(영문) 서울중앙지방법원 2018.8.16.선고 2017노1296 판결

Courtrooms (prosecutions), courtrooms (public trial), courtrooms (public trial), courtrooms (public trial), courtrooms (public trial) and transfer to other schools.

Defense Counsel

Attorney Kim Sung-sik, Kim Ho-hoon, Lee Ho-hoon (Defendant A, B, C, D, E, F, and I Shares)

For the Company:

Attorney Ansan-gu (for the defendant G)

Attorney Kang Jong-tae, and Kim Flue (for the defendant H)

The judgment below

Seoul Central District Court Decision 2015 Godan510 Decided January 8, 2016

Judgment of the Court of First Instance

Seoul Central District Court Decision 2016No223 Decided August 12, 2016

Judgment of remand

Supreme Court Decision 2016Do13263 Decided April 7, 2017

Imposition of Judgment

August 16, 2018

Text

The judgment below is reversed.

Defendant A and B shall be punished by imprisonment for 10 months, by imprisonment for Defendant C, by imprisonment for 1 year, by imprisonment for Defendant D, E, and F, by imprisonment for 6 months, by Defendant G and H by fine for 7 million won, and by fine for 75 million won, respectively.

When Defendant G and H fail to pay each of the above fines, each of the above Defendants shall be confined in a workhouse for the period calculated by converting 100,000 won into one day.

However, for two years from the date this judgment becomes final and conclusive, the execution of each of the above sentence against Defendant A, B, C, D, E, and F shall be suspended.

Defendant G, H, and I are ordered to pay an amount equivalent to the above fines to Defendant G, H, and I.

Reasons

1. Progress of this case

가. 검사는, ① 피고인 B, C, D가 공모하여 2011. 12.경부터 2012. 8.경까지, 피고인C, D가 공모하여 2012. 9.경부터 2013. 4.경까지, 피고인 A, C, E이 공모하여 2013. 7.경부터 2013. 11.경까지, 피고인 A, C, F이 공모하여 2013. 12.경부터 2014. 6.경까지 각 거짓이나 그 밖의 부정한 수단이나 방법으로 경품행사 응모고객들의 개인정보를 취득하고 처리에 관한 동의(제3자 제공)를 받았다는 사실에 관하여 위 피고인들에 대해서 각 개인정보보호법위반죄로, ② P, O 등과 공모하여, 피고인 D가 2013. 2.경부터 2013. 5. 15.경까지 L 주식회사(이하 'L'이라 한다)의 제휴마케팅팀 차장인 피고인 G등에게, 2011. 12.경부터 2013. 5.경까지 N 주식회사(이하 'N'이라 한다)의 제휴마케팅팀 차장인 피고인 H 등에게, 피고인 E이 2013. 5.경부터 2013. 12.경까지 피고인 G, H등에게, 피고인 F이 2014. 1.경부터 2014. 8.경까지 피고인 G, H 등에게 정보주체 또는 정보통신서비스 이용자의 동의를 받지 아니한 I 회원정보를 각 제공하였다는 사실로 위 피고인들에 대해서 각 개인정보보호법 위반죄 및 정보통신망이용촉진및정보보호등에 관한법률위반(개인정보누설 등)죄로[이 사건에서 피고인 D, E, F, G, H에 대해서 구 정보통신망 이용촉진 및 정보보호 등에 관한 법률(2016. 3. 22. 법률 제14080호로 개정되기 전의 것, 이하 같다) 제71조 제3호, 제24조의 2 제1항이, 피고인 I 주식회사에 대해서는 위 구 정보통신망 이용촉진 및 정보보호 등에 관한 법률 제75조, 제71조 제3호, 제24조의2 제1항이 각 적용되었다. 이하에서는 위 구 정보통신망 이용촉진 및 정보보호 등에 관한 법률을 '정보통신망법'으로 표시한다.], ③ 피고인 주식회사(이하 ''라 한다)의 대표자나 종업원인 피고인 A, B, C, D, E, F이 위 ①항 기재 각 위반행위를 하였다는 사실로 I에 대해서 각 개인정보보호법위반죄로(이하에서는 피고인 A, B, C, D, E, F에 대한 위 ①항 기재 공소사실과 I에 대한 이 부분 공소사실을 '개인정보취득 등으로 인한 개인정보보호법위반의 점'이라 한다), I의 종업원인 피고인 D, E, F이 위 ② 항 기재 각 위반행위를 하였다는 사실로 I에 대해서 개인정보보호법위반죄 및 정보통신망이용촉진및정보보호등에관한법률위반(개인정보 누설등)죄로(이하에서는 피고인 D, E, F에 대한 위 ②항 기재 공소사실과 I에 대한 이 부분 공소사실을 '개인정보 제공으로 인한 개인정보보호법위반, 정보통신망법위반의 점'이라 한다), ④ 피고인 G이 2013. 2.경부터 2014. 8.경까지, 피고인 H이 2011. 12.경부터 2012. 8.경까지 및 2013. 6.경부터 2014. 8.경까지 각 회사의 영리 목적으로 제3자 정보제공에 관한 동의가 되어 있지 아니한 I 고객의 회원정보를 피고인 D 등으로부터 제공받았다는 사실로 위 피고인들에 대해서 각 개인정보보호법위반죄 및 정보통신망이용촉진및정보보호등에관한법률위반(개 인정보누설등)죄(이하에서는 피고인 G, H에 대한 이 부분 각 공소사실을 '개인정보 수령으로 인한 개인정보보호법 위반, 정보통신망법위반의 점'이라 한다)로 공소를 제기하였다.

B. The lower court acquitted all of the charges of this case on the grounds as indicated in Article 4-2(b) below. A prosecutor filed an appeal on the misapprehension of legal principles and mistake of facts as stated in paragraph (2) below, and the judgment prior to remanding the case was all dismissed. A prosecutor filed an appeal on the grounds that the judgment prior to remanding the case was erroneous by misapprehending the legal principles or by violating the rules of evidence. As to the violation of the Personal Information Protection Act due to the acquisition of personal information, the Supreme Court reversed the judgment of the lower court prior to remanding the case by misapprehending the legal principles on “the act of acquiring personal information or obtaining consent to the management thereof by false or other unlawful means or means” as stipulated in Article 59 subparag. 1 and subparag. 2 of Article 72 of the Personal Information Protection Act, and failed to exhaust all necessary deliberations, thereby adversely affecting the conclusion of the judgment, and remanded the judgment of the lower court to the Seoul High Court.

2. Summary of grounds for appeal;

A. As to the violation of the Personal Information Protection Act due to the acquisition, etc. of personal information, Defendant A, C, D, E, and F (hereinafter “Defendant A, etc.”) collected personal information from an insurance company through a premium event for the purpose of selling it to the insurance company. In accordance with Article 15(2) of the Personal Information Protection Act, Defendant A, etc. did not notify the subscribing customers of the fact that “the actual purpose of collecting and using the personal information” was to collect and use the personal information of this case, but did not notify the subscribing customers of the fact that they were obligated to do so, and made it impossible for the subscribing customers to actually read the information by stating that “the purpose of collecting and using the right to subscribe,” “the purpose of collecting and using the personal information of this case,” “the purpose of collecting and using the personal information of this case is to collect and use the personal information of this case.” Furthermore, it is evident that the subscribing Party A, etc. did not consent to the collection of the personal information of this case by misunderstanding or using other unlawful means such as contact with the subscribing’s name, date, etc.

