”) shall take necessary measures, such as technological measures, etc. that block illegal forwarding of the relevant work, etc. upon request from the holder of rights. In such cases, matters regarding the request of holder of rights and necessary measures shall be prescribed by Presidential Decree. (Amended by Act nº 9625, Apr. 22, 2009)

(2) The Minister of Culture, Sports and Tourism may lay down and announce the extent of online service provider of special type under paragraph (1). (Amended by Act nº 8852, Feb. 29, 2008)

CHAPTER VI-2.- PROHIBITION OF CIRCUMVENTING TECHNOLOGICAL PROTECTION MEASURES, ETC

Article 104-2 (Prohibition of Circumventing Technological Protection Measures)               

(1) No person shall circumvent the technological protection measures under subparagraph 28 (a) of Article 2 by intention or negligence without legitimate authority by removing, altering or bypassing such measures: Provided, That this shall not apply in any of the following:

1. Where a person engaged in research of encryption circumvents technological protection measures to the extent necessary to research flaws or vulnerability of encryption technologies applied to such works, etc. after legitimately obtaining the copy of the works, etc.: Provided, That the foregoing shall be limited to cases where he or she has made a considerable effort to obtain a permission for the use necessary for such research from the holder of rights, but failed to do so;

2. Where he or she includes components or parts circumventing technological protection measures in technology, products, services or devices in order to prevent minors from accessing online works, etc. harmful to minors: Provided, That the foregoing shall be limited to cases where no ban is imposed pursuant to paragraph (2);

3. Where it is necessary to identify functions of non-disclosure collecting and distributing personally identifiable information capable of verifying individuals’ online activities and circumventing them: Provided, That the foregoing shall not apply where it affects other persons’ access to works, etc.;

4. Where it is necessary for law enforcement, legitimate information collection, guarantee of security, etc. by the State;

5. Where it is necessary for educational institutions and education supporting institutions under Article 25 (2), libraries under Article 31 (1) (limited to non-profit libraries) or archive management institutions under the Public Records Management Act to determine whether to purchase works, etc.: Provided, That the foregoing shall be limited to cases where any access thereto is impossible without circumventing technological protection measures;

6. Where a person who uses programs with legitimate authority engages in decompilating program codes to the extent necessary to secure compatibility with other programs;

7. Where it is necessary for a person who has legitimate authority to inspect, investigate, or correct the security of computers or information and communications networks;

8. Cases determined and notified by the Minister of Culture, Sports and Tourism according to the procedures prescribed by Presidential Decree as it is deemed that the legitimate use of works, etc. of specific types is unreasonably affected or likely to be affected by the prohibition of circumventing technological protection measures. In such cases, the effect of such exception shall be valid for three years.

(2) No person may manufacture, import, distribute, interactively transmit, sell or rent, offer to the general public for subscription, advertise to sell or rent, store or possess to distribute the following devices, products or parts, or provide the relevant services, without legitimate authority:

1. Those publicized, advertised or promoted for the purpose of circumventing technological protection measures;

2. Those having limited business purposes or uses other than circumventing technological protection measures;

3. Those designed, produced or remodeled, or performed for the main purpose of making circumventing technological protection measures possible or easy.

(3) Notwithstanding the provisions of paragraph (2), the aforementioned shall not apply in either of the following cases:

1. Cases falling under paragraph (1) 1, 2, 4, 6 and 7 in relation to technological protection measures under subparagraph 28 (a) of Article 2;

2. Cases falling under paragraph (1) 4 and 6 in relation to technological protection measures under subparagraph 28 (b) of Article 2.

(Article Inserted by Act nº 10807, Jun. 30, 2011)

Article 104-3 (Prohibition of Removal, Alteration, etc. of Rights Management Information)          

(1) No person shall do any of the following acts without legitimate authority either knowingly or without knowing by negligence that such acts may cause or conceal the infringement of copyright or other rights protected pursuant to this Act: (Amended by Act nº 11110, Dec. 2, 2011)

1. Act of deliberately removing, altering or falsely adding rights management information;

2. Act of distributing rights management information or importing such information for the purpose of distribution, upon knowing that such information has been removed or altered without legitimate authority;

3. Act of distributing, publicly performing or publicly transmitting the original or copies of relevant works, etc. or the reproduction thereof or of importing them for the purpose of distribution, upon knowing that rights management information has been removed, altered or falsely added without legitimate authority.

(2) Paragraph (1) shall not apply where it is necessary for national law enforcement, legitimate information collection, guarantee of security, etc.

(Article Inserted by Act nº 10807, Jun. 30, 2011)

Article 104-4 (Prohibition of Circumvention, etc. of Encrypted Broadcasting Signals)         

No person shall conduct any of the following acts:

1. Act of manufacturing, assembling, altering, importing, exporting, selling, or renting, or delivering with other means, devices, products, major components, programs, or other tangible or intangible measures for the purposes of decoding (encoding) encrypted broadcasting signals without consent of a broadcasting organization, either knowingly or without knowing by negligence that such measures will be mainly used for such purposes: Provided, That this shall not apply to cases falling under Article 104-2 (1) 1, 2 or 4;

2. Where encrypted broadcasting signals have been decoded with legitimate authority, act of publicly transmitting such signals upon knowing such fact to other persons for profit without consent of a broadcasting organization;

3. Act of listening to or viewing or publicly transmitting to other persons by receiving encrypted broadcasting signals, upon knowing that such signals have been decoded without consent of a broadcasting organization.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 104-5 (Prohibition of Forging, etc. of Labels)         

No person shall conduct any of the following acts without legitimate authority:

1. Act of forging labels of works, etc. to be attached, enclosed or added to illegal copies or their documents or packaging, or act of distributing forged labels or owning them for the purpose of distribution upon knowing such fact;

2. Act of distributing labels produced upon obtaining a permit from the holder of right of works, etc. or a person who has received consent from the holder of right, beyond the permitted range, or act of redistributing forged labels or owning them for the purpose of redistribution upon knowing such fact;

3. Act of forging documents or packaging distributed together with legitimate copies of works, etc. to use them for illegal copies, or act of distributing forged documents or packaging or owning them for the purpose of distribution upon knowing such fact.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 104-6 (Prohibition of Recording, etc. of Cinematographic Works)                

No person shall record cinematographic works protected by copyright at a movie theater, etc. screening such works with a recording device without consent of the holder of author’s economic right, or publicly transmit such works.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 104-7 (Prohibition of Transmitting Signals Prior to Broadcasting)  

No person shall transmit signals to be transmitted to a broadcasting organization (excluding cases in which the signals are transmitted for the purposes of allowing the public to directly receive them) to any third person without legitimate authority.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 104-8 (Claim, etc. of Suspension or Prevention of Infringement)  

A person who holds copyrights or other rights protected pursuant to this Act may request suspension or prevention of infringement, security for damages, damages or statutory damages in lieu thereof against a person who has violated Articles 104-2 through 104-4, and may request suspension and prevention of infringement against a person who has done an act under Article 104-2 (1) without intention or negligence. In such cases, Articles 123, 125, 125-2, 126 and 129 shall apply mutatis mutandis. (Amended by Act nº 11110, Dec. 2, 2011)

(Article Inserted by Act nº 10807, Jun. 30, 2011)

CHAPTER VII.- COPYRIGHT TRUST SERVICE

Article 105 (Permission, etc. for Copyright Trust Service)               

(1) Any person who intends to engage in a copyright trust service shall obtain permission from the Minister of Culture, Sports and Tourism as prescribed by Presidential Decree; and a person who intends to engage in a copyright agency or brokerage service shall report thereon to the Minister of Culture, Sports and Tourism as prescribed by Presidential Decree: Provided, That the Minister of Culture, Sports and Tourism may designate a public institution under the Act on the Management of Public Institutions as an organization that provides copyright trust service. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 14083, Mar. 22, 2016)

(2) Anyone who intends to operate the copyright trust service pursuant to the provisions of paragraph (1) shall satisfy the following requirements, prepare regulations defining the duties of copyright trust service as prescribed by Presidential Decree and submit them together with an application for permission for copyright trust service to the Minister of Culture, Sports and Tourism: Provided, That the requirements prescribed in subparagraph 1 shall not apply to a public institution referred to in the proviso to paragraph (1): (Amended by Act nº 8852, Feb. 29, 2008; Act nº 14083, Mar. 22, 2016)

1. That it shall be an organization comprised of the holders of right to works, etc.;

2. That it shall not aim at profit-making;

3. That it shall have sufficient capability to execute the duties, such as the collection, distribution, etc. of fees.

(3) Any person falling under any of the following subparagraphs shall not be eligible to obtain a license to engage in a copyright trust service or copyright agency or brokerage service (hereinafter referred to as “copyright trust service”) under paragraph (1) or report it: (Amended by Act nº 14634, Mar. 21, 2017) 

1. Any incompetent person under the adult guardianship or quasi-incompetent person under the limited guardianship;

2. Any person who has been declared bankrupt and has not yet been reinstated;

3. Any person who is within one-year period following the execution of criminal penalties of a fine or more severe punishment, or the final decision to suspend the execution of a sentence for violation of this Act, or who is in the probation period following a suspended sentence;

4. Any person who has no domicile in the Republic of Korea;

5. Any legal person or organization in which a person falling under any of subparagraphs 1 through 4 is the representative or executive officer.

