Defendant 1 and eight others

Madical dump, heart stone (prosecution), and Lee Jin-hun (Trial)

Attorney Kim Sung-chul et al.

Defendants are not guilty.

The summary of the judgment against the Defendants is published.

I. Facts charged

1. Defendants’ duties

A. The business of Defendant 9 Company (hereinafter “Defendant 9 Company”)

Around May 199, Defendant Company was established for the purpose of logistics and distribution, including the development and operation of sub-market stores, and operated nationwide 139 large-scale retail stores, 286 direct retail stores, 8 large-scale distribution centers, and Internet shopping malls, etc. The company is engaged in collecting, managing, and providing member information related to the sales and provision of goods and services of the company or Defendant Company’s Internet homepage, etc.

Defendant Company: (a) established a new distribution service headquarters under the general product sector in 2002; and (b) took exclusive charge of the sales of personal information and customer information collected by the insurance service teams within the new distribution service headquarters in order to sell the collected information of its members and customer information on free events at will from 2004 to 17.4 billion won (e.g., KRW 17.4 billion of net profit related to the sales of personal information by the insurance service team in 2013; (b) collected member information from 21.4 billion of net profit related to the sales of personal information by the insurance service team in 2014; and (c) collected member information by continuously purchasing the cards from 2004 ( approximately 18.0 million won of the current membership information); and (d) collected premiums from 2009 to 200.

Defendant 1 had been working for Defendant 9 from around 1999 to August 201, and has been in charge of the representative director of Defendant 9 corporation from around 2008 to August 201, and the representative director of Defendant 9 company from May 2013 to the date of Defendant 9, and has been in charge of the overall management of Defendant 9 company’s business, and the performance of the new distribution service headquarters to which the insurance service team belongs.

Defendant 2 worked for Defendant 9 from April 199 to August 2012 while being assigned to the vice president in charge of the general product sector to which Defendant 9’s new distribution service headquarters belongs, Defendant 2, from April 2009 to August 201, managed the overall business of Defendant 9’s new distribution sector, and received and managed the results, etc. of the insurance service team.

around 2002, Defendant 3 joined Defendant 9 and worked as the head of retail financial team from August 2002 to August 2002, and from around 2006, as the head of the new distribution service headquarters headquarters, respectively. Defendant 1 and Defendant 2 had been frequently reported the performance and pending issues of the new distribution service headquarters.

Defendant 4, who entered Defendant 9 company around 2008 and worked as the head of the Insurance Service Team life management from May 201 to July 201, and the head of the Insurance Service Team from July 201 to May 2013, 201, collected information on members of the Insurance Service Team members and customer information on gift events through stores or Defendant 9’s Internet homepage, etc., and took charge of selling such collected information for consideration to various insurance companies.

Defendant 5, who entered Defendant 9 company around May 2001 and worked as the head of the insurance service team from May 201 to December 2013, 201, collected member information and customer information on subscription to a plaque card through the store or Defendant Company’s Internet homepage, etc., and took charge of selling such collected member information and customer information on gift events for several insurance companies.

around December 201, Defendant 6 entered Defendant 9 company and worked as the head of the Insurance Service Team from December 2013, and collected information on the members of the relevant store or Defendant Company’s Internet homepage, etc., and took charge of selling the collected information on the members of the relevant package cards and the customer information on the members of the relevant free event.

B. Defendant 7’s business

Nonindicted Co. 1 (hereinafter referred to as “Nonindicted Co. 1”) is established as the Korea Branch of ○○○○○ Group affiliated with Nonindicted Co. 1, 1987 for the purpose of selling life insurance in 1987, and is incorporated as Nonindicted Co. 1 on June 1, 2004, and carries out the affairs of collecting, managing, and providing member information related to the purchase of insurance and target information related to the telemarketing business.

Nonindicted Co. 1 collected personal information through partnership with various companies in order to attract the purchase of life insurance, etc., and used personal information collected from partnership companies, etc. as above, thereby having customer contact through telemarket sales organizations, such as telemarketing business organizations with a size of 5,600 persons belonging to the call center located in Seoul, Daegu, Gwangju, Busan, etc., and having customer buy insurance sold by Nonindicted Co. 1.

Defendant 7, who became a member of Nonindicted Company 1 around April 2008 and worked as the deputy head of the cooperation marketing team from October 201 to May 2014, and was in charge of the business of collecting personal information from alliance companies and distributing tele-market sales organization to the insurance solicitation business.

C. Defendant 8’s business

around January 4, 1990, Nonindicted Co. 2 (hereinafter referred to as “Nonindicted Co. 2”) was established for the purpose of selling life insurance, pension insurance, etc., and operated 210 branches nationwide, and is engaged in collecting, managing, providing, etc. member information and information on persons related to the insurance coverage of the said company.

Nonindicted Co. 2 collected personal information through partnership with various companies in order to attract the purchase of life insurance, etc., and used personal information collected from partnership companies, etc., and contacted with customers through tele-market sales organizations, such as tele-marketers, which belong to call centers, thereby allowing customers to buy insurance sold by Nonindicted Co. 2.