B. In light of the fact that: (a) the disclosure of personal information by the provision and receipt of personal information is based on data owned by an insurance company and only for the benefit of an insurance company; and (b) the disclosure of personal information by the insurance company is for the benefit of an insurance company; and (c) as stated in this part of the facts charged, Defendant D, E, and F (hereinafter “Defendant D, etc.”) did not have a perception that the provision of personal information to L and N without consent to the insurance company for the so-called prior reception; (d) Defendant G, H, etc. receiving the said personal information did not have a perception that it was entrusted with the management of personal information; and (e) Defendant G, H, etc. receiving the said personal information did not have a perception that it was entrusted with the management of personal information; (e) providing the personal information to L and N for the prior purchase of personal information; and (e) providing it constitutes a third party of personal information as well as entrustment of the management of personal information under Article 26 of the Personal Information Protection Act and Article 25 of the Information and Communications Network Act.

3. Ex officio determination

The prosecutor's judgment on the grounds for appeal shall be considered ex officio.

After remanding the case, the prosecutor filed an application for changes in the indictment in which the facts charged in this case were finally changed as stated in the facts of the crime (attached Form 1) at the trial on two occasions, and since this court permitted this, the judgment of the court below was no longer maintained.

However, even if there are such reasons for ex officio reversal, the final modified facts charged and the facts charged before the modification are substantially identical to the contents and determination thereof, and thus, the reasons for the prosecutor’s appeal still becomes subject to the judgment of this court.

4. Judgment on the prosecutor's grounds for appeal

A. Summary of the facts charged in this case

[Attachment 1] The facts of the crime are as stated in the "crimes" (e.g., deletion of parts irrelevant to the elements of each of the crimes of this case applied to the defendant, etc.).

B. The judgment of the court below

1) As to the violation of the Personal Information Protection Act due to the acquisition, etc. of personal information, the lower court acquitted Defendant A, etc. of the violation of the Personal Information Protection Act due to the acquisition, etc. of each of the instant charges on the following grounds, and acquitted Defendant A of the violation of the Personal Information Protection Act due to the acquisition, etc.

In other words, the Personal Information Protection Act does not require a third party to give notice as to whether personal information acquired by a personal information manager is provided as a "reward to a third party". However, insofar as Defendant A et al. fully state the matters listed in Article 17 of the Personal Information Protection Act, the duty of disclosure prescribed in the Personal Information Protection Act should be deemed to have been fulfilled. ② In light of the fact that Defendant A et al. provided an opportunity to give free gifts to customers who do not purchase a product online or offline store; approximately KRW 30% of the customers offered in the said free event did not consent to the provision of personal information to a third party; thus, it is reasonable to view that the individual’s personal information would be used for the business of an insurance company if the third party obtains an opportunity to obtain free gifts from the customer’s perspective, and that the third party’s consent to the provision of such information cannot be readily concluded to have been provided as an unlawful means or method of giving free gifts to the third party. However, in light of the fact that Defendant A et al. do not have any other means or method to use such information.

2) As to the violation of the Personal Information Protection Act and the Information and Communications Network Act due to the provision and receipt of personal information

With respect to the violation of the Personal Information Protection Act and the violation of the Information and Communications Network Act due to the provision of each of the personal information by Defendant D, the lower court acquitted the Defendant on this part of the charges for the following reasons, and acquitted the Defendant on this part of the charges, based on the aforementioned judgment, the violation of the Personal Information Protection Act, the violation of the Information and Communications Network Act, the violation of the Personal Information Protection Act due to the provision of each

In other words, in this case, the transfer of personal information for the prior pening is for I's interest as a job for I. Therefore, L and N have the status of a trustee who performs part of I's call service for I, not for a third party prescribed by the Personal Information Protection Act and the Information and Communications Network Act. Ultimately, it is difficult to recognize that the evidence submitted by the prosecutor alone provided the non-exclusive personal information to a third party, and there is no other evidence to acknowledge it. The judgment of the court after the remand is made.

1) As to the violation of the Personal Information Protection Act due to the acquisition of personal information

A) General personality rights derived from the first sentence of Article 10 of the Constitution that provides for human dignity and value and the right to pursue happiness and the right to make decisions on personal information holders, which are guaranteed by the privacy and freedom of private life under Article 17 of the Constitution, are the right in which an owner of information can decide at any time to what extent he/she should know and use. All acts of investigating, collecting, keeping, processing, using, etc. personal information pertaining to such personal information constitute, in principle, restriction on the right to make decisions on personal information (see, e.g., Supreme Court Decisions 2012Da49933, Jul. 24, 2014; 2014Da235080, Aug. 17, 2016).

The Personal Information Protection Act (amended by Act No. 10465, Mar. 29, 201; Act No. 10465, Sept. 30, 201; Act No. 10465, Sept. 30, 201; hereinafter referred to as the “Personal Information Protection Act”) provides for the duty to comply with when a personal information manager collects, possesses, uses, provides, etc. personal information to operate personal information files for the purpose of his/her duties. In other words, a personal information manager shall collect the minimum amount of personal information necessary for the intended purpose and shall not refuse the provision of goods or services to a subject of information on the ground that the subject of information does not consent to the collection of personal information other than the minimum necessary information (Article 16(1) and (2)). In addition, where a personal information manager provides personal information to a third party, the recipient of the personal information, the purpose of the recipient of the personal information, items of personal information provided, etc. shall be notified to the subject of information so that the subject of information can clearly distinguish the consent (Article 2(1).

In addition, Article 59 Subparag. 1 of the Personal Information Protection Act prohibits a person who manages or manages personal information from acquiring personal information or obtaining consent to the management thereof by fraud or other improper means (Article 59 Subparag. 1). Article 72 Subparag. 2 of the Personal Information Protection Act provides that a person who acquires personal information or obtains consent to the management of personal information by fraud or other improper means or means, and a person who knowingly receives personal information for profit or an illegal purpose shall be punished by imprisonment for not more than three years or by a fine not exceeding 30 million won (Article 72 Subparag. 2). In addition, taking into account the legal nature of the right to self-determination of personal information, legislative purpose of the Personal Information Protection Act, the principle of the protection of personal information under the Personal Information Protection Act, and the duty of a personal information manager to comply with

It is reasonable to view that a personal information manager’s act is affirmative or passive, that may affect the decision-making of an owner of information regarding whether to acquire or consent to the management of the personal information, as a deceptive scheme used to acquire or obtain consent to the management of the personal information, or other unlawful means. In addition, in determining whether a personal information manager acquired or consented to the management of the personal information by fraud or other improper means or means, the personal information manager should not separate the consent from the act itself. In examining the whole process in which a personal information manager obtained consent to the acquisition or management of the personal information, the personal information manager should comprehensively consider the motive and purpose of collecting the disclosed personal information, the specific method used for collecting the personal information for collecting the personal information, the relevance and collection of the collected personal information, the details and scale of the personal information acquired, and whether the personal information is included in the sensitive information and other personally identifiable information.

B) The following facts are acknowledged according to the evidence duly adopted and examined by the lower court and the first instance court prior to remand.

① From around 2000, I collected member information while soliciting I’s members, and began to provide information on customers who agreed to provide personal information to a third party from around 2003. From around 2007, I sold personal information of customers of an insurance company.