(4) Any person who has obtained permission or reported for copyright trust service under paragraph (1) (hereinafter referred to as “copyright trust service provider”) may collect fees for his or her services from the holder of author’s economic rights or other interested persons.

(5) The rate and amount of fees under paragraph (4) and the rate and amount of usage fee that a copyright trust service provider receives from users shall be determined by the copyright trust service provider after he or she obtains approval from the Minister of Culture, Sports and Tourism. In such cases, the Minister of Culture, Sports and Tourism shall collect opinions of interested persons, as prescribed by Presidential Decree. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 14083, Mar. 22, 2016)

(6) As for approval under paragraph (5), the Minister of Culture, Sports and Tourism may approve after going through the deliberation of the Korea Copyright Commission pursuant to Article 112, and may ,if necessary, set the period of time for the approval or approve after correcting the content in the application . (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009)

(7) Where there is an application for approval on the rate or amount of usage fee pursuant to the provisions of paragraph (5) or where the Minister of Culture, Sports and Tourism has granted approval, he or she shall announce the content thereof as prescribed by Presidential Decree. (Amended by Act nº 8852, Feb. 29, 2008)

(8) Where it is necessary for the protection of rights of the holder of author’s economic right and other parties or for the contribution of convenience of use of works, etc., the Minister of Culture, Sports and Tourism may change the content of approval pursuant to the provisions of paragraph (5). (Amended by Act nº 8852, Feb. 29, 2008)

Article 106 (Obligation of Copyright Trust Service Provider)          

(1) The copyright trust service provider shall prepare a list of works, etc. that he or she manages on a quarter year basis in written or electronic form as prescribed by Presidential Decree so that all the people may peruse the list during business hours at the least.

(2) Where a user requests in writing, the copyright trust service provider shall supply the information under his or her management necessary for concluding exploitation contract of works, etc., which is prescribed by Presidential Decree, within a considerable period of time in writing, unless there are justifiable causes to the contrary.

(3) Where necessary for users’ convenience, the Minister of Culture, Sports and Tourism may request a copyright trust service provider that receives usage fees under Article 105 (5) or an organization that collects remunerations from persons who do public performance using commercial phonogram under Articles 76-2 and 83-2 to make an integrated collection, as prescribed by Presidential Decree. In such cases, the copyright trust service provider or remuneration collection organization in receipt of such request shall comply therewith unless there is any good cause. (Inserted by Act nº 14083, Mar. 22, 2016)

(4) A copyright trust service provider or remuneration collection organization may entrust the affairs related to the integrated collection of usage fees and remunerations as prescribed in paragraph (3) to a person prescribed by Presidential Decree. (Inserted by Act nº 14083, Mar. 22, 2016)

(5) A copyright trust service provider or remuneration collection organization that entrusts affairs related to collection under paragraph (4), shall pay entrustment commission, as prescribed by Presidential Decree. (Inserted by Act nº 14083, Mar. 22, 2016)

(6) Necessary matters concerning the time frame for, and methods, etc. of, settlement of usage fees and remunerations collected under paragraph (3) shall be prescribed by Presidential Decree. (Inserted by Act nº 14083, Mar. 22, 2016)

Article 107 (Request for Perusal of Documents)  

The copyright trust service provider may request for perusal of documents needed for the calculation of usage fee for the relevant works from the person who uses the works, etc. under his or her management for commercial purposes. In such cases, the user shall comply therewith unless there is a justifiable reason to the contrary.

Article 108 (Supervision)              

(1) The Minister of Culture, Sports and Tourism may demand a copyright trust service provider to submit a necessary report on the duties of the copyright trust service. (Amended by Act nº 8852, Feb. 29, 2008)

(2) In order to promote the protection of rights and interests of authors and the convenient use of works, the Minister of Culture, Sports and Tourism may issue necessary orders concerning copyright trust service. (Amended by Act nº 8852, Feb. 29, 2008)

Article 109 (Cancellation, etc. of Permission)       

(1) The Minister of Culture, Sports and Tourism may order the suspension of business for a specified period of not longer than six months, if a copyright trust service provider commits any of the following subparagraphs: (Amended by Act nº 8852, Feb. 29, 2008; Act nº 14083, Mar. 22, 2016)

1. Where he or she has received an amount in excess of the fee approved pursuant to the provisions of Article 105 (5);

2. Where he or she has received an additional usage fee in addition to the usage fee approved pursuant to the provisions of Article 105 (5);

3. Where he or she has failed to make a report under Article 108 (1) without any justifiable reason or made a false report;

4. Where he or she has received an order under Article 108 (2), and failed to fulfill the order without any justifiable reason;

5. Where he or she has received a request to make integrated collection under Article 106 (3), and failed to comply with the request without any justifiable reason.

(2) The Minister of Culture, Sports and Tourism may cancel permission for, or order to close copyright trust service if a copyright trust service provider commits any of the following subparagraphs: (Amended by Act nº 8852, Feb. 29, 2008)

1. That the copyright trust service provider has obtained permission or made a report by fraudulent or unlawful means;

2. That the copyright trust service provider continues to engage in the business after receiving an order of suspension under paragraph (1).

Article 110 (Hearings)     

If the Minister of Culture, Sports and Tourism intends to cancel the permission for, or order to close copyright trust service pursuant to the provisions of Article 109 (2), he or she shall hold a hearing. (Amended by Act nº 8852, Feb. 29, 2008)

Article 111 (Imposition of Penalty Surcharge)      

(1) When a copyright trust service provider falls under any of the subparagraphs of Article 109 (1) and thus has to be given a disposition of business suspension, the Minister of Culture, Sports and Tourism may impose and collect a penalty surcharge not exceeding 1/100 of the usage fees and remunerations collected in the immediately preceding year, in lieu of the disposition of business suspension, as prescribed by Presidential Decree: Provided, That where it is impractical to calculate the amount to be collected, the Minister may impose and collect a penalty surcharge in an amount not exceeding one billion won. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 14083, Mar. 22, 2016)

(2) When the person who has been given a disposition of business suspension pursuant to the provisions of paragraph (1) fails to pay the penalty surcharge by the payment deadline, the Minister of Culture, Sports and Tourism shall collect it in the same manner as delinquent national taxes are collected. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 14083, Mar. 22, 2016)

(3) The penalty surcharge collected pursuant to the provisions of paragraphs (1) and (2) may be used by the collecting body to establish order of healthy use of works. (Amended by Act nº 14083, Mar. 22, 2016)

(4) Matters necessary for the amount of penalty surcharge in accordance with the kind, degree, etc. of violation for which a penalty surcharge is imposed pursuant to the provisions of paragraph (1), procedures for use of penalty surcharge pursuant to the provisions of paragraph (3), etc. shall be prescribed by Presidential Decree. (Amended by Act nº 14083, Mar. 22, 2016)

CHAPTER VIII.- KOREA COPYRIGHT COMMISSION

Article 112 (Establishment of Korea Copyright Commission)         

(1) In order to deliberate on matters concerning copyright and other rights (hereafter referred to as “copyright” in this Chapter) protected pursuant to this Act, and to mediate and conciliate disputes concerning copyright (hereinafter referred to as “dispute”), and to conduct business necessary for the promotion of the rights and interests of right holders and protection and fair use of works, etc., the Korea Copyright Commission (hereinafter referred to as the “Commission”) shall be established. (Amended by Act nº 14083, Mar. 22, 2016)

(2) The Commission shall be a legal person.

(3) The provisions on an incorporated foundation under the Civil Act shall apply mutatis mutandis to matters not prescribed in this Act regarding the Commission. In such cases, a member of the Commission shall be deemed a director.

(4) Any person who is not the Commission shall not use the name of the Korea Copyright Commission.

(Article Amended by Act nº 9625, Apr. 22, 2009)

Article 112-2 (Organization of the Commission)  

(1) The Commission shall be comprised of members no less than 20 but no more than 25 including one chairperson and two vice-chairpersons.