Defendant 8 became a member of Nonindicted Company 2 around 2006 and worked as the deputy head of the cooperation marketing team from September 2006 to June 2012, 2013 and has been in charge of the business of collecting personal information from partnership companies and distributing tele-marketing business sales organization to be used for insurance solicitation business.

2. The defendant 9's criminal facts

A. Joint-violation of the Personal Information Protection Act relating to the acquisition of personal information by unlawful means by Defendant 1, Defendant 2, Defendant 3, Defendant 4, Defendant 5, and Defendant 6

No person who has managed or processed personal information shall acquire personal information or obtain consent to the management thereof by fraud or other improper means.

(1) A personal information manager shall collect the minimum personal information necessary for the purpose of collection only for the reasons under Article 15(1) of the Personal Information Protection Act, and may use it for the purpose of collection within the scope of collection. In addition, when collecting personal information with consent, the personal information manager shall properly inform the data subject of “the purpose of collection and use of personal information”, etc., and shall specifically inform the data subject of “the purpose of collection and use of personal information,” and shall not give consent to collection of personal information other than the minimum information necessary for the purpose of collection, and shall make it a major decision for the data subject to consent. A personal information manager shall not refuse to provide

② A person who is entitled to solicit insurance in order to promote the sound development of the insurance business and to protect the rights and interests of interested parties is limited to the executives of the insurance solicitor, insurance agency, insurance broker or insurance company, and the insurance company is prohibited from paying commission, remuneration and other consideration in connection with the solicitation to any person other than such qualified persons. In light of the relevant provisions of the Insurance Business Act, a person other than a legitimate insurance solicitor shall not receive any consideration at the time of concluding the insurance contract, and even at the time of concluding the contract, a person other than a legitimate insurance solicitor shall arrange large amounts of personal information likely to conclude the insurance contract in a systematic and continuous manner, and shall not receive any consideration.

In this case, a personal information manager shall collect personal information to the minimum extent necessary for the purpose of collection, and the event of a premium event shall be held for the purpose of exercising the customer's will (private will) in terms of publicity of the manager, so the purpose of collection of personal information shall be limited to the issuance of premiums by the winner, and the purpose of collection shall be notified properly.

Nevertheless, around October 1, 2009, around June 17, 2010, the Defendants concluded a business partnership agreement with Nonindicted Company 1 and Nonindicted Company 2 to sell personal information acquired through a gift event with Nonindicted Company 2 for KRW 1,980 per case, respectively. Around October 1, 2009, the Defendants decided to plan and implement a gift event for the purpose of selling the personal information for the purpose of passing it in return for the price to many insurance companies by using the deliberation of customers who expect and participate in the event of a gift event.

Defendant 2 had been working as a non-product market site and had been able to obtain personal information from an insurance company. In particular, Defendant 9 was aware that the purpose of exercising gift events was to acquire personal information from an insurance company in return for payment. In order to achieve the above purpose, Defendant 3, etc. reported the performance of the new distribution service headquarters to which each main insurance team belongs. In order to maximize the acquisition of personal information, Defendant 2 participated in the acquisition of personal information from the first to the 10th of Korea. Defendant 1, as the representative director, was able to obtain personal information from Non-indicted 5’s insurance company’s member information. Defendant 2, at the 6th of the 6th of the 4th of the 6th of the 6th of the 6th of the 6th of the 6th of the 6th of the 6th of the 6th of the 6th of the 6th of the 4th of the 6th of the 6th of the 5th of the 6th of the 7th of the 7th of the 1st of the 3th of the 3th of the 3th of the 1st of the 3th of the 3th of the 2.

As a result, the Defendants added “providing information for marketing” to the “personal information collection and use” column of the “Personal Information Collection and Use Purpose” and added “providing information for insurance marketing,” and stated various insurance companies, such as Nonindicted Company 1 and Nonindicted Company 2, under the name of the name of the sponsor, such as the name of the sponsor, and the name of the sponsor, as marketing materials such as life, non-life insurance products, and Sms, etc.” in the “Purpose of Use” in the “Purpose of Use,” but the Defendants stated the size of the letters as “for the guidance of life, non-life insurance products, etc., it shall be utilized as marketing materials such as telephone, Sms, etc.” in the “Purpose of Use.” However, the Defendants made it impossible for the buyers to de facto read them by printing them at about 1m, so that they can not read them.

In addition, in a premium event, the scope of personal information collection should be limited to the name and contact point of the subscribing customer who is necessary for the issuance of premiums to the winner, but at the request of an insurance company, the insurance company made the "Date of birth" and "Child Number", which are important factors when selecting persons eligible for insurance solicitation, into the site of a premium solicitation, and made it into the site of a premium solicitation, and made it difficult to give consent to unnecessary items in order to participate in the premium event, stating the phrase "not to be entered in part of the matters of entry/approval, and not to be excluded from the premium drawing when failing to sign or consent to do so, and the customer was excluded from the premium drawing.

In addition, under the contact point of the premium voucher site, the subscribers entered “I will accurately write the premium lot in Sms,” and made the subscribers enter their telephone numbers (house, office, etc.) and mobile phone numbers. However, the employees of the insurance service team, including the Defendants, did not make efforts to contact any winner any more without properly communicating the winning winner after the premium lottery in accordance with the policies to maximize the company’s operating profit, and did not call the winning winner, and did not send Sms to the winning winner. There was no call for contact. In the premium event, “The five-Year anniversary anniversary anniversary commemorative festival” implemented from October 10 to November 27, 2013, the Defendants did not pay premiums in a way that does not contact several premium events, such as not entirely contact the winning winner with the winning winner.