(2) The I plans to collect and sell personal information through free events under the supervision of a person whose personal information is insufficient to be sold to insurance companies due to changes in the form of an application for subscription to an I par Card Member, and an insurance service team under the New Distribution Services Headquarters, and accordingly, plans to collect and sell such

From 2009, the gift events for customers began.

③ Around October 27, 201, around June 17, 2010, I entered into a business partnership agreement with N and I customers to sell their personal information for KRW 1,980 per case. Then, I conducted a gift event (hereinafter referred to as “instant gift event”) over 11 occasions from December 201 to June 201, and thereby, collected approximately 7,120,000 cases in total (including name, date of birth or resident registration number, cell phone number, number of children, and whether parents live together) of customers who subscribed to the relevant gift event and received approximately 6,00,000 won in total by selling them to N and L, etc.

④ The gift event of this case requires that a person who does not visit an I shop or purchase goods may also be invited to buy a gift event on a premium basis (hereinafter referred to as “the advertisement of this case”), such as the former part, the Internet homepage, purchase receipt, etc. The advertisement of this case and the subscription right (15ccX7cc size) include the words such as 'DO', 'R', 'DP', 'DP', 'D Q', and 'collection/use' under the title of 'personal information collection/use' on the back of the subscription right and on the Internet screen [the collection, entrustment of handling, and consent of use], 'the purpose of collection/use' is 'the provision of information for insurance marketing', 'the provision of information on I', 'the provision of personal information', 'the provision of information on the I', 'the provision of information on third party', 'the provision of personal information', 'the purpose of which is omitted.'

C) We examine the above facts in light of the legal principles as seen earlier.

① Examining the planning and implementation process of the instant premium event, the purpose of the instant premium event is to increase sales by inducing customers to visit, and to collect and sell such information from the beginning. Nevertheless, if the instant premium event is a means to advertise the said premium event, such as 'DO', 'DP', and 'D Q' are placed on a large scale, and it is difficult for consumers to gather personal information and provide it to a third party. Accordingly, if general consumers are exposed to the instant premium, it is more likely that the instant premium event will not be subject to the instant premium offer for the purpose of using it as a part of the instant event. However, it would be more likely that the instant premium offer will not be subject to the instant premium offer for the purpose of using such information as 'personal information’ or 'free advertising for the purpose of providing it to a third party without any consideration’. Therefore, it would be more likely that the instant premium offer will not be subject to the instant premium offer for the purpose of using it as an advertisement for the purpose of collecting and providing it to a third party.

As seen above, it is reasonable to view that Defendant A et al.’s act constitutes “a person who acquired personal information or obtained consent to the management of personal information by false or other unlawful means or methods” under Article 72 subparag. 2 of the Personal Information Protection Act, in full view of the following: (a) as if Defendant A et al. conducted the instant advertisement and donation event with the misunderstanding of consumers; and (b) provided it to a third party; (c) Defendant A et al. committed such act; and (d) Defendant A et al.’s personal information collected by Defendant A et al. violates the principle of the protection of personal information under the Personal Information Protection Act; and (e) information also includes information on privacy or personally identifiable information; and (e) the size of personal information collected by Defendant A et al.; and (e) gains from sales to a third party

D) Nevertheless, the lower court acquitted Defendant A, etc. of violation of the Personal Information Protection Act due to the acquisition, etc. of personal information by Defendant A, etc. among the facts charged in the instant case on the grounds as seen earlier, or erred by misapprehending the legal doctrine on “the act of acquiring personal information or obtaining consent to the management thereof by false or other unlawful means or means” under Article 59 subparag. 1 and Article 72 subparag. 2 of the Personal Information Protection Act, which affected the conclusion of the judgment. The Prosecutor’

2) As to the violation of the Personal Information Protection Act and the Information and Communications Network Act due to the provision and receipt of personal information

A) According to the evidence duly admitted and examined by the lower court and the first instance court before remand, the following facts are acknowledged.

① At the same time, I entered into an insurance company with personal information collected through a premium event and personal information of customers who have consented to the provision of personal information to a third party, and entered into an entrustment contract with W Co., Ltd. (hereinafter referred to as “W”) with respect to customers who have not yet consented to the provision of personal information to a third party among the members of the relevant insurance company (hereinafter referred to as “W”). After this, the above insurance company entered into an insurance company with L and N, etc. after obtaining consent to the provision of information to a third party (so-called “W”), it compared and analyzed the personal information database with the I’s personal information database owned by them, and expressed their intent not to receive information calls from each insurance company among them; (b) those who already entered into an insurance contract with each of the above insurance companies; (c) those who have already entered into an insurance telemarket call with each of the above insurance companies; and (d) those who have been registered with each of the above insurance companies (including insurance premium termination and termination; and (e) those who were not covered by the insurance company’s insurance contract.

(2) [Entrustment of the fashion call service] The employer shall pay 1,700 won per customer who obtained consent to the provision of personal information to a third party as a fee, but did not pay a fee for the personal information coming from a pening by an insurance company.

③ L and L entered into a business partnership agreement on February 27, 2009, the affiliated business partnership agreement on October 1, 2009, and the affiliated business partnership agreement on June 11, 2010, and entered into an affiliated agreement on June 20, 201 with N and N. The affiliated agreement on June 20, 201. Each of the above contracts or agreements was defined as the "business of supporting insurance telemarkets necessary for the holding of the insurance company's telemarkets". The specific content was that L and N are allowed to carry out insurance telemarkets against their customers, after ascertaining whether they want to receive insurance-related consultation from their customers, whether they agree to provide personal information to their customers, and providing them with the above insurance company at KRW 2,800 per case, but the customer's personal information on which they consented to the provision of personal information was already entered into with the above insurance company or the customer's call was calculated within 3 to 36 months.

④ According to the method of calculating fees, I made efforts to reduce the rate of personal information that an insurance company gets coming through a pening among the spread DB provided to an insurance company. However, the ratio of remaining effective database after a pening has been gradually lowered, such as that the ratio of the remaining effective database has been gradually lowered. Accordingly, I proposed a so-called pening. From the standpoint of I, I had a point that the previous insurance company may reduce unnecessary resort procedures if it is conducted after obtaining a third party’s consent from customers to obtain a third party’ consent to the personal information database provided by a third party. However, an insurance company is also required to implement a pening in advance only because it has any inconvenience in implementing the pening procedure that should undergo a caring, and L and N have received the aforementioned request.

⑤ Accordingly, from December 201 to August 2014, Defendant D et al. provided personal information to Defendant G and H et al., as indicated in this part of the facts charged. L and N opened the personal information database that was provided through his web gate to the said web gate (pre-pering) again, and I provided the said insurance company with the personal information of the customers who obtained consent after having provided the database with the spread call. Meanwhile, L and N set up the database of the personal information that completed the pre-percing to the I web gate and deleted all of them from their systems.