(2) Members shall be appointed by the Minister of Culture, Sports and Tourism from among the persons referred to in the following subparagraphs, and the chairperson and vice-chairpersons shall be elected from among the members. In such cases, the Minister of Culture, Sports and Tourism shall strike a balance between the number of members who reflect the interest of holders of rights which are protected by this Act and the number of members who reflect the interest of users thereof, and may request organizations of holders of a right by field or organizations of users by field or such to recommend members:

1. Those who majored in the field related to copyright as those who are or were associate professors or higher, or in the position equivalent thereto in a college or authorized research institution;

2. Those who are in the position of a judge or public prosecutor, or those who have qualification for a lawyer;

3. Those who are experienced in business in the field of copyright or cultural industry as those who are or were public officials in Grade IV or higher, or in the position in a public institution equivalent thereto;

4. Those who are or were in the position of executive officer of an organization related to copyright or cultural industry;

5. Those who have extensive knowledge and wide experience in business related to copyright or cultural industry.

(3) A term of office of members shall be three years and they may be reappointed: Provided, That a term of office of a member who is appointed to the designated post shall be the term of the post he or she holds.

(4) When a vacancy occurs in the membership of the Commission, a substitute member shall be appointed pursuant to paragraph (2), and a term of office of the substitute member shall be the remainder of his or her predecessor’s term of office: Provided, That if the number of members is no less than 20, a substitute member need not be appointed.

(5) Subcommittees by field may be established in order to efficiently conduct business of the Commission. A resolution made by a subcommittee with respect to matters entrusted by the Commission shall be deemed made by the Commission.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 113 (Functions)   

The Commission shall perform the following functions: (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009)

1. Mediation or conciliation of disputes;

2. Deliberation of the matters concerning the rate or amount of fee and usage fee for copyright trust service provider pursuant to the provisions of Article 105 (6) and deliberation of the matters presented for consideration by the Minister of Culture, Sports and Tourism or jointly by three or more members;

3. Projects for setting up order in the use of works, etc. and for promoting fair use of works;

4. International cooperation for the protection of copyright;

5. Research, education and publicity of copyright;

6. Support to the formulation of policy on copyright;

7. Measures of technological protection and support to the formulation of policy on rights management information;

8. Construction and operation of information management system for the provision of copyright information;

9. Appraisal of infringement, etc. of copyright;

10. Deleted (By Act nº 14083, Mar. 22, 2016)

11. Duties prescribed as duties of the Commission or duties entrusted to the Commission pursuant to statutes;

12. Other duties entrusted by the Minister of Culture, Sports and Tourism.

Article 113-2 (Mediation)             

(1) Any person seeking for mediation for dispute settlement may apply for mediation by filing an application with the Commission.

(2) When the Commission has received an application for mediation pursuant to paragraph (1), the chairperson shall appoint a member from among the members and have him or her mediate.

(3) Where a member responsible for mediation deems that a dispute is not possible to be settled through mediation, he or she may discontinue mediation.

(4) When an application for conciliation has been made under this Act with respect to a dispute under mediation, the relevant mediation shall be deemed to have been suspended.

(5) When mediation has been effected, a member responsible for mediation shall prepare a written mediation and put his or her name and seal on it with the relevant persons.

(6) Matters necessary for application of and procedures for mediation shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 114 (Conciliation Division)              

(1) In order for the Commission to effectively execute the duties of dispute conciliation, a conciliation division comprised of one member, or three or more members, including one member qualified as a lawyer.

(2) Matters necessary for the composition, operation, etc. of conciliation division pursuant to the provisions of paragraph (1) shall be prescribed by Presidential Decree.

Article 114-2 (Application, etc. for Conciliation)  

(1) Any person who wants for dispute conciliation may apply for conciliation by filing an application for conciliation in which the intention and cause of application is stated with the Commission.

(2) The conciliation division under Article 114 shall make conciliation of a dispute pursuant to paragraph (1).

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 115 (Non-Disclosure)       

The procedures of conciliation shall be kept closed to the public in principle: Provided, That the head of conciliation division may permit those who are recognized as appropriate with the consent of the relevant parties to attend the procedures.

Article 116 (Limitation on Use of Statement)       

The statements made by the relevant parties or interested persons at the conciliation procedures shall not be used at the lawsuit or arbitration proceeding.

Article 117 (Conclusion of Conciliation)   

(1) Conciliation shall take effect by entering the matters that have been agreed upon between the relevant parties in the record.

(2) The record pursuant to the provisions of paragraph (1) shall have the same effect as the court settlement: Provided, That the same shall not apply to the matters that cannot be disposed of voluntarily by the relevant parties.

Article 118 (Conciliation Expense, etc.)  

(1) Conciliation expense shall be borne by the applicant: Provided, That where conciliation has been concluded and unless special agreement exists, the relevant parties shall share the expense equally.

(2) Matters necessary for application of and procedures for conciliation, and payment methods of conciliation expense shall be prescribed by Presidential Decree. (Inserted by Act nº 9625, Apr. 22, 2009)

(3) The amount of conciliation expense pursuant to paragraph (1) shall be determined by the Commission. (Amended by Act nº 9625, Apr. 22, 2009)

Article 119 (Appraisal)    

(1) The Commission may, where a case falls under any of the following subparagraphs, make an appraisal: (Amended by Act nº 9625, Apr. 22, 2009)

1. Where a court or investigation agency requests for an appraisal of infringement of copyright or other rights for a trial or investigation;

2. Where both parties to conciliation of a dispute request for an appraisal of a program and electronic information or such related to the program for dispute conciliation pursuant to Article 114-2 to make

(2) Matters necessary for the procedures, methods, etc. of appraisal pursuant to the provisions of paragraph (1) shall be prescribed by Presidential Decree.

(3) When the Commission makes an appraisal pursuant to the provisions of paragraph (1), it may collect appraisal fee and the amount shall be determined by the Commission.

Article 120 (Copyright Technology Center)           

(1) In order to effectively execute the duties in subparagraphs 7 and 8 of Article 113, the Commission shall have Copyright Technology Center. (Amended by Act nº 9625, Apr. 22, 2009)

(2) Matters necessary for operation of Copyright Technology Center shall be prescribed by Presidential Decree. (Inserted by Act nº 9625, Apr. 22, 2009)

Article 121 Deleted. (by Act nº 9625, Apr. 22, 2009)          

Article 122 (Subsidy, etc.)             

(1) The State may contribute money or provide subsidy for expenses necessary for operation of the Commission within budgetary limits. (Amended by Act nº 9625, Apr. 22, 2009)

(2)          Individuals, legal persons or organizations may contribute money or other property to the Commission in order to support the execution of duties pursuant to the provisions of subparagraphs 3, 5 and 8 of Article 113.

(3) The contributions pursuant to the provisions of paragraph (2) shall be held in a separate account and approval from the Minister of Culture, Sports and Tourism shall be obtained for the use thereof. (Amended by Act nº 8852, Feb. 29, 2008)

CHAPTER VIII-II.- KOREA COPYRIGHT PROTECTION AGENCY

Article 122-2 (Establishment of Korea Copyright Protection Agency)        

(1) There is hereby established the Korea Copyright Protection Agency (hereinafter referred to as the “Protection Agency“) to provide services related to the protection of copyright.

(2) The Protection Agency shall be a corporation.

(3) The Government may contribute money or provide subsidy for expenses required for the establishment, facilities, operation, etc. of the Protection Agency within budgetary limits.

(4) Except as expressly provided for in this Act and the Act on the Management of Public Institutions, the provisions of the Civil Act that are relevant to an incorporated foundation shall apply mutatis mutandis in regard to the Protection Agency.

(5) No one other than the Protection Agency under this Act shall not use the title of the Korea Copyright Protection Agency or any title similar thereto.

(Article Inserted by Act nº 14083, Mar. 22, 2016)

Article 122-3 (Articles of Incorporation of Protection Agency)     

The articles of incorporation of the Protection Agency shall include the following matters:

1. Purpose;

2. Name;

3. Matters concerning the main office;

4. Matters concerning executive officers and employees;

5. Matters concerning the operation of the board of directors;

6. Matters concerning the Copyright Protection Deliberation Committee referred to in Article 122-6;

7. Matters concerning duties;

8. Matters concerning property and accounting;

9. Matters concerning the amendment of the articles of incorporation;

10. Matters concerning the establishment, amendment and repeal of internal regulations.

(Article Inserted by Act nº 14083, Mar. 22, 2016)

Article 122-4 (Executive Officers of Protection Agency)  

(1) The Protection Agency shall have not more than nine directors including one chairperson, and one auditor; the auditor and directors excluding the chairperson shall be part-time, and the chairperson shall preside over meetings of the board of directors.

(2) The chairperson shall be appointed and dismissed by the Minister of Culture, Sports and Tourism.

(3) The term of office of the chairperson shall be three years.

(4) The chairperson shall represent and exercise overall control over the Protection Agency.

(5) Where the chairperson is unable to perform his or her duties in extenuating circumstances, one of directors in the order enumerated in the articles of incorporation shall act on behalf of the chairperson.

(6) No person who falls under any subparagraph of Article 33 of the State Public Officials Act shall be an executive officer of the Protection Agency referred to in paragraph (1).