In addition, in the case of a free gift event “Imond Damond from Defendant Company 9 to February 8, 2014,” which was conducted from December 26, 2013 to February 8, 2014, even if Imond’s high-priced free gifts such as Damond, I did not actually prepare all such free gifts in advance, and even if Imond winner knew that it was difficult to find it difficult and contact with Defendant 9 company, I did not have to pay free gifts as substitute for Defendant 9’s gift certificates, etc.

Furthermore, a person, other than a legitimate insurance solicitor, should not receive any consideration at the time of the conclusion of an insurance contract, arrange a large amount of personal information which is likely to conclude an insurance contract even before the conclusion of the contract, and even if he did not receive such consideration, Defendant Company provided a large amount of free will customer information to Nonindicted Company 1 and Nonindicted Company 2 and received 1,980 won per case.

결국 피고인 2, 피고인 3, 피고인 4는 공모하여 2011년 12월경부터 2012년 8월경까지 거짓이나 그 밖의 부정한 수단이나 방법으로 별지 범죄일람표(1-1)∼(1-3) 기재와 같이 “연말연시 벤츠가 온다 경품이 쏟아진다” 등 3개 경품행사 응모고객들의 개인정보(성명·생년월일·휴대폰번호·자녀수) 2,986,247건을 취득하고 처리에 관한 동의(제3자 제공)를 받았고, 피고인 3, 피고인 4는 공모하여 2012. 9월경부터 2013년 4월경까지 거짓이나 그 밖의 부정한 수단이나 방법으로 별지 범죄일람표(1-4)∼(1-6) 기재와 같이 “넝굴째 굴러온 아우디 벤츠” 등 3개 경품행사 응모고객들의 개인정보(성명·생년월일·휴대폰번호·자녀수) 1,290,125건을 취득하고 처리에 관한 동의(제3자 제공)를 받았으며, 피고인 1, 피고인 3, 피고인 5는 공모하여 2013년 7월경부터 2013년 11월경까지 거짓이나 그 밖의 부정한 수단이나 방법으로 별지 범죄일람표(1-7)∼(1-9) 기재와 같이 “가정의 달 황금이 쏟아진다” 등 3개 경품행사 응모고객들의 개인정보(성명·생년월일·휴대폰번호·자녀수) 1,698,457건을 취득하고 처리에 관한 동의(제3자 제공)를 받았고, 피고인 1, 피고인 3, 피고인 6은 공모하여 2013년 12월경부터 2014년 6월경까지 거짓이나 그 밖의 부정한 수단이나 방법으로 별지 범죄일람표(1-10)∼(1-11) 기재와 같이 “피고인 9 회사에서 다이아몬드가 내린다” 등 2개 경품행사 응모고객들의 개인정보(성명·생년월일·휴대폰번호·자녀수) 1,146,311건을 취득하고 처리에 관한 동의(제3자 제공)를 받았다.

As a result, the Defendants conspired to acquire personal information by fraud or other improper means or methods, and obtained the consent of the third party (the provision of third party).

Defendant 1 2: (a) from May 2013 to June 5, 2014; (b) from June 5, 2014; (c) 2,84,768 items (1-7) to (1-11); and (d) Defendant 3, from December 201 to August 3, 201, 201, 2,986,247 items (1-1) to (1-3) 7, 121, 140 items (1-1) to (140 items (1-11); and (d) Defendant 4, from December 201 to April 6, 2013 to 14, 201, 276 items (1-7-1 to 16-4, 251 to 164, 201-5 (16-14 to 17; and (e) Defendant 16-14 to 165, 2015.

B. Defendant 4, Defendant 5, and Defendant 6’s violation of the Act on Promotion, etc. of Information and Communications Network Utilization and Information Protection (Leakage of Personal Information) relating to the provision of undisclosed personal information

A personal information manager shall not provide any personal information to a third party without the consent of the subject of information, and the provider of information and communications services shall not provide any personal information to a third party without the consent of the user (Prohibition against the death).

According to Defendant Company 9’s business policy, the Defendants provided personal information to an insurance company at will without the consent of Defendant Company 9’s members affiliated with his store or Internet and sold it to the insurance company. However, in order to dilution the illegality of the provision of a third party in the case of the relevant insurance company by selecting a person eligible for insurance solicitation from among them, the Defendants decided to use the call call to the selected members through the call center, such as Nonindicted Co. 3 (hereinafter “Nonindicted Co. 3”) to obtain ex post consent.

Accordingly, the Defendants directed the insurance service team life management chief, Nonindicted 4, 5, and life management staff Nonindicted 6, Nonindicted 7, and Nonindicted 8, etc., and provided the subjects to be provided to Nonindicted Company 1 and Nonindicted Company 2 from among the Defendant 9’s card members, who did not consent to the third party’s information, as their business, on the web gate operated by Defendant 9, so that they could download from Nonindicted Company 1 and Nonindicted Company 2.

