South Korea’s age assurance policies built on years of systemic, political change

A new paper from two scholars examines South Korea’s approach to age assurance. Published in TechPolicy.press, the paper contrasts global age assurance models with Korea’s system – Which, say authors Seungmin (Helen) Lee and Michelle J. Lee, “differs from many Western governments’ more recent and debated efforts as it stems from a long history of government-led identity verification measures.”

South Korea’s policies, they argue, evolved through a successive series of regulatory responses to online safety, election security and content control. The foundation was laid in 2004, with a question around elections. Article 82-6 amended the Public Official Election Act to “require online users to verify their real name by submitting their Resident Registration Numbers (RRNs) – the unique 13-digit number assigned to Korean citizens at birth – when posting information related to elections, political parties, and candidates.

“The amendment was later repealed for being unconstitutional,” the authors note – but by then, it had already set South Korea on a particular path with regards to age assurance.

Further developments have been shaped by cultural norms and societal issues that differ from the West’s. The authors note how Confucian principles deeply rooted in Korean culture prioritize collective harmony over the west’s brand of rugged individualism. “Unlike in the West, where privacy and civil liberties are often central to policy debates, Koreans have generally been more accepting of identity verification and state oversight in the interest of security and social order.

Stronger trust in government regulation – or at least less active pushback – means age assurance isn’t nearly as contentious in Korea as it is in the U.S., with its “cultural emphasis on individual rights and autonomy.”

Another major factor is Korea’s political history, which has translated into policy. “South Korea started with extremely strict policies,” the authors note. The country only truly emerged from autocratic rule in 1987, and as such its starting line for age assurance was drawn in the context of stringent government control.

The RRN system was vulnerable to led to identity theft and data breaches, and so in 2006 South Korea introduced the Internet Personal Identification Number (i-PIN) system, which “designated credit bureau companies – Korea Credit Bureau, National Information Credit Evaluation, and the SCI Information Service – as official i-PIN issuing organizations.”

Further concerns arose on the social side, as cyberbullying and resulting suicides became an issue of national importance after the death of Korean actor Choi Jin-sil. In response, the government introduced the Internet Real Name System in 2007, “aimed at expanding the real name system across the internet to all websites with more than 100,000 visitors per day under the Act on Promotion of Information and Communication Network Utilization and Information Protection (ICN Act).”

In 2012, the Constitutional Court repealed that act for “being ineffective, limiting freedom of speech, and increasing cybercrime and identity theft.”

From there, 2010 saw the introduction of i-PIN 2.0 – subsequently scuppered in 2018 for being hard to use. 2011 brought the Personal Information Protection Act (PIPA), which banned collection of personal information without consent and explicit approval, while allowing “alternative methods to online identity verification.” In 2012, the Amendment to ICN Act “further restricted RRN usage to authentication agencies designated by governments to provide alternative ID numbers and qualified information and communications service providers.”

Three mobile operators were designated as identity verification agencies. In 2017 seven credit card companies were added, “consequently allowing credit card numbers and mobile transactions to be included as alternate identification methods.”

The authors also note that South Korea was the first (and remains the only) country to impose “comprehensive adult verification restrictions” on Netflix. “Korean Netflix users are prompted to verify their age annually for access to adult-rated content (19+) by entering their name, gender, date of birth, mobile carrier, and phone number for a verification code. Specific verification methods provide differing levels of content access.”

Although Netflix already knows those things about many Americans, imposing that kind of enhanced ID verification would likely put many in the U.S. on the defensive, raising fears of government overreach and sparking another fire in the conflict over First Amendment rights.

This belief system, say the authors, “along with the absence of federal data protections and a reliance on private-sector enforcement,” makes implementing centralized age assurance in the U.S. an especially daunting political task.

“As the West continues to debate age assurance and online identity verification, South Korea’s 20-year history of responding to arising risks offers a valuable point of reference for key differences in culture and policy.”

Article Topics

age verification  |  biometrics  |  children  |  digital identity  |  identity management  |  South Korea