(Article Inserted by Act nº 14083, Mar. 22, 2016)

Article 122-5 (Functions)              

The functions of the Protection Agency shall be as follows:

1. Support for the establishment and implementation of policies for protection of copyrights;

2. Fact-finding survey and production of statistics on infringement of copyrights;

3. Research and development of technology for protection of copyrights;

4. Provision of support to the investigation and regulation of infringements on copyrights under subparagraph 26 of Article 5 of the Act on the Persons Performing the Duties of Judicial Police Officers and the Scope of Their Duties;

5. Deliberation on corrective orders issued by the Minister of Culture, Sports and Tourism under Article 133-2;

6. Making recommendations to online service providers to take corrective measures and making requests to the Minister of Culture, Sports and Tourism to issue corrective orders under Article 133-3;

7. Affairs prescribed as duties of the Protection Agency or entrusted to it, by Acts and subordinate statutes;

8. Other affairs entrusted by the Minister of Culture, Sports and Tourism.

(Article Inserted by Act nº 14083, Mar. 22, 2016)

Article 122-6 (Composition of Deliberation Committee)  

(1) In order to conduct deliberations under Articles 103-3, 133-2 and 133-3 and to deliberate on the matters requested by the chairperson of the Protection Agency or referred to by the chairperson of the Deliberation Committee in connection with the protection of copyright, the Copyright Protection Deliberation Committee (hereinafter referred to as the “Deliberation Committee“) shall be established under the Protection Agency.

(2) The Deliberation Committee shall be comprised of not less than five nor more than ten members, including one chairperson, and there shall be a balance between the number of the members representing the interest of the holders of the rights protected by this Act and the number of the members representing the interest of the users. (Amended by Act nº 14432, Dec. 20, 2016)

(3) The chairperson of the Deliberation Committee shall be elected by and from among its members.

(4) Members of the Deliberation Committee shall be commissioned by the Minister of Culture, Sports and Tourism in compliance with Presidential Decree from among persons with extensive knowledge of and experience in copyright, cultural industry, law, etc.,.

(5) The term of office of a member of the Deliberation Committee shall be three years, and the consecutive appointment may be permitted.

(6) Other matters necessary for the composition and operation of the Deliberation Committee shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 14083, Mar. 22, 2016)

CHAPTER IX.- REMEDIES FOR INFRINGEMENT OF RIGHTS

Article 123 (Right of Demanding Suspension, etc. of Infringement)           

(1) Any person who holds the copyright or other rights protected under this Act (excluding the rights to be compensated under Articles 25, 31, 75, 76, 76-2, 82, 83 and 83-2; hereafter the same shall apply in this Article) may demand of a person infringing his or her rights to suspend such act or demand a person likely to infringe on his or her rights to take preventive measures or to provide a security for compensation for damages. (Amended by Act nº 9529, Mar. 25, 2009)

(2) If a person who holds the copyright or other rights protected under this Act makes a demand under paragraph (1), he or she may demand destruction of the objects made by the act of infringement or other necessary measures.

(3) In the cases of paragraphs (1) and (2), or in the case where a criminal indictment under this Act has been filed, on request of a plaintiff or accuser, the court may, with or without security, issue an order to temporarily suspend the act of infringement, or seize the objects made by the act of infringement, or to take other necessary measures.

(4) With respect to paragraph (3), where a final judicial decision was made that no infringement of copyright and other rights protected under this Act has been made, the applicant shall pay compensation for the damages caused by his or her request.

Article 124 (Act Construed as Infringement)        

(1) Any act falling under any of the following subparagraphs shall be considered to be infringement of copyright or other rights protected under this Act: (Amended by Act nº 9625, Apr. 22, 2009)

1. The importation into the Republic of Korea, for the purpose of distribution therein of goods made by an act which would infringe on copyright or other rights protected under this Act, if they were made within the Republic of Korea at the time of such importation;

2. The possession, for the purpose of distribution, of goods produced by an act that constitutes an infringement on copyright or other rights protected under this Act (including those imported as referred to in subparagraph 1) with the knowledge of such infringement;

3. Exploitation in business of a copy (including imported goods pursuant to subparagraph 1) of a program made in infringement of copyright of a program by a person who has acquired it with the knowledge of such infringement.

(2) An act of using a work in a manner prejudicial to the honor or reputation of the author shall be considered to be an infringement of his or her moral rights. (Amended by Act nº 10807, Jun. 30, 2011)

(3) Deleted (By Act nº 10807, Jun. 30, 2011)

Article 125 (Claim for Damages)                

(1) Where the holder of author’s economic right or other rights (excluding author’s moral right and performer’s moral right) protected under this Act (hereinafter referred to as “holder of author’s economic right, etc.”) claims compensation against a person who has infringed on his or her rights intentionally or by negligence for damages sustained from the relevant infringement, if the infringing person has gained any profit by his or her infringement, the relevant amount of profit shall be presumed to be the amount of damages sustained by the holder of author’s economic right, etc.

(2) Where the holder of author’s economic right, etc. claims compensation against a person who has infringed on his or her rights intentionally or by negligence for damages sustained from the relevant infringement, the amount corresponding to that normally gained by an exercise of such rights shall be made as the amount of damages sustained by the holder of author’s economic right, etc., and a claim therefor may be made.

(3) Notwithstanding the provisions of paragraph (2), where the amount of damages sustained by the holder of author’s economic right, etc. exceeds the amount under paragraph (2), a claim for such exceeding amount may be made.

(4) Any person who has infringed on copyright, exclusive publication right (including cases applied mutatis mutandis under Articles 88 and 96), publication right, neighboring right or right of database producer which is registered shall be presumed to have been negligent in the relevant infringement. (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

Article 125-2 (Claim of Statutory Damages)          

(1) A holder of author’s economic right, etc. may claim considerable damages within the scope of up to ten million won (50 million won in cases of intentionally infringing rights for profit) for each work, etc. whose right is infringed in lieu of the actual amount of damages or the amount of damages determined pursuant to Article 125 or 126 against a person who has infringed on rights intentionally or by negligence before a trial proceedings of the relevant is concluded.

(2) For the purpose of paragraph (1), compilation works and derivative works which use two or more works as their material shall be deemed a single work.

(3) In order for the holder of author’s economic right, etc. to make a claim pursuant to paragraph (1), relevant works, etc. shall be registered pursuant to Articles 53 through 55 (including cases applied mutatis mutandis under Articles 90 and 98) before the act of infringement occurs.

(4) In receipt of a claim under paragraph (1), the court may recognize a considerable amount of damages within the scope under paragraph (1) in consideration of the purport of defense and the results of evidence examination.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 126 (Acknowledgement of the Amount of Damages)         

When the fact is admitted that some damages have been done, but it is difficult to estimate the amount of damage under Article 125, the court may acknowledge a considerable amount of damage, in the light of the purport of pleading and the results of evidence examination.

Article 127 (Claim for Restoration of Reputation, etc.)    

An author or performer may demand of the person who has infringed on the author’s moral right or performer’s moral right wilfully or by negligence to take measures necessary for the restoration of his or her reputation in lieu of or together with compensation for damages.

Article 128 (Protection of Author’s Moral Interests after Death)  

After the death of an author, his or her bereaved family (referring to the surviving spouse, children, parents, grand children, grand parents, brothers and sisters of the deceased author) or the executor of his or her will may, pursuant to Article 123, claim compensation from a person who has violated or is likely to violate the provisions of Article 14 (2) in respect of the work concerned, or, may, pursuant to Article 127, demand restoration of his or her reputation from a person who has infringed on author’s moral right intentionally or by negligence or who has violated the provisions of Article 14 (2).

Article 129 (Infringement on Rights to Joint Work)            

Each author of a joint work or each holder of author’s economic right to a joint work shall be entitled to make the demand pursuant to Article 123 without the consent of other authors or other holders of author’s economic right, or to claim compensation for damages to his or her share in a joint work regarding the infringement on author’s economic right pursuant to Article 125.

Article 129-2 (Provision of Information)  

(1) Where deemed necessary for collecting evidence upon request of the party concerned in a lawsuit against the infringement of copyright or other rights protected pursuant to this Act, the court may order the other party concerned to provide the following information that he or she holds or knows:

1. Information capable of identifying the act of infringement or a party related to the production and distribution of illegal copies;

2. Information on the routes of production and distribution of illegal copies.

(2) Notwithstanding the provisions of paragraph (1), the other party concerned may refuse to provide information in any of the following cases:

1. Where any of the following persons might be indicted or found guilty:

(a) The other party concerned;

(b) A person who is or was a relative of the other party concerned;

(c) Guardian of the other party concerned;

2. Where it is intended to protect trade secrets (referring to trade secrets under subparagraph 2 of Article 2 of the Unfair Competition Prevention and Trade Secret Protection Act; hereinafter the same shall apply) or privacy, or where other justifiable grounds for refusing the provision of information exist.