Defendant 4) The number of Nonindicted Company 1’s personal information purchased from February 201 to May 15, 201, Nonindicted Company 2, Nonindicted Company 1 and Nonindicted Company 2, Nonindicted Company 2, 1 and 31 and 425 (specific number of 9,826) were provided to Nonindicted Company 2, 1 and 7, 2, 1 and 3, 18 and 2, 5 and 3: the number of 6-1 and 2, 6-1 and 3, 6-1 and 7, 18 and 5-2, 18 and 3: the number of 6-1 and 5-2, 6-1 and 2, 17: the number of 6-1 and 2, 300, 6-1 and 5-2, and 7: the number of online personal information acquired from Defendant Company 9’s members.

Accordingly, in collusion with Nonindicted 5 and Nonindicted 4, the Defendants provided Defendant 9’s member information of Nonindicted Company 1, a third party, to Defendant 7, etc., and Defendant 8, etc. of Nonindicted Company 2 without the consent of the subject of information or information and communications services.

C. Defendant 9

(1) As indicated in paragraph (1) of Article 2, the Defendant acquired or processed approximately 6.4 billion won by selling approximately 3.2 billion items of personal information (name, date of birth, cellphone number, number of children) 7,121,140 items of 11 gift event customers (name, date of birth, number of children) by selling approximately 3.23 billion items to Nonindicted Company 1 from December 201 to June 201, and by selling approximately 2.79 million items of approximately 5.45 billion items by selling approximately 2.7 billion items of 11 gift event, such as the attached list of crimes (1-1) through 1-11.

As a result, the defendant obtained the defendant's representative or employee's personal information by false or other unlawful means or methods in relation to the corporation's business and obtained the consent of the third party.

(2) As described in paragraph 2-b, Defendant 4, Defendant 5, and Defendant 6, etc. working in Defendant Company from December 201 to August 2014, 7,652,312 (number of specific personal information: 1,906,974 items, number of online subscription personal information: 9,295,970 items (number of specific personal information: 2,531,658 items, number of online subscription personal information: 30 million won to Defendant 7, 29,295,970 items (number of online subscription personal information: 2,531,658 items, number of online subscription personal information: 30 million won to Nonindicted Company 2,488 items (number of online subscription personal information : 2,531,658 items) without Defendant Company’s consent, and 384,284,684,296,284,288,248 items of online subscription personal information and communications services).

As a result, the defendant's employee provided the defendant's employee information to the non-indicted 1 and the non-indicted 2 without the consent of the owner of information or the user of information and communication regarding the business of the corporation.

3. Criminal facts committed by the defendant 7

No one shall receive personal information from a third party without the consent of a subject of information, while no one shall knowingly receive such personal information from a provider of information and communications services with the knowledge that the provider provides such personal information to a third party without the consent of the user.

Nevertheless, Defendant 7, the vice head of Non-Indicted Party 1’s cooperation marketing team, downloaded the non-indicted 2’s non-indicted 1’s web page with the non-indicted 2’s non-indicted 7’s non-indicted 7’s non-indicted 7’s non-indicted 1’s DNC customers, press subscribers, etc. from among the members’ information received, and then, the call center, such as the non-indicted 3, etc., obtained ex post consent by downloading the non-indicted 1’s non-indicted 1’s DNC information.

As such, from February 2013 to August 2014, Defendant 7 provided approximately 5,637,548 items (number of specific personal information: 1,841,585 items, number of online subscription personal information: 90 items) such as Defendant Company’s customer registration numbers (name, resident registration number, contact number, etc.) and other personal information (name, resident registration number, contact number, etc.) to Defendant 9 company’s customer without consent to the provision of third party information, such as the list of crimes (2-1) Nos. 1-207581, and the list of online subscription personal information: 90 items) from February 2013 to August 2014.

As a result, Defendant 7 was provided by Defendant 9’s insurance service team leader for the purpose of profit-making by the company with knowledge of the fact that Defendant 9’s customer information without the consent of the subject of information or the user was not consented to the third party information.

4. Criminal facts committed by the defendant 8

No one shall receive personal information from a third party without the consent of a subject of information, while no one shall knowingly receive such personal information from a provider of information and communications services with the knowledge that the provider provides such personal information to a third party without the consent of the user.

Nevertheless, Defendant 8, the vice head of Non-Indicted Party 2's cooperation marketing team, downloaded the non-party's non-party information to the third party's web franchising of the third party's non-party information provision that was opened on the web franchis, and received the non-party's non-party information, among the member information received, downloaded the non-party 2's DNC customers, press subscribers, etc., from among the member information received, and again, opened the selected personal information to Defendant 9's web franchis, and had the call center, such as Non-party 3, etc. obtain the subsequent consent.

As such, Defendant 8 was provided with personal information (name, resident registration number, contact number, etc.) such as Defendant 9’s resident registration number, etc. (name, resident registration number, contact number, etc.) of Defendant Company 9 without consent as indicated in the list of offenses (3-1) Nos. 1 through 3580, 715493 through 1088, and the list of offenses (3-2) Nos. 6,119,897 (number of specific personal information: 1,543,452, and the number of online subscription information: 330) even though it was well aware of such circumstances.