B) Article 71 Subparag. 1 of the Personal Information Protection Act provides that a person who provides a third party with personal information without the consent of a subject of information in violation of Article 17(1)1 and a person who receives such personal information with knowledge of such fact shall be punished by imprisonment with prison labor for not more than five years or by a fine not exceeding 50 million won. Article 71 Subparag. 3 of the Information and Communications Network Act provides that a person who provides a third party with personal information without the consent of the relevant user in violation of Article 24-2(1) and a person who knowingly receives such personal information for profit or for an illegal purpose shall be punished by imprisonment with prison labor for not more than five years or by a fine not exceeding 50 million won. Meanwhile, Article 26 of the Personal Information Protection Act and Article 25 of

In light of the language and purport of the above provisions of the Personal Information Protection Act and Article 24-2 of the Information and Communications Network Act, “the provision of personal information to a third party” means a case where personal information is transferred for business operations and interests of the recipient beyond the scope of original purpose of collection and use of personal information. On the other hand, “the entrustment of management of personal information under Article 26 of the Personal Information Protection Act and Article 25 of the Information and Communications Network Act” refers to a case where personal information is transferred for business affairs and interests of the truster in relation to the purpose of collection and use of personal information. In the entrustment of management of personal information, the trustee does not have an independent interest in the management of personal information, except for the payment for the entrusted management of personal information by the truster, and such management of personal information is limited to the scope of entrusted management and supervision by the provider, and thus does not constitute

On the other hand, whether an act is provision or entrustment of management of personal information shall be determined by comprehensively taking into account the purpose and method of acquisition of personal information, payment or receipt of consideration, actual management or supervision over a trustee, impact on the necessity of protecting personal information of an owner of information or a user, and the actual user of such personal information.

C) Examining the aforementioned facts, the lower court’s judgment, and the evidence duly admitted and examined by the lower court prior to remand in light of the aforementioned legal doctrine, it is reasonable to view that L/N constitutes “a third party who received personal information from I to conduct its own interests and duties, not merely as a trustee,” and Defendant D’s transfer of personal information to Defendant G, H, etc. in advance constitutes the provision of personal information under the Personal Information Protection Act and the Information and Communications Network Act.

① Personal information, such as the name, resident registration number, contact number, etc. of the members of the Ish Card, as indicated in this part of the facts charged, needs to be carried out by L and N, an insurance company, for marketing of insurance. ② L and N T-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-W-S.

5. Conclusion

Therefore, the prosecutor's appeal against the judgment of the court below is well-grounded, and the above judgment of the court below is based on the above ex officio reversal, and the judgment of the court below is reversed pursuant to Article 364 (2) and (6) of the Criminal Procedure Act, and it

【Discretionary Judgment】

Criminal facts

The facts of the crime acknowledged by this court are as shown in [Attachment 1] 'criminal facts' (However, if all of the files of each crime are printed out in paper documents and attached to this judgment, the amount is excessively limited, and instead, the CDs in [Attachment 2] stored as ‘only exclusively for reading' the files of the above crime committed, but for the confirmation of identity, the statement of the evidence is stated in the summary of the evidence.

1. Each legal statement of the witness P, Q, AH, AI, witness BE of the trial before remanding, and AM (each legal statement of the original witness AH and AI shall be limited to Defendant H);

1. Each prosecutor's protocol of interrogation of the defendant A, B, C, D, E, F, G, and H [including the respective statements of BL, Q, P, and AI among the interrogation protocol of the prosecutor's office (2, 2, 3) against G];

1. Copy of each protocol of suspect examination of P, Q, Q, BL, B, and B [including each prosecutor's protocol of suspect examination of Q in each prosecutor's suspect examination of Q (Article 2, 3, 4, 5, 6, 8, 9, 10 items, 10 items, 5, 6, 7, 8, 9, 10 items, and 5, 7, 8, 9 items, 9 items, and 5) of each prosecutor's examination of P] 1. AX, B, B, B, B, B, B, 2, B, X, X, AK, AM, B, CE, CW, C, W, C, D, C, B, C, C, Q, and B [including the interrogation protocol of a prosecutor against AI and the statement in P, P, P, and P items];

1. Each investigation report [Attachment 2, 3, 24, 26, 30, 63, 84, 96, 178, 179, 183, 186, 181, 197, 221, 227, 230, 238, 238, 238, 238, 266, 353, 354, 357, 359, 359, 359, 359, 359, 369, 106, 178, 178, 178, 170, 170, 200, 200, 200, 200, 200, 200, 200, 200, 30,00,000, 20

1. Article applicable to criminal facts;

A. Defendant A, B, and C: Article 72 Subparag. 2 of the Personal Information Protection Act, Article 59 Subparag. 1 of the same Act, Article 30 of the Criminal Act

B. Defendant D, E, and F: Articles 72 subparag. 2 and 59 subparag. 1 of the Personal Information Protection Act; Article 30 of the Criminal Act (the acquisition of, or consent to, personal information by unlawful means or means); Articles 71 subparag. 1 and 17(1) of the Personal Information Protection Act; Article 30 of the Criminal Act (the provision to a third party of undisclosed personal information); Articles 71 subparag. 3 and 24-2(1) of the Information and Communications Network Act; Article 30 of the Criminal Act (the provision to a third party of undisclosed personal information). Defendant G and H: Articles 71 subparag. 1 and 17(1) of the Personal Information Protection Act; Articles 71 subparag. 3 and 24-2(1) of the Information and Communications Network Act

(d) Defendant I: Articles 74(2), 72 subparag. 2, and 59 subparag. 1 (a) of the Personal Information Protection Act (a point where the person acquires personal information or obtains consent to the management thereof by unlawful means or means), Articles 74(2), 71 subparag. 1, and 17(1) of the Personal Information Protection Act, Articles 75 and 71 subparag. 3, and 24-2(1) of the said Act (a) of the said Act; and

1. Selection of punishment;

(a) Defendant A, B, C, D, E, and F: Determination of imprisonment

B. Defendant G and H: Determination of each fine

1. Aggravation for concurrent crimes;

Defendants: former part of Article 37, Article 38(1)2, and Article 50 of the Criminal Act

1. Detention in a workhouse;

Defendant G and H: Articles 70(1) and 69(2) of each Criminal Act

1. Suspension of execution;

Defendant A, B, C, D, E, and F: Article 62(1) of each Criminal Act

1. Order of provisional payment;

Defendant G, H, and I: Article 334(1) of the Criminal Procedure Act

Judgment on the Defendants and their defense counsel's assertion

1. Defendant A and B (related to the violation of the Personal Information Protection Act due to the acquisition, etc. of personal information);

A. Summary of the argument

Although Defendant A and B knew that I would collect personal information through the instant premium event and obtain profits from insurance companies, Defendant A and B were aware of the fact that the employees of the insurance service team, including Defendant D, E, and F, were in the position of the representative director or vice president of a large company, and did not know any detailed circumstances, such as that the employees of the insurance service team, including Defendant D, E, and F, obtained consent to the acquisition or management of personal information from customers by unlawful means or methods as stated in the facts charged. Furthermore, Defendant A had been in the position of the representative director around May 2013, when he was staying in a foreign country at the time of the commencement of the instant premium event, and had been in the position of the representative director around May 2013. Accordingly, Defendant A and B did not have any functional control or intention on each of the relevant crimes (Defendant A - the crime committed in violation of the Personal Information Protection Act due to the acquisition, etc. of personal information.