(3) Where the other party concerned fails to comply with the order to provide information without any justifiable ground, the court may recognize argument on information by the party concerned as true.

(4) Where deemed necessary to determine whether there are justifiable grounds prescribed in paragraph (2) 2, the court may require the other party concerned to provide necessary information. In such cases, the court shall not disclose the provided information to anyone, unless it is necessary to hear the opinion of the party concerned who has requested the provision of information or his or her representative in order to determine whether the justifiable grounds exist.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 129-3 (Order of Secrecy Maintenance)    

(1) Where all of the following grounds have been substantiated in regard to the trade secrets owned by the party concerned in a lawsuit against the infringement of copyright or other rights protected pursuant to this Act (excluding rights to receive compensation under Articles 25, 31, 75, 76, 76-2, 82, 83, 83-2 and 101-3; hereafter the same shall apply in this Article), the court may, by decision, order the other party concerned, an agent representing the party concerned in the lawsuit or other persons who have become aware of the trade secrets from the lawsuit to neither use such trade secrets for purposes other than the purpose of continuing the lawsuit, nor disclose such trade secrets to persons other than those related to the trade secrets and issued with the order under this paragraph, upon request of the party concerned: Provided, That this shall not apply where, until such request is made, the other party concerned, an agent representing the party concerned in the lawsuit or other persons who have become aware of the trade secrets from the lawsuit have already obtained such trade secrets by means other than the perusal of preparatory documents or evidence examination under subparagraph 1:

1. That trade secrets are included in preparatory documents to have already been submitted or to be submitted, or in evidence (including information provided pursuant to Article 129-2 (4)) to have already been investigated or to be investigated;

2. That the use or disclosure of trade secrets under subparagraph 1 for purposes other than the purpose of carrying out the lawsuit is likely to harm the business of the party concerned, and thus it is necessary to restrict the use or disclosure of trade secrets in order to prevent such harm.

(2) The application for an order under paragraph (1) (hereinafter referred to as “order of secrecy maintenance“) shall be made in documents stating the following matters:

1. The party subject to order of secrecy maintenance;

2. The facts that are sufficient to identify the trade secrets subject to order of secrecy maintenance;

3. The facts falling under the grounds prescribed in each subparagraph of paragraph (1).

(3) Where an order of secrecy maintenance has been decided, the written decision shall be served on the party subject to order of secrecy maintenance.

(4) Order of secrecy maintenance shall take effect from the time the written decision under paragraph (3) is served on the party subject to it .

(5) An immediate appeal may be made against the ruling that has dismissed or rejected the application for an order of secrecy maintenance.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 129-4 (Revocation of Secrecy Maintenance Order)             

(1) Where the party who has applied for or received an order of secrecy maintenance fails to meet, or no longer meets, the requirements prescribed in Article 129-3 (1), he or she may request the court keeping the records of proceedings (where no court is keeping the records of proceedings, referring to the court that has issued the confidentiality order) to revoke the order.

(2) The court ruling on the application for revocation of a secrecy maintenance order shall serve the applicant and the other party concerned with the written decision.

(3) An immediate appeal may be made against the court ruling of the application for revocation of the confidentiality order.

(4) A court ruling to revoke a secrecy maintenance order shall take its effect only when it becomes final and conclusive.

(5) Where any person other than the applicant for revocation of a secrecy maintenance order and the other party concerned has received the secrecy maintenance order about the relevant trade secrets, the court that held the trial to revoke the confidentiality order shall immediately notify such person of the purport of the trial to revoke the secrecy maintenance order.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

Article 129-5 (Notification, etc. of Application Including Perusal of Records of Proceedings)         

(1) Where a decision under Article 163 (1) of the Civil Procedure Act has been made on the records of proceedings of the trial that issued an secrecy maintenance order (excluding a trial that has revoked secrecy maintenance order in whole), if the party concerned applied for the perusal, etc. of the part containing confidential information prescribed in the same paragraph through a person not subject to secrecy maintenance order in the relevant lawsuit, the court administrative officer, junior court administrative officer, chief court clerk or senior court clerk (hereafter referred to as “junior court administrative officer, etc.” in this Article) shall notify a person who made application under Article 163 (1) of the Civil Procedure Act (excluding a person who applied for the perusal, etc. thereof) of the purport of such an application, right after the application for perusal, etc. thereof is made.

(2) In cases falling under paragraph (1), no junior court administrative officer, etc. shall allow the person who has taken the procedures for such application for perusal, etc. the part containing confidential information under paragraph (1) until two weeks pass from the date of the application under paragraph (1) (where the application for the secrecy maintenance order for the person who has taken the procedures for such application is made within the period, referring to the point when the trial for such application becomes final and conclusive).

(3) In regard to allowing the person who has applied for the perusal, etc. under paragraph (1) to peruse, etc. the part containing confidential information under paragraph (1), paragraph (2) shall not apply where all of the parties concerned who have made an application under Article 163 (1) of the Civil Procedure Act consent thereto.

(Article Inserted by Act nº 11110, Dec. 2, 2011)

CHAPTER X.- SUPPLEMENTARY PROVISIONS

Article 130 (Delegation and Entrustment of Authority)   

The Minister of Culture, Sports and Tourism may delegate part of his or her authority pursuant to this Act to the Special Metropolitan City Mayor, a Metropolitan City Mayor, Do Governor and Special Self-Governing Province Governor as prescribed by Presidential Decree, or may entrust it to the Commission, Protection Agency, or copyright-related organizations. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009; Act nº 14083, Mar. 22, 2016)

Article 131 (Legal Fiction as Public Official in Application of Penal Provisions)       

Members and employees of the Commission, executive officers and employees of the Protection Agency, and members of the Deliberation Committee shall be deemed public officials in the application of Articles 129 through 132 of the Criminal Act. (Amended by Act nº 14083, Mar. 22, 2016)

Article 132 (Fees)             

Those who apply, etc. for a matter falling under any of the following subparagraphs pursuant to this Act shall pay a fee, as stipulated by Ordinance of the Ministry of Culture, Sports and Tourism: (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

1. Those who apply for approval of statutory license (including the cases applied mutatis mutandis pursuant to Articles 89 and 97) pursuant to Articles 50 through 52;

2. Those who apply for registration (including the cases applied mutatis mutandis pursuant to Articles 90 and 98), modifications of the registered matters, perusal of registers and issuance of copies thereof pursuant to Articles 53 through 55;

3. Those who apply for permission or report copyright trust service pursuant to Article 105.

Article 133 (Collection, Destruction and Deletion of Illegal Copies)            

(1) When the Minster of Culture, Sports and Tourism, the Special Metropolitan City Mayor, a Metropolitan City Mayor, a Do Governor and a Special Self-Governing Province Governor or the head of a Si/Gun/Gu (referring to the head of an autonomous Gu) finds out copies (excluding copies which are interactively transmitted through information and communication networks) that infringe on copyright or other rights protected pursuant to this Act, or tools, devices, information and programs manufactured to circumvent technological protection measures for works, etc., he or she may have the relevant public officials collect, destroy or delete them pursuant to the procedures and methods prescribed by Presidential Decree. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009)

(2) The Minster of Culture, Sports and Tourism may entrust the duties pursuant to the provisions of paragraph (1) to an organization prescribed by Presidential Decree. In such cases, those who are engaged in these duties shall be deemed public officials. (Amended by Act nº 8852, Feb. 29, 2008)

(3) Where the relevant public officials, etc. collect, destroy or delete them pursuant to paragraphs (1) and (2), the Minster of Culture, Sports and Tourism may request the relevant organization for cooperation if necessary. (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009)

(4) Deleted. (by Act nº 9625, Apr. 22, 2009)

(5) The Minister of Culture, Sports and Tourism may set up and operate structures necessary for the duties pursuant to paragraph (1). (Amended by Act nº 8852, Feb. 29, 2008; Act nº 9625, Apr. 22, 2009)

(6) Where the provisions of paragraphs (1) through (3) conflict with the provisions of other Acts, this Act shall prevail to the extent of the conflict. (Amended by Act nº 9625, Apr. 22, 2009)

Article 133-2 (Orders, etc. for Deletion of Illegal Copies, etc. through Information and Communications Networks)           

(1) Where a copy or information which infringes on copyright or other rights protected under this Act, or a program or information (hereinafter referred to as “illegal copies, etc.”) which circumvents technological protection measures is interactively transmitted through information and communications network, the Minister of Culture, Sports and Tourism may order, following deliberation by the Deliberation Committee, an online service provider to take measures referred to in the following subparagraphs, as prescribed by Presidential Decree: (Amended by Act nº 14083, Mar. 22, 2016)

1. Warnings to reproducers and interactive transmitters of illegal reproductions, etc.;

2. Deletion or suspension of interactive transmission of illegal reproductions, etc.

(2) Where any reproducer and interactive transmitter who receives warnings pursuant to paragraph (1) 1 three times or more interactively transmits illegal reproductions, etc., the Minister of Culture, Sports and Tourism may order, following deliberation by the Deliberation Committee, an online service provider to suspend an account (excluding an exclusive account for e-mail and including other accounts given by the relevant online service provider; hereinafter the same shall apply) of the relevant reproducer or interactive transmitter within a fixed period of up to six months. (Amended by Act nº 11110, Dec. 2, 2011; Act nº 14083, Mar. 22, 2016)

(3) An online service provider who has received orders pursuant to paragraph (2) shall, seven days before he or she suspends an account of the relevant reproducer or interactive transmitter, notify the relevant reproducer or interactive transmitter of the fact that the relevant account will be suspended, as prescribed by Presidential Decree.