As a result, Defendant 8 was provided by Defendant 9’s insurance service team leader for the purpose of profit-making by the company with knowledge of the fact that Defendant 9’s customer information without the consent of the subject of information or the user is not subject to consent of the third party information.

Ⅱ. Determination

1. Determination as to joint criminal conduct in violation of the Personal Information Protection Act relating to the acquisition of personal information by unlawful means by Defendant 1, Defendant 2, Defendant 3, Defendant 4, Defendant 5, and Defendant 6

(a) Facts of recognition;

In full view of the evidence duly adopted and examined by this Court, the following facts are recognized.

1) From 200 to 200, Defendant Company: (a) was engaged in the insurance business of teco, the head office of the United Kingdom; (b) was engaged in the solicitation of Defendant Company 9’s members; (c) was engaged in providing information on customers who agreed to provide personal information to a third party from 2003; and (d) around October 2007, Defendant Company sold customer’s personal information to the insurance company. around October 1, 2009, Defendant Company concluded a business partnership agreement to sell the personal information of Nonindicted Company 1 and Defendant Company 9’s customers to KRW 1,980 per case.

2) Since around 2009, Defendant Company commenced a gift event for customers, and its major purpose was to increase sales by inducing customers to visit the store, expect the winning of prizes, and acquire and sell personal information from the customers who subscribed to the event in return for payment to the insurance company.

3) The Defendants stated in the column for the purpose of collection and use of personal information in approximately one meter, that the Defendants entered “selective lot and delivery” and “providing information for insurance marketing” in the “Personal Information Collection and Use” column, and written in the “Person Providing Personal Information to a third party” column various insurance companies, including Nonindicted Company 1 and Nonindicted Company 2, and made use of marketing materials, such as telephone and Sms for providing life, non-life insurance products, etc.” in the “Purpose of Use” column. In addition, the Defendants written in the “Purpose of Use” column that “the Defendants made and put the subscriber’s “date of birth”, “child number” column, and excluded from the premium drawing in the event of omission of signature. In addition, the Defendants written in the “Information Roster” column and written in the “Information Roster” column, and written in the “Personal Information Collection and Use Roster’s mobile phone number, etc.” and written in the “Information Roster’s mobile phone number, etc.”.

4) From December 201 to June 2014, Defendant Company 9: (a) held at 11 once a gift event, such as “I am at the end of the year” and “I am at the end of the year; (b) acquired personal information (name, date of birth, cellphone number, number of children), 7,121,140 items, and obtained consent on the management thereof (third party offer) from subscribing customers; and (c) provided Nonindicted Company 1 and Nonindicted Company 2 with the payment of KRW 1,980 per case.

B. Determination

1) Whether there is a legal obligation to notify the third party of the fact that the information is provided for compensation in the acquisition of personal information

Article 17 of the Personal Information Protection Act lists ① a personal information recipient, ② a recipient of personal information, ③ the purpose of personal information use by the recipient, ④ the items of personal information provided, ④ the period of personal information retention and use by the recipient, ⑤ the fact that the recipient of personal information has a right to refuse consent, and any disadvantage arising from the rejection of consent. In other words, the Personal Information Protection Act stipulates that the provision of personal information acquired by a personal information manager to a third party requires notification to the provider of information, but does not require notification as to whether the personal information is provided for consideration to the third party.

2) Whether obtaining consent to the provision of personal information without notifying a third party of the fact that personal information is provided at a cost constitutes “any false or other unlawful means or method”

A person who has managed or processed personal information shall not acquire, or obtain consent to, personal information by fraud or other improper means (Article 72 Subparag. 2 and Article 59 Subparag. 1 of the Personal Information Protection Act). Here, “any false or other improper means and methods” refers to affirmative and passive acts that may affect the decision-making, as they are recognized by social norms, even though the person cannot obtain, or consent to, the management of the personal information in accordance with the procedures prescribed in the Act, and as such, a deceptive scheme or other unlawful means and methods conducted to obtain, consent to the acquisition or management of such information (see Supreme Court Decision 2013Do10461, Feb. 27, 2014).

Therefore, in order for personal information controllers to constitute a false or other unlawful means and methods of obtaining consent to the provision of information without notifying the information provider of any fact, the personal information controller must be obliged to notify the information provider of such fact when obtaining consent to the provision of information.

According to the above facts, the defendants' subscription right provided by the defendants includes ① the recipient of personal information, ② the phone for information on life, non-life insurance products, etc. for the purpose of using the personal information of the recipient, ③ the name, telephone number, number of children, resident registration number, mobile phone number, ④ the period for which the recipient of the personal information has been provided, ⑤ the fact that the recipient of the personal information has the right to refuse to give consent, ⑤ the contents of disadvantage caused by the refusal to give consent. In addition, according to the evidence duly adopted and investigated by the court, the defendants provided the opportunity to subscribe a gift even to the customers who did not purchase the goods on the online and off-line store, and about about about 30% of the customers offered at the above give consent to the provision of the personal information to the third party, and thus, it is reasonable to deem that the defendants consented to the provision of the personal information to be used for their insurance company's business if they want to obtain the opportunity to receive the prizes from the customer's perspective in light of the above facts.

