정보통신서비스제공자의 주의의무위반과 손해배상책임 - 대법원 2015.2.12. 선고 2013다43994, 44003 판결을 중심으로 -

Violation of the duty of due care of information communication service providers and the question of damages - based on Supreme Court decision 2013Da43994, 44004 from 2015.2.12. -

The Supreme Court decision that is the subject of the present paper concerns the question of liability of information communication service providers for damage resulting from the violation of personal data. There have previously been decisions on this matter, however this is the first time the Supreme Court has decided on the violation of personal data as a consequence of hacking by third parties. Therefore the present decision is of particular importance, especially since the Supreme Court presented certain factors against which to determine whether there is a violation of the standard of care on the part of the information communication service provider. The present paper focuses on three legal aspects of the above decision. First, the Supreme Court decided that the defendant violated neither its obligations in law nor in contract to take all measures necessary for the safety of personal data. However it is far from certain whether the acts of the defendant do amount to ‘all necessary rational measures that are to be socially expected’. Both delictual and contractual liability will be examined. Second, the Information Communication Network Act provides for the transfer of the burden of proof from the victim to the provider. However this does not seem to have been considered by the Supreme Court in determining the liability of the defendant. Given the relevant case law in Korean civil law, the effect of the transfer of the burden of proof should be analyzed throughly. Third, although the Court did not decide on the matter of damage, it is necessary to discuss whether liability may be established for immaterial damage.