(4) Where a bulletin board for which orders pursuant to paragraph (1) 2 have been issued more than three times from among bulletin boards (referring to bulletin boards providing commercial interests or convenience of use from among the bulletin boards referred to in Article 2 (1) 9 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc.; hereinafter the same shall apply) established in information and communications network of an online service provider is judged to seriously harm healthy use of copyright in the light of the form of the relevant bulletin board and the quantity and nature of copies posted, the Minister of Culture, Sports and Tourism may order, following deliberation by the Deliberation Committee, the online service provider to suspend the whole or part of the relevant bulletin board service within a fixed period not exceeding six months, as prescribed by Presidential Decree. (Amended by Act nº 14083, Mar. 22, 2016)

(5) An online service provider who has received orders pursuant to paragraph (4) shall, from ten days before he or she suspends the relevant bulletin board service, post the fact that the relevant bulletin board service is suspended on the website of the relevant online service provider and on the relevant bulletin board, as prescribed by Presidential Decree.

(6) An online service provider shall notify the Minister of Culture, Sports and Tourism of the result of measures taken within five days from receiving an order pursuant to paragraph (1), within ten days from receiving an order pursuant to paragraph (2), within 15 days from receiving an order pursuant to paragraph (4), as prescribed by Presidential Decree.

(7) The Minister of Culture, Sports and Tourism shall give an opportunity of submission of an opinion in advance to online service providers subject to orders referred to in paragraphs (1), (2) and (4), to reproducers and interactive transmitters who have direct stake in orders pursuant to paragraph (2) and to operators of bulletin boards pursuant to paragraph (4). In such cases, Articles 22 (4) through (6) and 27 of the Administrative Procedures Act shall apply mutatis mutandis to the submission of an opinion.

(8) The Minister of Culture, Sports and Tourism may establish and operate an organization necessary to perform affairs pursuant to paragraphs (1), (2) and (4).

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 133-3 (Recommendation of Correction, etc.)        

(1) Where the Protection Agency, as a result of investigation into information and communications network of an online service provider, has found a fact that illegal copies, etc. have been interactively transmitted, it may recommend an online service provider to take corrective measures falling under the following subparagraphs, following deliberation by the Deliberation Committee: (Amended by Act nº 14083, Mar. 22, 2016)

1. Warnings to reproducers or interactive transmitters of illegal copies, etc.;

2. Deletion and suspension of interactive transmission of illegal copies, etc.;

3. Suspension of accounts of reproducers or interactive transmitters who have repeatedly transmitted illegal copies, etc.

(2) Within five days from receiving recommendation pursuant to paragraph (1) 1 and 2, and within ten days from receiving recommendation pursuant to paragraph (1) 3, an online service provider shall notify the Protection Agency of the result of performing the correction measures. (Amended by Act nº 14083, Mar. 22, 2016)

(3) Where an online service provider fails to comply with the recommendation pursuant to paragraph (1), the Protection Agency may request the Minister of Culture, Sports and Tourism to issue an order pursuant to Article 133-2 (1) and (2) to him or her. (Amended by Act nº 14083, Mar. 22, 2016)

(4) Where, pursuant to paragraph (3), the Minister of Culture, Sports and Tourism gives an order pursuant to Article 133-2 (1) and (2), no deliberation by the Deliberation Committee shall be required. (Amended by Act nº 14083, Mar. 22, 2016)

(Article Inserted by Act nº 9625, Apr. 22, 2009)

Article 134 (Creation of Environment for fair Use of Works)          

(1) The Minister of Culture, Sports and Tourism may execute projects necessary for promotion of fair use of works, such as provision of information on works, etc., copyright of which has expired. (Amended by Act nº 9625, Apr. 22, 2009)

(2) Matters necessary for projects under paragraph (1) shall be prescribed by Presidential Decree. (Amended by Act nº 9625, Apr. 22, 2009)

(3) Deleted. (by Act nº 9625, Apr. 22, 2009)

Article 135 (Donation of Author’s Economic Right, etc.)  

(1) The holder of author’s economic right, etc. may donate their rights to the Minister of Culture, Sports and Tourism. (Amended by Act nº 8852, Feb. 29, 2008)

(2) The Minister of Culture, Sports and Tourism may designate an organization capable of equally managing the rights to the works, etc. donated by the holder of author’s property right, etc. (Amended by Act nº 8852, Feb. 29, 2008)

(3) The organization designated pursuant to the provisions of paragraph (2) shall not use the works, etc. for commercial purposes or against the intention of the relevant holder of author’s economic right, etc.

(4) Matters necessary for the procedures of donation, designation of organization, etc. pursuant to the provisions of paragraphs (1) and (2) shall be prescribed by Presidential Decree.

CHAPTER XI.- PENALTY PROVISIONS

Article 136 (Penalty Provisions)  

(1) Any person who falls under any of the following subparagraphs may be punished by imprisonment with labor up to five years or by a fine up to 50 million won, or may be punished by both: (Amended by Act nº 11110, Dec. 2, 2011)

1. A person who infringes on author’s economic right or other property rights protected pursuant to this Act (excluding the rights under Article 93) by means of reproduction, performance, public transmission, exhibition, distribution, rental, or production of derivative works;

2. A person who violates the court order under Article 129-3 (1) without justifiable grounds.

(2) Any person who falls under any of the following subparagraphs shall be punished by imprisonment with labor for up to three years or by a fine up to 30 million won, or may be punishable by both: (Amended by Act nº 9625, Apr. 22, 2009; Act nº 10807, Jun. 30, 2011; Act nº 11110, Dec. 2, 2011)

1. A person who defames the honor of author or performer by infringing on author’s or performer’s moral rights;

2. A person who files for false registration pursuant to Articles 53 and 54 (including cases applied mutatis mutandis pursuant to Articles 90 and 98) deceitfully;

3. A person who infringes on the right of a database producer protected pursuant to Article 93 by means of reproduction, distribution, broadcasting or interactive transmission;

3-2. A person who violates Article 103-3 (4);

3-3. A person who violates Article 104-2 (1) or (2) for his or her own business or for profit;

3-4. A person who violates Article 104-3 (1) for his or her own business or for profit: Provided, That a person who, by negligence, has not known that such act causes or conceals the infringement of copyright or other rights protected pursuant to this Act shall be excluded herefrom;

3-5. A person who commits an act falling under subparagraph 1 or 2 of Article 104-4;

3-6. A person who violates Article 104-5;

3-7. A person who violates Article 104-7;

4. A person who commits an act deemed an infringement pursuant to Article 124 (1);

5. and 6. Deleted (By Act nº 10807, Jun. 30, 2011)

Article 137 (Penalty Provisions)  

(1) Any person who falls under any of the following subparagraphs shall be punished by imprisonment with labor up to one year or by a fine up to ten million won: (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

1. A person who makes a work public under the real name or pseudonym of a person other than the author;

2. A person who publicly performs or publicly transmits a performance, or distributes copies of performance under the real name or pseudonym of a person other than the performer;

3. A person who violates Article 14 (2);

3-2. A person who conducts an act falling under subparagraph 3 of Article 104-4;

3-3. A person who violates Article 104-6;

4. A person who operates copyright trust service without obtaining permission pursuant to Article 105 (1);

5. A person who commits an act deemed an infringement pursuant to Article 124 (2);

6. A person who obstructs the business of an online service provider by making a demand by intention for the suspension or resumption of a reproduction or interactive transmission under Article 103 (1) or (3), upon knowing that he or she had no legitimate authority;

7. A person who violates Article 55-2 (including cases applied mutatis mutandis pursuant to Articles 90 and 98).

(2) A person who attempts to commit a crime under paragraph (1) 3-3 shall be punished. (Inserted by Act nº 11110, Dec. 2, 2011)

Article 138 (Penalty Provisions)  

Any person who falls under any of the following subparagraphs shall be punished by a fine up to five million won: (Amended by Act nº 11110, Dec. 2, 2011)

1. A person who violates Article 35 (4);

2. A person who fails to indicate the sources, in violation of Article 37 (including the cases applied mutatis mutandis pursuant to Articles 87 and 94);

3. A person who fails to the holder of author’s economic right, in violation of Article 58 (3) (including cases applied mutatis mutandis under Articles 63-2, 88 and 96);

4. A person who fails to notify the author, in violation of Article 58-2 (2) (including cases applied mutatis mutandis under Articles 63-2, 88 and 96);

5. A person who engages in a copyright agency or brokerage service without reporting pursuant to Article 105 (1), or who continues the services after receipt of an order to close the services pursuant to Article 109 (2).