Therefore, even if the Defendants did not notify the fact that they provided their personal information for compensation to the insurance company, etc. and obtained the consent of the customers to provide information, it cannot be viewed that they used false or other unlawful means or methods.

3) Whether other acts listed in the facts charged constitute “any false or other unlawful means or methods”

(A) enter the matter relating to the consent in a size of 1m and making it de facto readable;

According to the evidence submitted by the prosecutor, although the size of letters on the matters related to the consent given by the Defendants to customers is recognized as about 1m, it cannot be readily concluded that the size of letters is about 1m, and the size of letters cannot be read by people. Meanwhile, according to the evidence duly admitted and investigated by the court, the Defendants: (a) immediately next to the subscription at the time of holding the gift event, attached a photograph showing the extension of subscription rights equivalent to approximately 4 times the real right to subscribe; (b) in the event of online gift events, the subscribers can be seen as expanding the contents of the subscription rights on the computer screen; and (c) in fact, the size of letters of the subscription rights in this case is widely used at various other subscription events. In light of the above facts, it is difficult to view that the Defendants made partial size of letters in order to obtain the consent to provide information from customers and made it impossible for the Defendants to read the contents thereof. Accordingly, it cannot be deemed that the Defendants’ writing the size of the invitation right to subscribe to the gift by means or other unlawful means.

B. Having the subscriber give consent to unnecessary information, such as date of birth and number of children, in addition to the name and contact point of the subscriber customer necessary for sending the winner's prize.

As seen earlier, the defendants stated the name, telephone number, number of children, resident registration number, mobile phone number, etc. as the item of personal information provided for in the gift event, and stated that the above item is excluded from the premium drawing if the information on the above item is not provided. However, the above fact that the defendants held the gift event in this case for the purpose of providing personal information to insurance companies, etc., and the defendants already stated that it is used as data for insurance marketing, such as telephone for guiding life and non-life insurance products, etc. in the context of the purpose of providing the above third party's right to subscribe, it is reasonable to view that the date of birth, number of children, etc. of the subscribers as information within the scope necessary for the insurance marketing for the purpose of providing personal information to a third party, and it does not constitute "any other fraudulent means or methods" on the ground that the defendants consented to such collection from customers.

C. Failure to pay premiums properly

(1) Such an act is merely a circumstance after collecting personal information, and it is irrelevant to the facts charged that the Defendants consented to the collection of personal information by false or other unlawful means. However, if the Defendants consented to the provision of personal information even though they did not have the intent to give a gift to the winner, the method of deceiving the winner of the gift event to collect the customer information or obtaining a third party consent to provide the information, the crime of acquiring personal information and providing a third party information by unlawful means may be established, and this is examined.

(2) In full view of the following circumstances acknowledged by the evidence duly adopted and investigated by this court, it is insufficient to acknowledge that the evidence submitted by the prosecutor alone by the prosecutor collected personal information or obtained the consent of the third party by deceiving the customers who subscribed to the gift events, and there is no other evidence to acknowledge this otherwise.

(A) In planning gift events, Defendant Company 9 did not appear to have performed the instant gift event with the intent of not paying the premium in advance, since it set the cost and budget incurred for the payment of the premium in advance through collaboration with the accounting team and carried out the event after obtaining approval therefor. The amount of the premium that is not large after the premium was granted, through the trustor, was informed by Defendant Company 9 of the winning of the winning by posting the phone directly to the winner, and if the winner did not receive the premium, the winner repeatedly posted the phone until the contact is contacted.

(B) Nonindicted 6, who was an employee of the insurance service team of Defendant Company 9, proposed that “Ismond gets off. At the time of the implementation of the gift event, Ismond” to the effect that “Is the first prize winner should not contact, but will not pay premiums.” However, Defendant 6 refused this.

(다) 피고인 9 회사의 직원이었던 공소외 5와 공소외 6은 피고인 9 회사가 시행하는 경품행사에서 경품 추첨 조작을 통해 경품을 지인들 명의로 당첨받은 뒤 이를 판매하여 재산상의 이익을 취득할 것을 공모한 뒤, 2011년 8월에 시행된 ‘썸머페스티발 자동차 10대를 쏩니다’ 경품행사에서 지인인 공소외 13이 위 경품행사의 1등 당첨자가 되게 하여 경품인 SM7승용차를 교부받게 한 것을 비롯하여, 2012년 4월에 시행된 경품행사에서 공소외 14가 1등 당첨자가 되게 하여 경품인 BMW 320d 승용차를 교부받게 하고, 2012년 12월 시행된 경품행사에서 공소외 15, 공소외 16이 위 경품행사의 1등 및 2등에 당첨되게 하여 BMW 320d 및 K7 승용차를 교부받게 하였으며, 2013년 5월 시행된 경품행사에서 공소외 17, 공소외 18가 위 경품행사의 1등 및 2등에 당첨되게 하여 순금 골드바 1kg 및 아우디 A4 승용차를 교부받게 하였다. 공소외 5, 공소외 6은 위 사건으로 개인정보보호법위반죄가 아니라 형법상 피고인 9 회사에 대한 업무방해 및 업무상배임죄로 기소되어 2014. 12. 18. 각 유죄판결을 선고받았으나, 피고인들은 위 사건으로 공소제기된 바가 없다.