B. Determination

1) Relevant legal principles

A co-principal under Article 30 of the Criminal Act is established by satisfying the subjective and objective requirements, namely, the implementation of a crime through functional control over a criminal act based on the intent of co-processing and the intent of co-principal. Even if there was no process of conspiracy among co-offenders, if there was a combination of intent to jointly process and realize a crime through a certain crime in a successive or implicit manner, then a conspiracy relationship is established if the combination of intent to realize the crime has been achieved, and even a person who did not directly participate in the act of conspiracy is held liable for criminal liability as a co-principal against the other co-principal even if he/she did not participate in the act of conspiracy (see, e.g., Supreme Court Decision 200Do3483, Nov. 10, 200). In order for the co-principal who did not directly participate in the act of constituent elements to be recognized as a co-principal, it should not be recognized that he/she has a functional control over an essential contribution to the crime, but not merely a conspiracy (see, e.g., Supreme Court Decision 20105Do5434.

2) Defendant A

A) According to the evidence duly admitted and examined by the lower court and the lower court prior to remand, the following circumstances are acknowledged.

(1) The operating income of the insurance service team in charge of the instant premium event was annually increased to KRW 17 billion as of 2013 (the amount of operating income through marketing alliance with the life company) and the amount of 2014’s target amount is considerably large compared to the size of the insurance service team’s organization at least 21 billion won. Even after the Defendant A assumed office as the representative director, I plans to continue to grow into a major profit-making model in order to make profits from the sales of personal information of customers through business alliance with the insurance company. However, even after the Defendant A assumed office as the representative director, I did not have to continue to hold a gift event to attract the shortage of personal information to the insurance company due to the reduction of the new par-free card holders’ customers and frequent changes in personal information.

(2) In order for an insurance service team to carry out a gift event, active cooperation was required, such as providing a place where subscription is to be installed at one’s nationwide stores and distributing subscription tickets through the account committee. It seems that there were many difficulties in the store due to the increase in the business burden of the account committee due to the distribution of subscription tickets and the waiting time for the customers in the account committee. Nevertheless, it seems that the continuous operation of a gift event was due to the fact that there was a financial support at the company level.

(3) After the appointment of the representative director, Defendant A introduced GG hosting 2 to discuss pending issues of the relevant executives. The participants of GG hosting were Defendant A, the vice president, the chief of the headquarters (Defendant C), and the team leader who reported pending issues. GG hosting was discussed on the pending issues of the new distribution service headquarters, such as projects and performance trends to be undertaken at new distribution service headquarters. In fact, the GG hosting was submitted as evidence, taking into account the fact that it is difficult to use new MG printing for marketing purposes and frequent changes in the personal information of customers, it was discussed about 3G printing in order to identify personal information, such as accurate mobile phone numbers, etc., and to provide 10 G sales information to the 1st day of the 1st day of the 20th day of the 1st day of the 20th day of the 20th day of the 20th day of the 20th day of the 20th day of the 3st day of the 1st day of the 1st day of the 3G sales team.

(4) Defendant A received a report on the weekly performance of each new distribution service headquarters from the I Employee CP, and on January 15, 2014, Defendant C sent the e-mail to Defendant C, the head of the headquarters, with the content of “C electric affairs, why is,” and continued to check the performance of the new distribution service headquarters.

B) Comprehensively taking account of the above circumstances, Defendant A, as a representative director in charge of the affairs of Defendant A, was well aware of the purpose, outline, etc. of an event for free gifts by receiving a report on the purpose, outline, etc. of the event, and on a regular basis, reported the performance of the insurance service team, reported the relevant pending issues through GG hosting, and discussed them.

Therefore, even if Defendant A did not participate in detailed matters, such as design of, matters to be entered in, and selection and payment of free gifts, in the context of the entire crime, it is reasonable to deem that Defendant A had a functional control over the crime indicated in Table 1-7 through 1-11 in light of the status and role of Defendant A in the entire crime. Moreover, Defendant A and his defense counsel’s assertion is denied.

3) Defendant B

A) According to the evidence duly admitted and examined by the lower court and the lower court prior to remand, the following circumstances are acknowledged.

(1) Defendant B returned from the UK on March 2009 to August 2012, 2009 and served as the chief executive officer of the I’s non-food sector (general goods and electronic goods, clothing, Internet business, and new distribution service headquarters).

(2) Defendant B presided over a meeting of the head of the headquarters once a week during the period of his employment, and presided over a group meeting of each headquarters once or two months. The Defendant reported the contents of the projects promoted by the head of the headquarters at the meeting of the head of the headquarters and delivered the company’s policies to him. In the case of the new distribution service headquarters, the Defendant received the business report from the head of the headquarters (Defendant C) and the Defendant D, the head of the insurance service team, and received the business report on the progress, contents, and important issues once every time from Defendant D (Evidence No. 6129 page of the evidence record). In addition, Defendant B received a report on the performance of the new distribution service headquarters through the document of “Retail Svice Red Report” (Evidence No. 6139 of the evidence record).

(3) At around 2011, Defendant B received a report from Defendant D that the number of customers of Impi cards was fixed and dissatisfyed, and the customer database was insufficient to gather the database due to the shortage of the customer database capable of selling insurance products. At the meeting of Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section. Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section Section

(4) P and Q reported to the vice president before the event of the “D Q Q Q,” which took place on June 2012 by the head of the headquarters, to the head of the competent investigation agency. However, with respect to the premium proposal, which had been approved until CB at the time, the vice president instructed the change of 1, etc. to 1, etc., instead of the high-class premium, which is the first class gift, the vice president changed the 10 Malaysia to the first class gift instead of the first class gift. In other events, B vice president changed the bid design to the first class gift. However, although B vice president issued a direct order, there was a lot of interest. This is because the result of the exercise of the premium event was considered to have a significant impact on the profits of the headquarters (Evidence evidence No. 360).

B) Comprehensively taking account of the above circumstances, Defendant B appears to have been reported from the insurance service team to the head of a division in charge of the new distribution and delivery headquarters to which the insurance service team belongs, and was regularly reported and inspected the performance of the insurance service team, and further, it appears that Defendant B had been engaged in the business of the insurance service team by continuously giving direct instructions on individual free events. In full view of the status and role of Defendant B in the whole crime, it is reasonable to deem that Defendant B had a functional control over the criminal act of Defendant B with regard to the crime of this part, and the intent of Defendant B is recognized. The assertion of Defendant B and his defense counsel is not acceptable.

3. Defendant G (related to the violation of the Personal Information Protection Act and the violation of the Information and Communications Network Act due to the receipt of personal information) and the gist of the claim

It is operated as a means to obtain consent from customers who have not yet consented to the provision of information to a third party. However, in the process of the pre-perception of this case, Defendant G, who received database from I and received it from I in the process of the pre-perception of this case, has failed to fully recognize that the personal information of members who did not consent to the provision of information to a third party, was included in the database of the members of the Ipid Card for pre-pering, and thus, Defendant G, who is not a legal expert, did not have any intention to receive the non-perception of the information provided by the third party (hereinafter referred to as "claim"). In addition, Defendant G cannot expect that obtaining the personal information of a third party without consent from a subject of information for pre-perception is illegal, and thus, Defendant G cannot expect that it is illegal to prevent the provision of personal information without consent from a subject of information to a third party for pre-perception (hereinafter referred to as "justifiable cause").

B. Determination

1) In full view of the following circumstances acknowledged by the lower court’s judgment and the evidence duly admitted and examined by the court prior to the remanding, Defendant G was well aware of the circumstances that Defendant G, etc. provided the following personal information in the list of crimes Nos. 2-1, 1-207581, and the list Nos. 2-2 in the list of crimes without the consent of the third party of the I customers who are the data subjects in order to conduct a prior pening. As such, Defendant G is deemed to have the intent to commit this part of the crime. The Defendant G and its defense counsel’s assertion is not acceptable.

