South Korea

Can a company read employees' emails?

Article 15
PIPA consent rule
Article 7
Labor Standards Act
30 days
Email retention limit
Written notice
Required disclosure
The Short Answer

Yes, but only under strict conditions: with employee consent, for legitimate business purposes, and in compliance with the Personal Information Protection Act and Labor Standards Act.

What the Law Says

South Korean law permits employers to monitor employee emails only when strictly compliant with privacy and labor statutes. Consent, transparency, and proportionality are mandatory.

Under the Personal Information Protection Act (PIPA), a company may process employees' personal information—including email content—only if it obtains prior, specific, and written consent (Article 15). Consent must be freely given and revocable.

The Labor Standards Act (Article 7) requires employers to notify employees in writing about any monitoring policies—including email surveillance—before implementation. This notice must specify the purpose, scope, method, and duration of monitoring.

PIPA also mandates that personal information be retained only for the minimum period necessary. For work-related emails containing personal data, retention is generally limited to 30 days unless justified by law or contract.

Unauthorized email monitoring without consent or notice violates PIPA and may trigger administrative fines of up to ₩30 million (approximately USD 22,000) under Article 71.

Statutory Text

A personal information handler shall obtain the data subject’s consent before processing personal information.

Personal Information Protection Act, s. 15 — Consent Requirement
Statutory Text

An employer shall notify workers in writing of matters concerning working conditions, including rules on monitoring and use of communication tools.

Labor Standards Act, s. 7 — Notification of Working Conditions

What to Do

1

Obtain explicit, written consent from each employee before monitoring emails.

2

Issue a clear, written internal policy explaining what emails may be monitored, why, and how long data will be kept.

3

Limit monitoring to work-related accounts and exclude clearly personal communications unless legally justified.

4

Train HR and IT staff on PIPA and Labor Standards Act compliance.

5

Conduct annual reviews of monitoring practices and update consent and notices as needed.

Sources

statutePersonal Information Protection Act, s. 15 — Consent RequirementstatuteLabor Standards Act, s. 7 — Notification of Working Conditions

Same Question, Other Jurisdictions

GermanyCanadaAustraliaIrelandSingaporeEuropean UnionIndiaUKUS FederalUS-CaliforniaUS-New YorkCompare all →

Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.