(d) providing collected customer information to the insurance company and receiving fees;

This act is merely an act after collecting personal information, and it is irrelevant to the facts charged that the defendants had the customers agree to collect personal information by false or other unlawful means.

C. Sub-committee

Therefore, the evidence submitted by the prosecutor on the charge of violation of the Personal Information Protection Act relating to the acquisition of personal information by the illegal means by Defendant 1, Defendant 2, Defendant 3, Defendant 4, Defendant 5, and Defendant 6 is insufficient to recognize it, and there is no other evidence to acknowledge it.

2. Determination as to the violation of the Act on Promotion, etc. of Information and Communications Network Utilization and Information Protection (Leakage of Personal Information) relating to the provision of undisclosed personal information by Defendants 4, 5, and 6

A. Summary of the facts charged

A personal information manager may not provide personal information to a third party without the consent of the subject of information, and the provider of information and communications services may not provide personal information to a third party without the consent of the user. Nevertheless, the Defendants ordered the insurance service team to Nonindicted 4, Nonindicted 5, and Life Insurance Workers, Nonindicted 6, Nonindicted 7, and Nonindicted 8 to provide information to Nonindicted Company 1 and Nonindicted Company 2 from among the members of the Defendant Company 9’s shoulder cards without the consent of the third party’s information provision, and provided it by means of enabling Nonindicted Company 1 and Nonindicted Company 2 to download the personal information from Nonindicted Company 1 and Nonindicted Company 2.

B. Defendants’ assertion

The Defendants provided the database containing personal information to Nonindicted Company 1 and Nonindicted Company 2 without the consent of the user. However, this does not constitute the provision of personal information to a third party, but merely entrusted Defendant 9’s business to the said insurance company, which selects the subject of insurance marketing in advance among the personal information database, with the management of the said insurance company. The Defendants’ above act does not constitute a crime.

C. Determination

1) Facts of recognition

According to the evidence duly adopted and investigated by this Court, the following facts are recognized:

A) Defendant Company 9 provided information from a customer who has agreed to provide a third party among the members of a member with a third party (so, FMC DB) and information from a third party at a premium event. Of FMC DB, with respect to a customer who has not yet consented to the provision of a third party, Defendant Company 9 provided a third party via a telephone at the call center of Nonindicted Company 3, which was concluded with Defendant Company 9, with an insurance company, such as Nonindicted Company 1 and Nonindicted Company 2. After analyzing the customer information provided by Defendant Company 9, the said insurance company analyzed the customer information provided by Defendant Company 9, without wanting to receive a telephone for the explanation of insurance products, customer who has already been under an insurance contract, customer who has been engaged in telemarketing, customer who has been engaged in telemarket marketing, and customer who has been listed in the video list within the last six months or 12 months, and carried out the above online service by Defendant Company 9 and carried out the online service.

B) On October 1, 2009, Defendant Company entered into an entrustment contract with Nonindicted Company 3 on the handling of personal information, and the main contents thereof were to be carried out by Nonindicted Company 3, and Defendant Company 9 was to pay Nonindicted Company 3 250% of the initial payment of the monthly premium to Nonindicted Company 3, in a case where the customer who agreed to provide information finally entered into an insurance contract as above. However, Defendant Company 9 and Nonindicted Company 3 changed the method of paying fees on February 1, 2010 to pay the fee per customer who consented to the provision of information, regardless of whether the customer who consented to the provision of information entered into an insurance contract.

C) Around October 2009, Defendant Company entered into a business partnership agreement with Nonindicted Company 1 and Nonindicted Company 2 on or around August 2009. The main contents thereof are: (a) the customer’s information agreed to provide information is transferred to the said insurance company; (b) the customer finally entered into an insurance contract with the said insurance company; (c) the customer was paid 400% of the initial premium for the monthly payment or 320% of the fees; (d) from May 3, 2010 (in the case of Nonindicted Company 2, around June 201), the customer was paid KRW 2,800 per personal information changed in the payment method; and (e) the customer did not want to receive calls for explanation of insurance products among the personal information provided by Defendant Company 9; (e) the customer who was already covered by the insurance contract; (e) the customer who was engaged in telemarket marketing within the last six months or 12 months; and (e) the customer’s portion remaining after calculating the fees for the Defendant Company 9’s personal information.

D) Due to the above change in the method of calculating fees, Defendant Company 9 made efforts to require the insurance company to relax the conditions of rupture in order to reduce the rate of personal information coming from rupture through rupture among database of customers’ consent to provide to the insurance company. However, in around 2011, the amount of DB already secured has decreased, among DB, and the rate of DB effective for Defendant Company 9 to rupture up to 1’s web page (this rupture rate) has gradually deteriorated, such as that the rate of 9’s new rupture (this rupture rate) would have been gradually decreased. Accordingly, Nonindicted Company 5, who had been engaged in the insurance service team of Defendant Company 9, proposed the so-called rupture for Nonindicted Company 2 and 1 to obtain prior consent from Defendant Company 9 to 1, which would have been subject to the previous third party’s consent. The content of Defendant Company 9 would also have been able to obtain prior consent to the rupture.