A) On October 1, 2009, Article 3(2)2 of the "Business Partnership Annex Agreement" between I and L stipulates that "a person who has joined a fashion credit card company as a member of the "fashion credit card company" and who has not consented to the provision of personal information to a third party at the time of subscription.

B) At the time of the instant case, L was provided with FMC DB by I, using the said data, and thereafter paid an amount equivalent to 330% of the monthly insurance premium for each customer who purchased the insurance. As alleged by Defendant G, if the personal information acquired by L from I for prior pening is one of the members of the IPDB who already agreed to provide a third party information, the personal information is overlapping with the personal information of the relevant member among LADB already received from I. Nevertheless, it is difficult to obtain that L was provided with an additional payment of KRW 2,800 for each case of personal information solely on the ground that L was given with additional consent in order to call memory to the members for whom a considerable period of time has already elapsed from the time of consent by I. However, it is difficult to obtain that L was provided with a dB’s personal information.

C) In light of Defendant G and his employees’ respective statements to the investigation agency of BJ, BM, BK, and I employees’ DS, and the contents of internal document files discovered from the computers of L cooperation marketing team employees, Defendant G or their employees knew that the personal information subject to prior writtening was without the consent of the third party information provision.

① L 제휴마케팅팀장 BJ은 수사기관에서 "과거에는 W에서 동의를 받은 후에 저희가 받아 DNC와 중복 제거를 하였는데, 이렇게 하다 보니 어렵게 동의를 구한 고객정보가 다시 필터링 되면서 버려지게 되어 결국 퍼미션이 완료된 개인정보가 무용지물 이 되어 와 W가 손해를 보는 경우가 발생하게 되었다. 그래서 I에서 제안한 방식이선 필터링인데 저희는 선 필터링이 문제가 있다고 판단하여 여러 차례 거절하였지만 계속된 1의 요청으로 어쩔 수 없이 제3자 동의 전에 필터링을 하게 된 것으로 알고 있다."(증거기록 제 1775쪽), "I에서 필터링을 요청해 왔을 때 저희는 법률검토를 하고 불법의 여지가 있다고 판단하여 여러 차례 거절했는데 I는 당시 저희에게 제일 많은 개인정보 DB를 판매하는 '갑'의 입장이었기 때문에 계속해서 거절하기 어려운 상황이었다. 만약 I에서 저희에게 개인정보 DB를 판매를 중단하면 저희는 갑자기 그 정도의 DB를 충당할 방법이 없기 때문에 불법인 줄 알면서 선 필터링에 동의한 것이다. G 차장이 당사 법무팀에 구두로 확인결과 문제의 소지가 있고 I에서 불법적으로 개인정보 DB를 제공하는 것이라는 답변을 들었다고 G 차장으로부터 들었다. (증거기록 제 1777 쪽)라고 진술하였다. ② 피고인 G의 후임자인 L 제휴마케팅팀 직원 BM도 검찰 조사에서 "2014. 5.경 인수인계를 받을 때 제가 G 차장에게 귀찮게 사전필터링을 왜 하냐고 물어보았더니, 업로드율을 개선하려는 I의 요청 때문에 해야 한다는 말을 들었다. 당시 제3자 활용동의의 단어가 정확히 나왔는지는 기억이 나지 않는데, 위와 같이 인수인계를 받았다. 인수인계를 받은 직후에 일을 하다가 G 차장에게 이거 문제 있는 DB 아니냐고 물어보았더니, 문제가 있을 수 있어서 법무팀에 확인하고 진행하는 것이라고 하였다."라고 진술하였다(증거기록 제1840쪽). ③ 2011. 8.경부터 2013. 7.경까지 L의 제휴마케팅팀 1팀장으로 근무한 BK은 수사기관에서 "제가 팀장이 되면서 각 DB의 속성에 대해 물어보았더니 그 당시 I 담당자였던 BL가 퍼미션 DB는 제3자 제공 동의가 안되어 있는 DB라고 설명해 주어서 알게 되었다."고 진술하였다(증거기록 제6006쪽), ④ 피고인 G도 수사기관에서 "제가 처음 사전필터링을 하던 시점인 2013. 2.경에는 정확한 내용을 알지 못하였고 2개월 정도 지난 2013. 4.경 P, Q과 미팅을 하면서 FMC 회정보에 대해 사전필터링하는 것은 미동의라는 것을 확실히 알게 되었다.", "I로부터 교부받아 사전필터링을 한 DB는 FMC DB도 있었고 이벤트 DB도 있었다. 이벤트 DB는 폴더에 해당 이벤트명이 모두 기재되어 있었고, FMC DB와 이벤트 DB는 구분되어 있었으므로 혼동할 염려는 없었다.", "I로부터 사전필터링을 제안받고 몇 차례 거절하다가 이를 수용하였는데, 그 직전에 정식으로는 아니지만 법무팀의 자문을 구한 적은 있다."라고 진술하였다(증거기록 제5519쪽), 또한 피고인 G은 수사기관에서 "2012. 말경쯤 IP 과장과 미팅하는 자리에서 P 과장이 '업로드율을 높이기 위해서 사전 필터링 이 필요하다. 우리가 먼저 고객정보를 제공하면 그 제공받은 고객정보를 사전필터링한 후 다시 달라. 그러면 W 등 사후동의 업체에 다시 그 필터링한 정보를 넘겨서 동의를 받아 주겠다.'고 이야기하여 저희가 시작하게 된 것이다."고 진술하였다(증거기록 제1756쪽). ⑤ 피고인 G 등 L 제휴마케팅팀 직원들의 컴퓨터에서 발견된 내부 문서 파일에는 퍼미션 DB는 제3자 정보제공 미동의 고객을 대상으로 W에서 동의를 받아 만들어지는 것이라는 취지의 설명이 기재되어 있는데, 특히 피고인 G이 제휴마케팅팀 차장으로 근무한 기간인 2014. 1. 23. 작성된 'EJ Business Summary(EJ Business 현황 및 주요 Issue)'에도 'Permission DB : 마케팅 미동의 고객에게 동의콜을 받은 후 OB TM (퍼미션 업체 W)'이라는 내용이 기재되어 있다(증거기록 제3724쪽). ⑥ I 보험서비스팀 직원으로 근무했던 이은 수사기관에서 "2013. 11.경 L 관계자(G 차장, BH 사원)와 미팅을 하게 되었는데, 당시 저희는 저와 Q이 있었다. 그때 퍼미션 관련 이야기를 하고 있는데 필터링이라는 단어가 나와서 제가 '필터링이 무엇이냐'고 함께 있는 자리에서 물어보았더니, Q이 '제3자 제공 동의를 받지 않은 DB에 대해 매칭을 한 후 퍼미션을 받기 위한 DB를 골라내는 작업이다'라고 했다."라고 진술하였다(증거기록 제3838쪽). 2) ② 주장에 대하여 앞서 1)항에서 본 사정들에 원심 및 환송 전 당심이 적법하게 채택하여 조사한 증거들에 의하여 인정되는 다음과 같은 사정들을 보태어 보면, 피고인 G은 이 부분 범행의 위법성을 충분히 인식하고 있었다고 봄이 타당하고, 설령 그 위법성을 인식하지 못했다고 하더라도 거기에 정당한 이유가 있다고 볼 수 없다. 피고인 G과 그 변호인의 이 부분 주장도 받아들이지 아니한다.

