개인정보보호 체계 발전 방안에 대한 연구

주상현,최병훈,이진용,전삼현,Sang-Hyun Joo,Byoung-Hoon Choi,Jin-Yong Lee,Sam-Hyun Chun 한국인터넷방송통신학회 2024 한국인터넷방송통신학회 논문지 Vol.24 No.4

개인정보 보호를 위한 통합 컨트롤 타워로서 2020년 8월에 개인정보보호위원회가 출범하였으나 개인정보보호 운영 체계상 몇 가지 문제점이 지적되고 있다. 먼저 우리나라의 개인정보 보호 체계는 공공과 민간을 함께 규율하는 통합법 체계를 가지고 있음에도 불구하고 개인신용정보 보호 기능은 금융위원회가 담당하고, 개인위치정보 보호 기능은 방송통신위원회가 그대로 담당하는 등 보호 기능의 불완전한 통합으로 원활한 개인정보 보호 기능을 하기 어렵다는 지적이 있다. 다음으로 공공부문 개인정보 유출 사고가 증가하고 있음에도 이를 효율적으로 조사할 전문성을 갖춘 인력과 전문 지원기관이 부족한 문제가 있고, 디지털 통상시대를 맞이하여 글로벌 IT 기업의 자국 내 개인정보 침해에 대한 효율적인 대응체계가 부족하여 국민의 개인정보 보호가 약화 될 우려가 있다. 이러한 문제를 해결하고자 해외사례와 문헌들을 검토하여 다음과 같은 방안을 제시하였다. 첫째, 신용정보와 위치정보에 대한 개인정보 보호 감독 기능을 개인정보보호위원회로 일원화 할 필요가 있다. 둘째, 공공부문 개인정보 유출 사고에 대응하기 위해 전문인력 확보와 전문기관 설립 등 전문성 확보가 필요하다. 셋째, 디지털 통상시대에 국민의 개인정보보호를 위한 국내 대리인지정제도 활성화와 국제 공조 체계 구축 필요성을 제기하였다. 이와 같은 개인정보 보호 체계 발전 방안으로 한층 체계화된 개인정보보호가 이루어질 것으로 생각한다. The Personal Information Protection Commission was launched in August 2020 as an integrated control tower for personal information protection, but several problems have been pointed out in the personal information protection operation system. First, despite the fact that Korea's personal information protection system has an integrated legal system that regulates both the public and private sectors, it has been pointed out that it is difficult to carry out smooth personal information protection functions due to incomplete integration of protection functions, such as the Financial Services Commission being in charge of personal credit information protection and the Korea Communications Commission being in charge of personal location information protection. Next, despite the increasing number of public sector personal information leakage incidents, there is a lack of personnel with expertise and specialized support organizations to efficiently investigate them, and there is a concern that the lack of an efficient response system to personal information infringement by global IT companies in Korea in the era of digital commerce may weaken the protection of citizens' personal information. In order to solve these problems, I reviewed overseas cases and literature and proposed the following measures. First, it is necessary to centralize the personal information protection supervision function for credit information and location information to the Personal Information Protection Commission. Second, it is necessary to secure expertise by securing specialized personnel and establishing specialized institutions to respond to public sector personal information leakage incidents. Third, it is necessary to revitalize the domestic agency designation system and establish an international cooperation system to protect people's personal information in the digital commerce era. I believe that these measures to develop the personal information protection system will lead to more systematic personal information protection.

개인정보보호법상의 형사처벌 규정에 관한 연구

정혜욱(Choung, Hye-Uk) 중앙대학교 법학연구원 2011 法學論文集 Vol.35 No.3

Previously, Korean personal information protection was considered to be incomplete for covering only the public affairs. On September 30th, 2011, however, Korea enacted personal information protection act and extended its coverage by including private affairs. Since then, Korean personal information protection has become an intact system. The momentum for this extension of the protection range was served by the major personal information leakages centered on the private enterprises. ‘SK Broadband’, ‘Auction online auctioning site’, ‘Hyundai Capital’ cases are the few examples. legal benefit the personal information protection act essentially protects is the rights of informational self-determination. The rights of informational self-determination directly originated from the privacy act, article 17 of the constitutional law. Similar to tranquility of the habitat, personal information falls into the area of privacy and therefore is the subject of constitutional protection. Even though the protection for personal information is the fundamental human rights prescribed by the constitutional law, the absence of practical act to support its protection led to deal its violation only by civil means.as personal information protection law is enacted along with corresponding penalty, the rights of informational self-determination became one of the fundamental human rights that is directly protected by the constitutional law. Violation of the rights of informational self-determination has the property of intruding the control of personal information by the subject of rights. According to this property, the collection and processing of the personal information under the subject’s consent is exempted from the punishment.there exists an opposition between how one would describe the exemption of the penalty under consent of the subject of information. One is by distinguishing between agreement which removes the elements of an offense and approval which precludes the wrongfulness. The other one is by deciding either on the circumstances of the removing the elements of an offence or the circumstances precluding wrongfulness. For the latter case, it is often said that it is practically impossible to distinguish between approval and agreement and that no benefit arises from such distinction. However, this is not the case. the violation of the rights of informational self-determination, the consent of the information subject should be considered as agreement that removes the elements of an offence. This is analogous to theft where the violation of ownership of the goods occur. For example, if the owner of goods gives consent and the other acquires them, the elements of an offence are not comprisable.offender of the violation of the rights of informational self-determination is fundamentally the information processor. Here, the information processor can be public institution, corporation, organization, or individuals, etc. who, for business purposes, wish to process personal information by themselves or through the means of other people. According to this definition, all the people who process personal information is the offender. The basic structure of the system is as follows. The person in charge of the information processing is subjected to punishment as offender and the corresponding corporation or organization is fined only when it is subjected to penalty against employer and employee.the violation of the rights of informational self-determination is subjected to punishment except the collection of information without consent. In regards to collection, if the collector does not receive consent from the information subject, only the fine will be levied on him. However, if he commits fraud while obtaining consents, he is subjected to punishment.