2) Whether personal information is provided by a third party and is entrusted with the management of personal information

A) Legislation

Article 17(1) of the Personal Information Protection Act provides that a personal information manager may provide a third party with such personal information only when the consent of the subject of information is obtained, and Article 24-2(1) of the Act on Promotion of Utilization of Information and Communications Network and Information Protection (hereinafter “Information and Communications Network Act”) provides that a provider of information and communications services cannot provide such personal information to a third party without consent of the user.

On the other hand, Article 26 of the Personal Information Protection Act and Article 25 of the Information and Communications Network Act stipulate various requirements on the premise that personal information managers or providers of information and communications services can entrust the management of personal information acquired to a third party.

B) Legislative intent of personal information management entrustment

The legislative intent of the Personal Information Protection Act and the Information and Communications Network Act to allow a third party to provide personal information without the consent of a subject of information is to consider the practical necessity of a large number of companies to process personal information-related affairs as a personal information manager or an information and communications service provider to an external company through a classing, and to allow a third party to entrust the management of personal information to the extent that it does not infringe the right of self

C) Standard for distinguishing between provision of personal information to a third party and entrustment of management of personal information

Based on such legislative intent, the provision of personal information to a third party and the provision of personal information to a third party and the entrustment of personal information management to a third party are identical in terms of the transfer of personal information to a third party. However, the provision of personal information to a third party is transferred for the purpose of managing the third party's business (for example, the use of insurance marketing data in this case) and the benefit of the third party. However, in the case of the entrustment of personal information management, the personal information is transferred to a third party for the benefit of the personal information manager (see Supreme Court Decision 2011Do1960, Jul. 14, 201).

D) Specific review

(1) We examine whether the transfer of personal information to conduct the instant prior pening is a business for Defendant Company 9 or a business for an insurance company.

The following facts revealed in light of the above facts, i.e., advance pening was conducted in order to reduce the scope of persons subject to advance pening due to the provision of personal information by Defendant Company 9. DB provided for advance pening to Defendant Company 7 and Nonindicted Company 2’s Defendant 8. The purpose of the advance pening was to reduce the frequency of advance call calls with the consent of the third party to provide personal information through Nonindicted Company 3, and to improve the rate of return by reducing the number of times of advance call calls with the consent of the third party from the customer through Nonindicted Company 3. The post pening was conducted by an insurance company for the purpose of reducing the scope of persons subject to advance pening. On the other hand, it is reasonable to view that the insurance company’s advance pening was not an insurance company’s prior business for the purpose of offering the personal information to Defendant Company 9, but it is reasonable to view that the insurance company’s advance call was not an insurance company’s business for the purpose of offering the personal information to Defendant Company 9.

(2) We examine whether the transfer of personal information for the instant advance pening is intended for the interests of Defendant 9 Company or for the interests of the insurance company.

As seen earlier, Defendant Company 9’s purpose of requesting an insurance company to conduct a pre-ruptureing is to reduce relevant time, expenses, and efforts by failing to conduct a pre-rupture call to customers who walk in advance. On the other hand, from the perspective of an insurance company, the number of persons to conduct pening is likely to increase if the rupture is performed before obtaining consent to provide a third party’s personal information, and the number of persons to conduct pening is likely to increase the amount of business. The conditions of the pre-ruping performed by the said insurance company appear to be the same as the conditions of post pening. In full view of the following, it is reasonable to view that the Defendants’ transfer of personal information to the insurance company for pre-ruping of the instant case is for Defendant Company’s interest.

D. Determination

Thus, Nonindicted Company 1 and Nonindicted Company 2 shall be deemed to have the status of trustee who performs part of Defendant 9’s call duties on behalf of Defendant 9 rather than a third party prescribed by the Personal Information Protection Act and the Information and Communications Network Act. The evidence submitted by the Prosecutor alone is difficult to recognize that the Defendants provided a non-exclusive personal information to a third party, and there is no other evidence to acknowledge this.

3. Defendant 9

As seen earlier, insofar as the facts charged against Defendant 1, Defendant 2, Defendant 3, Defendant 4, Defendant 5, and Defendant 6 did not prove a crime, the instant facts charged against Defendant 9 on the premise of the crime also did not prove a crime.

4. Defendants 7 and 8

The summary of the facts charged against the Defendants is that the Defendants, working for an insurance company, obtained the information pertaining to the third party’s information that was set up on Defendant 9’s web hump in the same manner as stated in paragraph (b) of Article 2 of the facts charged for the purpose of profit-making by the company, by downloading the information pertaining to the third party’s non-party information provision, and as seen earlier, Nonindicted Company 1 and Nonindicted Company 2, not the third party prescribed in the Personal Information Protection Act and the Information and Communications Network Act, have the status of a trustee who performs part of the call work of Defendant 9 for Defendant Company for the purpose of Defendant Company 9. The evidence submitted by the prosecutor alone is difficult to find that the Defendants received the non-exclusive personal information

III. Conclusion

Therefore, since the facts charged against the Defendants constitute a case where there is no proof of crime, the latter part of Article 325 of the Criminal Procedure Act provides that the Defendants shall be acquitted under the latter part of Article 325 of the Criminal Procedure Act, and the summary of the judgment against the Defendants shall be

[Attachment]

Warrant of Judge Injury