On April 1, 2014, I entered into a strategic partnership agreement with AY and provided customers with personal information from that time.On May 2014, I proposed an advance pening to AY's personnel P and Q. AY refused the above proposal by deciding that the provision of customer personal information for advance pening could be a legal problem if it is provided without consent to third party information. Furthermore, P and Q would also be a person in charge of BF, but the BF would be a problem (Evidence No. 1560 of the Evidence Record). As such, I would have clearly notified customers that the subject of advance pening was the subject of third party information. In light of these circumstances, I would have been aware of the problem in advance of the insurance company's work.

4. Defendant H (related to the violation of the Personal Information Protection Act due to the receipt of personal information and the violation of the Information and Communications Network Act)

A. Summary of the argument

The Defendant was aware of the fact that the personal information of the members who already agreed to provide a third party information was included in the database of the members of the paro cards provided to N for prior taking, and was unaware of the fact that the personal information of the members who agreed to provide a third party was included.

B. Determination

Comprehensively taking account of the following circumstances acknowledged by the court below and the evidence duly admitted and examined by the court below prior to remand, Defendant H may fully recognize the fact that Defendant D et al. was provided with the above personal information by being aware of the circumstances where Defendant D et al. provided the personal information listed in 3-1 / 3580, 1-3580, 715493-1018388, and 3-2 / 6085-15-1513270 of the crime sight table for prior written observation without consent from the third party. Defendant H and his defense counsel cannot be accepted.

1) around April 2008, I changed to allow customers to choose whether to consent to the provision of information to a third party at the time of membership of the Ish Card. Since then, the ratio of consent to the provision of information to new members does not exceed 10%. Accordingly, I introduced a fashion model that sells personal information to a third party after obtaining the consent by telephone from the card holders who did not consent to the provision of information to a third party. 2) on June 2, 201, Q provides for the "written statement of goods prepared with N in connection with the conclusion of the N inshion Business Agreement" to obtain the consent of the customers to obtain new revenue through TM (acquisition consent) and to obtain the consent of the customers to provide personal information to the customers through an Ishion Agreement (hereinafter referred to as the "NI Agreement") after obtaining the consent of the customers to provide the insurance information to the customers.

3) Workers and N consulted two to three times each month with respect to partnership affairs, and at that place, I’s employees informed N employees of the status of retaining database and the composition of database. Defendant H continued to participate in the above working-level consultation between 201 and 2012. Accordingly, Defendant H appears to have been well aware of the status of holding I’s database, including the fact that there was a very low ratio of those who agreed to provide information to a third party among the members of I’s I’m card holders.

4) At the time when Defendant D entered into an investigation agency’s agreement with L and N, Defendant D stated that “it is clear that DB had obtained ex post consent to DB that did not consent to the provision of third party personal information.” Defendant D, as a matter of course, was aware that all the first employees worked at the insurance service team, such as P, Q, and X, knew that the personal information provided for pre-delivery did not consent to the provision of the third party.

5) At the time of the instant case, N was provided with FMC DB by I, using it, engaged in tele marketing, and was paid as consideration to I an amount equivalent to 320% of the monthly insurance premium for each customer insured. If, as alleged by Defendant H, N’s personal information transferred by N for prior pening is one of the members who already agreed to provide information to a third party, the personal information is overlapping with L’s personal information among the members already provided by NFC DB. Nevertheless, it is difficult to understand that N was provided with additional personal information by paying more than 2,800 won per case to NB solely on the ground that the N obtained additional consent at the time of consent from the I’s consent.

Judgment on the punishment of additional collection by a prosecutor

1. Matters concerning the application of law

Article 74-2 of the Personal Information Protection Act provides that "Money and valuables or other benefits acquired by a person who has committed an offense falling under any of Articles 70 through 73 may be confiscated, and where it is impossible to confiscate such money and valuables or other benefits, the value thereof may be additionally collected. In such cases, confiscation or additional collection may be imposed, in addition to other penal provisions." Article 75-2 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. provides that "the money and valuables or other benefits acquired by a person in connection with such offense may be confiscated, and if it is impossible to confiscate such money and valuables or other benefits, which have been acquired by such person in addition to the provisions of Article 71 (1) 1 through 8, Article 72 (1) 1, 72 (1) 2, and subparagraphs 1, 1-2 and 7 of Article 73, it shall be deemed that the money and valuables or other benefits acquired by such person in addition to the other penal provisions." However, Article 72-2 of the said Personal Information Protection Act provides that "the confiscation or additional collection may be imposed in addition to the Act."

2. Summary of prosecutor's assertion

For the following reasons, the prosecutor asserts that I should additionally collect the profits acquired in relation to each of the instant crimes.

A. As to the violation of the Personal Information Protection Act due to the acquisition of personal information

① Article 48(1)2 of the Criminal Act provides that “goods produced or acquired by committing an offense shall be subject to forfeiture, and “goods” shall include not only corporeal things but also rights or interests. I’s acquisition by unlawful means through an offense is the personal information of customers, and the said personal information is the interest of customers pursuant to Article 48(1)2 of the Criminal Act.

Even if the above personal information does not correspond to the "goods" subject to confiscation, the sales proceeds are subject to confiscation pursuant to Article 48(1)3 of the Criminal Act. ② The I sold the personal information of the customers, including L, N, and L, to 8 insurance companies, and acquired the total amount of KRW 14,193,137,600 in the proceeds thereof. ③ As such, the personal information of the customers acquired through the crime of this case and the profits derived therefrom are both attributed to I, and it is impossible to confiscate them, the amount equivalent to the sales proceeds should be additionally collected against I.

B. As to the violation of the Personal Information Protection Act due to the provision of personal information and the Information and Communications Network Act

① Defendant D, etc., and I provided L and N with personal information of customers who did not obtain the consent to the third party offer to enable them to conduct a pre-perception, and thereafter conducted a call with the personal information database of customers who had undergone pre-perception from the above insurance company, and then sold the personal information of the customers who gave the post-perception to the above insurance company and acquired KRW 8,175,824,400 in total from the above insurance company as the price for the sales of the said insurance company. Accordingly, the above sales proceeds fall under the category of "goods generated or acquired by the crime" under Article 48(1)2 of the Criminal Act, and thus, are subject to confiscation. ② Since the above sales proceeds were both attributed to I and it is impossible to confiscate them, I should additionally collect the amount equivalent to the above sales proceeds.

3. Determination

A. As to the violation of the Personal Information Protection Act due to the acquisition of personal information

1) Article 48(1) of the Criminal Act provides that "any goods which are not owned by a person other than the criminal or which are acquired by a person other than the criminal knowing that they have been aware of the fact that they have been committed may be confiscated in whole or in part, may be confiscated"; "goods which have been provided or have been provided to the criminal act (paragraph 1)"; "goods which have been produced or have been acquired by the criminal act or have been acquired by such act (paragraph 2)"; and "goods which have been acquired by the preceding 2 (paragraph 3)" are listed. Article 48(2) of the Criminal Act provides that "if it is impossible to confiscate the goods mentioned in the preceding paragraph, their value shall be collected additionally." In light of the fact that confiscation is related to "goods", and additional collection is based on the premise that the original goods could have been confiscated, it should be the premise that there is "goods falling under any of the subparagraphs of Article 48(1) of the Criminal Act".

