Outbound Call Regulations in South Korea

How to Use the DNC List: Companies operating outbound call centers must consult the official DNC database. The KFTC's "Do Not Call" portal (donotcall.go.kr) allows businesses to upload or query phone numbers against the opt-out list.

Industry-Specific DNC (Finance): In addition to the general DNC list, the financial services industry in Korea operates a separate "Do Not Call" system for financial marketing.

"Do Not Originate" (DNO) and Call Blocking: While South Korea doesn't use the term "Do Not Originate" as a formal public program like in some other countries, regulators have taken steps to block fraudulent or spoofed calls at the network level. Under the Telecommunications Business Act, telecom carriers are obliged to prevent misuse of caller ID and block calls from numbers that should not originate traffic.

Consent Requirements for Calls: To make marketing calls or send advertising messages, a business generally must have the person's prior consent to receive such calls.

Data Minimization and Purpose Limitation: PIPA mandates that personal data (e.g. phone lists) be used only for the specific purposes agreed to by the individual.

Privacy Notices and Transparency: When collecting phone numbers (for example, via a website signup or purchase), organizations must provide a clear privacy notice stating the purpose of collection (such as future marketing contact), how the data will be used, and how long it will be retained.

Cross-Border Data Transfers: Notably, South Korea imposes restrictions on transferring personal information overseas. If an outbound calling operation in South Korea sends call recordings or customer data to an offshore call center (or if a foreign entity is accessing Korean customer data), PIPA requires explicit consent from the individuals for the overseas transfer.

Domestic vs. Foreign Entities – Same Obligations: PIPA applies to any entity processing Korean personal data, regardless of whether the company is based in Korea or abroad. Recent guidelines issued by the Personal Information Protection Commission clarify that foreign businesses targeting Korean consumers or handling Korean personal data are subject to PIPA.

GDPR Comparisons: Like the GDPR, PIPA grants individuals rights to access and delete their personal data and requires transparency and security protections.

Telemarketing and Sales Law: Outbound call centers engaged in telemarketing are governed by the Act on Door-to-Door Sales, etc. (which covers telemarketing sales). This law places specific obligations on call interactions. For example, at the start of a call, a telemarketer must clearly inform the consumer that this is a sales/solicitation call, and provide their identity and purpose: they should state their name or company name and mention the product/service they are promoting.

Call Recording Rules: Call centers often record calls for quality or training. Under current Korean law, call recording is allowed on a one-party consent basis, meaning as long as either the caller or callee consents, the recording is lawful.

Caller ID and Number Display: By law, telemarketers must not spoof or conceal their caller identification. The number shown to call recipients should be a valid callback number or one registered to the calling entity. Telecom regulations (enforced by the KCC and MSIT) were strengthened in 2015 to combat caller ID spoofing.

No Unsolicited Automated Dialing: Auto-dialers and random number generation for calls are tightly controlled. It is illegal to use technical means to randomly generate phone numbers (for example, war-dialing sequences) to call people without their consent.

Calling Hours and Practices: While South Korean law doesn't specify exact "telemarketing calling hours" in the statutes, authorities expect reasonable calling times. Industry best practices and guidelines from consumer authorities suggest avoiding early morning or late-night calls to consumers. The concept of harassment is covered under general consumer protection – repeatedly calling at odd hours could be seen as an aggressive practice. The Korea Communications Commission (KCC) and Korea Consumer Agency have received complaints about nuisance calls, and regulators could deem excessively frequent calls or calls at inappropriate times as a violation of the consumer's rights.

Disclosure of Information Source: A unique requirement in South Korea (since September 2016) is that telemarketers must disclose the source of the consumer's contact information during a sales call.

Call Recording Disclosure & Consent (Financial Calls): If the outbound calls involve financial products (insurance, loans, etc.), additional rules from the financial regulator (e.g. Financial Supervisory Service) may apply. Often, insurance telemarketing calls in Korea must be recorded and the recordings retained as evidence of compliance.

Other Relevant Authorities

Depending on the content of calls, other regulators can come into play. For example, the Financial Supervisory Service (FSS) governs telemarketing of financial products, setting additional requirements for script approval, mandatory disclosures, and cooling-off periods.

Telemarketing Business Registration: Companies (domestic or foreign) that engage in telephone solicitation sales to consumers are required to register or file a report before operating.

Do-Not-Call (DNC) Registry Portal: The official DNC registry is an essential database for outbound call compliance. The portal (donotcall.go.kr), managed by KFTC/KCA, has a Consumer section for opt-out registration and a Business section for number scrubbing.

Opt-Out and Consent Management Systems: Beyond the government-run DNC, companies should maintain their internal do-not-call lists. If any consumer directly requests the company to stop calling (even if they never put their number on the national DNC), the company must honor that request.

PIPA Compliance and Registration: Under PIPA, certain businesses might have to register their data processing activities or at least appoint local representatives. Notably, foreign companies without a local presence but subject to PIPA (because they target Korean consumers) are encouraged by PIPC to designate a representative in Korea.

Spam Message Sender Registration: If an outbound contact center also sends bulk SMS or automated messages via the internet, there is a related registration requirement. An amendment to the Telecommunications Business Act requires that businesses who send bulk SMS/MMS from websites or PC applications (often used for telemarketing or notifications) register with the MSIT.

Enforcement and Reporting Databases: The DNC portal includes a feature for consumers to report violations – e.g., if they got a call from a company after opting out, they can lodge a report which goes into a database for KFTC to follow up.

Extraterritorial Application: South Korea's telemarketing and data privacy laws apply to foreign companies if they target South Korean consumers. This means that a call center located overseas, placing calls into South Korea (for example, a Philippines or India-based center calling on behalf of a Korean company, or a foreign online retailer cold-calling Korean customers) must abide by the same rules as domestic entities.

DNC and Consent for Foreign Callers: A foreign telemarketing firm cannot evade DNC rules by calling from abroad. In practice, many foreign call centers work on behalf of Korean companies, who provide the phone lists. The Korean client company would be responsible for ensuring the list is scrubbed against the DNC registry and that consent was obtained (and could be held liable if the rules were broken).

Calling Number Presentation: Foreign call centers often use local Korean numbers (through VoIP gateways or local telecom partners) to improve pickup rates. If they do so, they are fully subject to Korean telecom rules. They must not spoof numbers improperly – usually the local carrier will allocate a number range for their use. International dialing into Korea is monitored; Korean carriers will mark or announce calls that originate abroad, especially if the caller ID seems to be Korean to catch spoofing.

Data Transfer and Local Representation: If a foreign company is handling the personal data of Koreans (like a list of customers) in its home country, it must secure consent for cross-border transfer as mentioned earlier.

Enforcement on Foreign Entities: Korea can enforce its regulations on foreign companies through several methods:

• Network-level blocking: Telecom providers can block calls from numbers associated with non-compliant foreign entities
• Administrative fines: Through international cooperation mechanisms
• Market access restrictions: Banning the foreign entity from future business in Korea
• Local partner liability: Holding Korean business partners responsible for the foreign entity's actions

Practical Compliance Steps for Foreign Call Centers:

• Partner with Korean legal counsel or consultants specializing in telemarketing regulations
• Establish a formal relationship with a local Korean entity who can assist with DNC database access
• Use proper Korean numbers through authorized channels (legitimate Korean DIDs)
• Train staff on Korean rules, including proper call introduction and disclosure requirements
• Implement robust consent management for PIPA compliance
• Consider appointing a local representative for regulatory communications