Article 139 (Confiscation)             

Among copies made by infringing on copyright or other rights protected pursuant to this Act and tools and materials mainly used to produce such copies, which are owned by the infringing person, printer, distributor or public performer shall be confiscated. (Amended by Act nº 11110, Dec. 2, 2011)

(Article Amended by Act nº 10807, Jun. 30, 2011)

Article 140 (Complaint)  

The crimes under this Chapter shall be prosecuted only when the injured party has made a complaint: Provided, That in cases falling under any of the following subparagraphs, the same shall not apply: (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011)

1. Where an act falling under Article 136 (1) 1 or 136 (2) 3 and 4 (in cases falling under Article 124 (1) 3, the act shall not be punishable against the explicit opinion of the victim) has been committed habitually for profit-making;

2. Cases falling under Article 136 (2) 2 and 3-2 through 3-7, Article 137 (1) 1 through 4, 6 and 7, and subparagraph 5 of Article 138;

3. Deleted. (By Act nº 11110, Dec. 2, 201)

Article 141 (Joint Penal Provisions)          

If a representative of a legal person, or an agent, employee or other employed persons of a legal person or an individual has committed a crime as prescribed under this Chapter with respect to the affairs of the legal person or the individual, the fine prescribed under the relevant Articles shall be imposed on such a legal person or an individual in addition to the punishment of the offender: Provided, That where a legal person or an individual has not neglected to pay reasonable attention to and supervise the relevant affairs in order to prevent such an offense, the same shall not apply. (Amended by Act nº 9625, Apr. 22, 2009)

Article 142 (Administrative Fine)               

(1) A person who has failed to take necessary measures pursuant to Article 104 (1) shall be punished by an administrative fine not exceeding 30 million won. (Amended by Act nº 9625, Apr. 22, 2009)

(2) A person who falls under any of the following subparagraphs shall be punished by an administrative fine not exceeding ten million won: (Amended by Act nº 9625, Apr. 22, 2009; Act nº 11110, Dec. 2, 2011; Act nº 14083, Mar. 22, 2016)

1. A person who fails to comply with the order of the Minister of Culture, Sports and Tourism under Article 103-3 (2);

2. A person who fails to perform his or her duty pursuant to Article 106;

3. A person who uses the title of the Korea Copyright Commission, in violation of Article 112 (4);

3-2. A person who uses the title of the Korea Copyright Protection Agency, in violation of Article 122-2 (5);

4. A person who fails to execute orders given by the Minister of Culture, Sports and Tourism pursuant to Article 133-2 (1), (2) and (4);

5. A person who fails to give notice pursuant to Article 133-2 (3), to post notice pursuant to paragraph (5) of the same Article, to give notice pursuant to paragraph (6) of the same Article.

(3) An administrative fine pursuant to paragraphs (1) and (2) shall be imposed and collected by the Minister of Culture, Sports and Tourism, as prescribed by Presidential Decree. (Amended by Act nº 9625, Apr. 22, 2009)

(4) and (5) Deleted. (by Act nº 9625, Apr. 22, 2009)

ADDENDA

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation: Provided, That the provisions of Article 133 (1) and (3) shall enter into force on the date of its promulgation.

Article 2 (Transitional Measures concerning Extent of Application)

(1) Regarding the works, etc. whose copyright has become extinct entirely or in part or has not been protected entirely or in part pursuant to the former provisions before this Act enters into force, this Act shall not apply to that part.

(2) The utilization of works, etc. performed before the enforcement of this Act shall be governed by the previous provisions.

(3) The provisions of the previous Addenda shall continue to apply even after this Act enters into force: Provided, That the provisions of transitional measures concerning the protection period of neighboring rights under paragraph (3) of the Addenda of the Copyright Act amended by Act nº 4717 shall be excluded herefrom. (Amended by Act nº 11110, Dec. 2, 2011)

Article 3 (Transitional Measures concerning Phonogram Producer)

Phonogram producers pursuant to the previous provisions shall be deemed phonogram producers under this Act.

Article 4 (Transitional Measures concerning Author of Work in Organization’s Name)

The previous provisions shall apply to the author of a work that has been made out pursuant to the previous provisions of Article 9 before this Act enters into force.

Article 5 (Transitional Measures concerning Designation of Organization)

The organization designated to receive compensation pursuant to the previous provisions before this Act enters into force shall be deemed an organization designated pursuant to this Act.

Article 6 (Transitional Measures concerning Statutory License)

The legal license under the previous provisions at the time this Act enter into force shall be deemed the legal license under this Act.

Article 7 (Transitional Measures concerning Registration)

The registration pursuant to the previous provisions at the time this Act enters into force shall be deemed the registration under this Act: Provided, That the registration of name, etc. of the holder of author’s property right made pursuant to the previous provisions of Article 51 shall be governed by the previous provisions.

Article 8 (Transitional Measures concerning Counting of Protection Period of Phonogram)

The counting of protection period of a phonogram that was fixed before this Act entered into force but has not been released yet shall be governed by this Act.

Article 9 (Transitional Measures concerning Undistributed Compensation)

The provisions of Article 25 (8) of this Act (including the cases applied mutatis mutandis pursuant to the provisions of Articles 31 (6), 75 (2) and 82 (2)) shall also apply to the compensation money that has been received pursuant to the previous provisions of Articles 23 (3), 28 (5), 65 and 68 before this Act enters into force. In such cases, the date of notification of distribution for each compensation shall be deemed the last day of the year to which the day when the holder of right is able to receive the compensation concerned for the first time from the compensation paying organization belongs.

Article 10 (Transitional Measures concerning Performer’s Moral Right)

The provisions of Articles 66 and 67 of this Act shall not apply to the performance presented before this Act enters into force.

Article 11 (Transitional Measures concerning Copyright Trust Service Provider)

Those who have received permission for copyright trust service pursuant to the previous provisions at the time this Act enters into force shall be deemed those who have received the permission for copyright trust management business, and those who have reported the copyright trust service shall be deemed those who have reported the copyright agency or brokerage service.

Article 12 (Transitional Measures concerning Fee and Usage Fee for Copyright Trust Service Provider)

The rate or amount of fee and usage fee for copyright trust management business provider that has been approved pursuant to the previous provisions shall be deemed to have been approved pursuant to this Act.

Article 13 (Transitional Measures concerning Copyright Committee, etc.)

The Copyright Deliberation and Conciliation Committee and the members therof under the previous provisions shall be deemed the Copyright Committee and the members therof pursuant to the provisions of Chapter VIII of this Act.

Article 14 (Transitional Measures concerning Application of Penalty Provisions)

The application of penal provisions to an act before this Act enters into force shall be governed by the previous provisions.

Article 15 Omitted.

Article 16 (Relationship with Other Statutes)

Where the previous provisions are cited in other Acts and subordinate statutes at the time this Act enters into force, the corresponding provisions in this Act shall be deemed to have been cited.

ADDENDA (Act nº 8852, Feb. 29, 200)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDUM (Act nº 9529, Mar. 25, 2009)

This Act shall enter into force six months after the date of its promulgation.

ADDENDA (Act nº 9625, Apr. 22, 2009)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Article 2 (Repeal of Computer Programs Protection Act)

The Computer Programs Protection Act shall be repealed.

Article 3 (Preparation of Establishment of Commission)

(1) An action of preparation made to establish the Commission pursuant to this Act may be made before this Act enters into force.

(2) The Minister of Culture, Sports and Tourism shall organize the founding committee to take charge of affairs relating to the establishment of the Commission.

(3) The founding committee shall be comprised of not more than five members appointed by the Minister of Culture, Sports and Tourism, and the chairperson of the Copyright Commission pursuant to Article 112 of the previous Copyright Act shall be the chairperson of the founding committee.

(4) The founding committee shall prepare the articles of association to obtain authorization of the Minister of Culture, Sports and Tourism before this Act enters into force.

(5) When the founding committee has obtained authorization pursuant to paragraph (4), it shall make registration for the establishment of the Commission.

(6) Expenses incurred in the establishment of the Commission shall be borne by the State.

(7) After the founding committee has registered the establishment of the Commission pursuant to paragraph (5), it shall transfer affairs to the chairperson of the Commission without delay, and the founding committee members shall be deemed to have been dismissed when transfer of affairs has been completed.