The term "goods" means all material objects with a certain body in advance. Although there is no provision on the definition of "goods" in the Criminal Code, the elements of each rule include "goods" as objects or means of crime, and in the interpretation of each of the above elements, the term "goods" seems to mean things in the interpretation of the above elements. Meanwhile, Article 98 of the Civil Code provides that "goods in this law mean things, electricity and other natural forces which can be managed" as to the definition of things.

In full view of the aforementioned prior meaning of "goods" and the above Criminal Act and the provisions of the Civil Act, it is reasonable to view that "goods" referred to in each subparagraph of Article 48(1) of the Criminal Act mean corporeal goods or their natural capabilities that can be managed, even if they are interpreted more broadly (public prosecutor, following the Supreme Court Decision 75Do3607 Decided September 28, 1976, stating that "goods" referred to in each subparagraph of Article 48(1) of the Criminal Act include not only tangible goods but also rights or interests. However, the above judgment is related to Article 134 of the Criminal Act that provides for the necessary confiscation or additional collection of bribe, and it is reasonable to view that the concept of "goods" referred to in the above judgment can not be applied to "goods" referred to in each subparagraph of Article 48(1) of the Criminal Act as they are, and the meaning of "goods" referred to in each subparagraph of Article 48(1) of the Criminal Act as well as "goods acquired by customers by legitimate means and evidence of customers as follows.

① Personal information acquired by Defendant A, etc. through unlawful means or methods does not constitute a corporeal or natural history of management. Accordingly, the above personal information does not fall under any of the items referred to in Article 48(1)1 or 2 of the Criminal Act. ② Since a public prosecution was not instituted against the act of selling the above personal information to insurance companies, the price that he acquired by selling the above personal information to insurance companies does not fall under “the objects that have been generated or acquired due to the act of crime” under Article 48(1)2 of the Criminal Act. ③ Article 48(1)3 of the Criminal Act purports to confiscate the objects that he acquired as the price for the above personal information can be acquired as the price for the act of crime under Article 48(1)1 and 2 of the Criminal Act. As seen earlier, so long as the above personal information does not fall under any of the items referred to in subparagraphs 1 and 2 of the same paragraph, the sales price cannot be subject to confiscation, even if it is impossible to confiscate the sales price.

B. As to the violation of the Personal Information Protection Act due to the provision of personal information and the Information and Communications Network Act

Comprehensively taking account of the following circumstances acknowledged by the court below and the evidence duly admitted and examined by the court below prior to remand, it is reasonable to view that the amount equivalent to the price that I acquired by selling the personal information of the customers who obtained the subsequent consent after undergoing L and N’s pre-altering cannot be subject to additional collection.

① Defendant D et al. provided L and N personal information for the purpose of pre-ciling, downloading the database, and then selling the personal information to the said insurance company after obtaining consent from customers via W et al. The part in violation of the Personal Information Protection Act or the Information and Communications Network Act, which was obtained by Defendant D et al. during the above series of processes, provided their personal information to L and N for pre-ciling without obtaining prior consent from customers for the purpose of selling the said personal information. Since the inspection did not only institute a prosecution against this part, but also did not constitute an ex post facto act of selling the said personal information by obtaining consent from Defendant D et al. for the said insurance company. It does not appear that Defendant D et al. provided the said personal information to customers for the purpose of pre-ciling and selling the said personal information. It does not appear to have obtained prior consent from customers for the purpose of selling the said personal information. It does not appear to have been sufficiently compared to the case where Defendant D et al. provided the said personal information to the above insurance company after obtaining prior consent.

1. The reasons for sentencing are 1. Although Defendant A, B, C, D, E, F, and I, a large company related to the distribution of a large amount of personal information of customers, as well as the social responsibility to take advantage of the protection of their personal information, Defendant A, an executive officer or employee, etc. in collusion with the insurance company for the purpose of selling the personal information at a cost, thereby obtaining consent to the acquisition and management of the personal information from the customers by fraudulent means or means, and the defendant D, etc., provided their personal information to the insurance company without the consent of the customer for the reduction of the spread cost or for the convenience of related business, the nature of each of the crimes is very weak and probable. Furthermore, the above defendants obtained a large amount of personal information illegally acquired through each of the crimes in this case or provided it to the insurance company without the consent of the owner of the information, and further I obtained a large profit by providing the above information to the insurance company. In addition, each of the crimes in this case, Defendant A, etc., as an executive officer or employee, did not cause harm to their rights to self-determination (excluding the aforementioned circumstances and circumstances).

2. In light of the fact that Defendant G and H advance pening provided a large volume of personal information to L and N, and among them, customers who did not consent to the provision of a third party ex post facto are also held L and N, the crime committed by the above Defendants also do not seem to be less complicated. Moreover, the Defendants appeared to have an urgent attitude to avoid liability by continuously asserting that they did not know that they did not consent to the provision of a third party with respect to the personal information provided for advance pening as working staff in charge of cooperation with 1, but did not know that they did not consent to the provision of a third party.

However, in full view of the circumstances favorable to the above Defendants, including the above Defendants’ primary offenders, and the fact that the Defendants committed this part of the crime as employees of the company during the course of performing their duties, the punishment as ordered shall be determined by comprehensively taking into account the following factors: the age, career, character and conduct, the environment, the circumstances after the crime, and the circumstances after the crime.

Judges

The presiding judge, senior judge, and senior

Judges Kim Jae-han

Judges Mobileho

Note tin

1) Finally modified facts charged are partly amended, and entirely printed out and accompanied by a list of crimes in paper form.

Under the following, the facts charged before and after the revision are not classified, and "the facts charged in this case" is only called the facts charged.

2) On the trial date, the prosecutor and the defendant, and the defense counsel confirmed their no objection.

(iii) Article 95(2), Article 96(Benefiting Enemy), Article 97(Benefiting Enemy), Article 141(Invalidity of Public Documents, etc. and Destruction of Public Goods) 1

Paragraphs, 142, 144, 161 (1), and 166 (Setting Fire to Other Structures, etc. Kept in Public Service)

Paragraph 2, Article 167 (Setting Fire to General Goods), paragraphs 1 and 2 of Article 167 (Setting Fire to General Goods), Article 168 (Smoking), Article 168 (Obstruction to Fire Fighting), Article 169 (Obstruction to Fire Fighting), Article 170 (Fire Fighting) 1 and 170 (Fire Fighting)

(Burst of Explosive Substances) Paragraph 1, Article 176, Article 180 (Obstruction of Flood Control) and Article 193, Section 2;

211 (Manufacture, etc. of Articles Similar to Currencys) (1) and (2), 222 (Manufacture, etc. of Articles Similar to Stamps) (1) and (2), 243 (Distribution, etc. of Foods) and 244 (Manufacture, etc. of Foods)

(ix), Articles 258-2 (Special Bodily Injury), 261 (Special Violence), 278 (Special Arrest or Illegal Confinement), 284 (Special Intimidation), and 320 (Special Intimidation), and

323, 324(2), 325(1) and (2), 350-2, and 369(Special Destruction and Damage)

4) However, there is no provision that Article 346 of the Criminal Act shall apply mutatis mutandis to power to be managed in the case of obstruction of another’s exercise, which is a property crime, but may be managed.

There is a theory that power is also included in ‘the object of the obstruction of the exercise of the right'.