Article 4 (Transitional Measures concerning Affairs, Rights and Duties, Employment of Copyright Commission and Computer Programs Protection Committee)

(1) The Korea Copyright Commission shall take over affairs, rights and duties and employment of staff of the Copyright Commission and the Computer Programs Protection Committee pursuant to Articles 112 through 122 of the previous Copyright Act and Articles 35 through 43 of the previous Computer Programs Protection Act at the time this Act enters into force.

(2) The chairperson and members of the Copyright Commission pursuant to Article 112 of the previous Copyright Act at the time this Act enters into force shall be deemed the chairperson and members of the Korea Copyright Commission, and the term of office shall be reckoned from the time when a term of office of the chairperson and members of the previous Copyright Commission began.

Article 5 (Transitional Measures concerning Scope of Application)

(1) With respect to works, etc. the whole or part of the right of which, protected by the previous Copyright Act and the previous Computer Programs Protection Act, has terminated or has not been protected before this Act enters into force, this Act shall not apply to the part thereof.

(2) Use of programs made before this Act enters into force shall be in accordance with the previous Computer Programs Protection Act.

Article 6 (Transitional Measures concerning Statutory License)

Acts referred to in the following subparagraphs done under the previous Computer Programs Protection Act before this Act enters into force shall be deemed to have been done pursuant to this Act:

1. Statutory license;

2. Designation of an entrusted managing institution of copyright of programs;

3. Designation of bailor and bailee of a program;

4. Registration of programs;

5. Transfer registration of copyright of programs;

6. Measures for collection of illegal reproductions;

7. Orders for correction and recommendation of correction of illegal reproductions, etc.;

8. Mediation and conciliation of disputes;

9. Appraisal of programs.

Article 7 (Transitional Measures concerning Application of Penalty Provisions)

In application of the penal provisions pursuant to the previous Computer Programs Protection Act to acts done before this Act enters into force, it shall be in accordance with the previous Computer Programs Protection Act.

Article 8 Omitted.

Article 9 (Relation with Other Statutes)

Where the previous Computer Programs Protection Act or the provisions thereof are cited by other statutes as at the time when this Act enters into force, this Act or the corresponding provisions of this Act shall be deemed to have been cited.

ADDENDA (Act nº 9785, Jul. 31, 2009)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 9 Omitted.

ADDENDA (Act nº 10807, Jun. 30, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force on the date on which the Free Trade Agreement between the Republic of Korea, of the one part, and the European Union and its Member States, of the other part, takes effect: Provided, That the amended provisions of Articles 39 through 42 shall enter into force two years from the date on which the Free Trade Agreement between the Republic of Korea, of the one part, and the European Union and its Member States, of the other part, takes effect.

Articles 2 (Transitional Measures concerning Scope of Application)

With regard to works, etc. for which all or some of copyright or other rights protected pursuant to this Act have been extinct or not protected pursuant to the former provisions before this Act enters into force, this Act shall not apply.

Article 3 (Transitional Measures concerning Restriction on Responsibilities of Online Service Providers)

Restriction on responsibilities of online service providers for the infringement of copyright or other rights protected pursuant to this Act before this Act enters into force shall be governed by the former provisions, notwithstanding the amended provisions of Articles 102 and 103.

Article 4 (Transitional Measures concerning Application of Penalty Provisions)

Application of penal provisions to acts done before this Act enters into force shall be governed by the former provisions.

ADDENDA (Act nº 11110, Dec. 2, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force on the date on which the Free Trade Agreement between the Republic of Korea and the United States of America and Exchange of Letters on the Free Trade Agreement between the Republic of Korea and the United States of America takes effect: Provided, That the amended provisions of Articles 64 (2) and 86 shall enter into force on August 1, 2013.

Article 2 (Applicability)

The amended provisions of Articles 103-3, 125-2 and 129-2 through 129-5 shall apply, starting with the first infringement of rights or violation of obligations after this Act enters into force.

Article 3 (Transitional Measures concerning Scope of Application)

With regard to works whose copyright or other rights protected pursuant to this Act have ceased to exist or have not been protected in full or in part under the former provisions before this Act enters into force, this Act shall not apply to the relevant parts.

Article 4 (Special Rules concerning Protection Period of Neighboring Rights)

(1) Notwithstanding the provisions of Article 3, the neighboring rights that come into being between July 1, 1987, and June 30, 1994, pursuant to the amended provisions of Article 2 (3) of the Addenda of the Copyright Act amended by Act nº 8101 shall remain for 50 years counting from the year following the time when such rights come into being pursuant to the amended provisions of Article 70 of the Copyright Act amended by Act nº 4717, which entered into force on July 1, 1994 (hereafter referred to as “the same Act” in this Article).

(2) Among the neighboring rights that come into being between July 1, 1987, and June 30, 1994, pursuant to paragraph (3) of the Addenda of the same Act, those that have become extinct because the 20-year protection period under the former Act (referring to the Copyright Act before the Copyright Act amended by Act nº 4717 enters into force; hereafter the same shall apply in this Article) has lapsed before this Act enters into force shall be reinstated from the enforcement date of this Act and reverted to the holder of neighboring rights. In such cases, such neighboring rights shall remain for the remaining period of the protection period that would have been acknowledged if they had been protected for 50 years counting from the year following the time they came into being for the first time.

(3) Act of using performances, phonograms or broadcasts for which neighboring rights have been reinstated pursuant to paragraph (2) before this Act enters into force shall not be deemed infringement of rights prescribed by this Act.

(4) Reproductions manufactured before this Act enters into force by using relevant performance, phonograms or broadcasts after neighboring rights under paragraph (2) become extinct pursuant to the former Act may be continuously distributed without the permit from the holder of neighboring rights for two years after this Act enters into force.

Article 5 (Transitional Measures concerning Restriction, etc. on Responsibilities of Online Service Providers)

Notwithstanding the amended provisions of Articles 102 and 103-2, the restriction on responsibilities of online service providers in regard to the infringement of copyright or other rights protected pursuant to this Act before this Act enters into force shall be governed by the former provisions.

Article 6 (Transitional Measures concerning Exclusive Publication Right of Program)

Exclusive publication right of programs established and registered before this Act enters into force shall be governed by the former provisions.

Article 7 (Transitional Measures concerning Application of Penalty Provisions)

Application of penal provisions to acts taken before this Act enters into force shall be governed by the former provisions.

Article 8 Omitted.

ADDENDUM (Act nº 11903, Jul. 16, 2013)

This Act shall enter into force three months after the date of its promulgation.

ADDENDUM (Act nº 12137, Dec. 30, 2013)

This Act shall enter into force six months after the date of its promulgation.

ADDENDA (Act nº 13978, Feb. 3, 2016)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 and 3 Omitted.

ADDENDA (Act nº 14083, Mar. 22, 2016)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Article 2 (Preparation for Establishment of Protection Agency)

(1) Preparatory activities to incorporate the Protection Agency may be performed before this Act enters into force.

(2) In order to deal with the affairs related to the incorporation of the Protection Agency, the Minister of Culture, Sports and Tourism shall organize a steering group for incorporation of the Protection Agency (hereinafter referred to as the “steering group for incorporation“)

(3) The steering group for incorporation shall be comprised of and operated by not more than five incorporators commissioned by the Minister of Culture, Sports and Tourism.

(4) The steering group for incorporation shall prepare the articles of incorporation of the Protection Agency, obtain approval thereof from the Minister of Culture, Sports and Tourism, register incorporation of the Protection Agency under a joint name of incorporators, and then, transfer their duties to the chairperson of the Protection Agency.

(5) When the transfer of duties under paragraph (4) is completed, the steering group for incorporation shall be deemed dissolved and incorporators dismissed.

Article 3 (Transitional Measures concerning Affairs under Jurisdiction of Korea Copyright Commission, and Its Rights and Obligations, Employment Relationship, etc.)

(1) Affairs under the jurisdiction of the Korea Copyright Commission under subparagraph 10 of the former Article 113, and its rights and obligations and employment relationship existing as at the time this Act enters into force shall be succeeded by the Protection Agency.

(2) Any activities performed by or toward the Korea Copyright Commission pursuant to subparagraph 10 of the former Article 113 before the establishment of the Protection Agency shall be deemed performed by or toward the Protection Agency.

ADDENDUM (Act nº 14432, Dec. 20, 2016)

This Act shall enter into force on the date of its promulgation.

ADDENDA (Act nº 14634, Mar. 21, 2017)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Article 2 (Transitional Measures concerning Ineligibility of the Incompetent, etc.)

Notwithstanding the amended provisions of Article 105 (3) 1, the former provisions shall apply to the persons who has already been declared incompetent or quasi-incompetent at the time this Act enters into force, and of whom the effect of the declaration of the incompetency or quasi-incompetency remains valid pursuant to Article 2 of the Addenda to the Civil Act partially amended by Act 10429.