개인정보보호 법제 정합성 강화를 위한 고찰- 정보통신망법과 신용정보법을 중심으로 -

김일환 단국대학교 법학연구소 2018 법학논총 Vol.42 No.1

「Personal information protection act」 as general law stipulates that the relationshipwith other laws shall be subject to the provisions of this Act except as otherwiseprovided in Article 6 of the Act. Accordingly, since 「Personal Information ProtectionAc」t is a general law in this field, the personal information protection regulations in「Act on Promotion of Information and Communication Network Utilization andInformation protection」 are special laws on the protection of personal information. However, the provisions of 「Personal Information Protection Act」 and existingpersonal information protection laws are largely duplicated. As a result, it isconfusing for the intervention of multiple regulatory bodies as well as for the lawsthat apply to the legal applicants. There are many laws and institutions related topersonal information protection in Korea, but it is doubtful that such laws andinstitutions give the personal information processors predictability and protect therights of information subjects. Now, we should think about the direction of enhancingthe normative power of related laws rather than revising or revising new laws. Inorder to do so, we first need to ensure the integrity of personal informationprotection laws. Personal information protection general laws and Personal informationprotection special laws should be reviewed to eliminate unnecessary laws andregulations. I believe that even if unnecessary laws related to personal information exist in accordance with ministry selfishness and various interests, only a lot ofapplication confusion and interpretation mistakes in practice are resolved. If 「Act onPromotion of Information and Communication Network Utilization and Informationprotection」 leave a wide range of privacy regulations intact, ultimately, 「PersonalInformation Protection Act」 is a general law and its meaning is diminished and isbound to be reduced or eliminated. However, there is no theoretical or practicalnecessity to exist as a special law any more, although 「Act on Promotion ofInformation and Communication Network Utilization and Information protection」,which is the most problematic at present, does not abandon its role as a general lawwith the appearance of a special law. Therefore, according to 「Act on Promotion ofInformation and Communication Network Utilization and Information protection」, theprotection of personal information should be deleted and abolished and integratedwith the general corporate personal information protection law. Secondly, 「CreditInformation Use and Protection Act」 should have legislative forms and systems thatregulate the contents to be specifically regulated as a special law, even if thenecessity to regulate personal information in a specific area of credit information isacknowledged to some extent. You should not try to make the appearance of generallaw as it is now. 일반법인 개인정보보호법은 다른 법률과의 관계에 대하여 제6조에서 다른법률에 특별한 규정이 있는 경우를 제외하고는 이 법에서 정하는 바에 따른다고 규정하고 있다. 이에 따라서 개인정보보호법이 이 분야의 일반법이므로 정보통신망법상 개인정보보호규정 등은 개인정보보호에 관한 특별법으로서 해당부문에서는 이러한 법규정들이 우선 적용된다. 하지만 개인정보보호법과 기존의 개인정보보호 관련 개별법들의 규정들이 상당부분 중복되고 있다. 이에 따라서 법적용대상자가 보기에는 적용되는 법률들은 물론, 복수의 규제기구의 개입에 대해서도 혼란을 느끼고 있는 실정이다. 현재 우리나라에서는 개인정보보호 관련 법률과 제도들은 많이 있으나, 그러한 법률과 제도들이 개인정보처리자들에게 예측가능성을 부여하고, 정보주체의 권리를 충분히 보호하고 있는지는 의심스럽다. 이제 새로운 법률의 제⋅개정보다는 관련 법률들의 규범력을 높이는 방향으로 고민해해야 한다. 그러려면 먼저 개인정보보호법제의체계정합성을 확보해야 한다. 개인정보보호 일반법과 특별법들을 검토해서 불필요한 법률이나 규제는 과감히 정비, 폐지해야 한다. 부처이기주의나 각종 이해관계 등에 따라 존재하는 개인정보보호 관련 불필요한 법률들만 정비하더라도 실무계에서 겪고 있는 상당수의 적용상 혼란과 해석상 오류는 해소되리라믿는다. 정보통신망법에 광범위한 개인정보보호규정을 그대로 두게 되면 결국개인정보보보호법은 일반법으로서 그 의미가 퇴색되고 적용대상이나 범위가줄어들거나 없어질 수밖에 없다. 그렇다면 현재 가장 문제가 되고 있는 법률중 정보통신망법은 특별법의 외관을 가진 채 일반법으로서 역할을 포기하지않으려 하고 있지만, 더 이상 특별법으로서 존재해야할 이론적, 실무적 필요성이 존재하지 않는다. 따라서 정보통신망법상 개인정보보호부분은 삭제, 폐지하고 일반법인 개인정보보호법과 통합해야 한다. 다음으로 신용정보법은 신용정보라는 특수한 영역의 개인정보를 규율할 필요성은 일정부분 인정한다 하더라도 특별법으로서 특별히 규율할 내용을 별도로 규정하는 입법형식과 체계를갖추어야지, 지금처럼 일반법의 외관을 갖추려 해서는 안 된다.

개인정보 보호법과 다른 법률 간의 정합성 연구

이부하 충북대학교 법학연구소 2023 과학기술과 법 Vol.14 No.1

The consistency between the 「Personal Information Protection Act」 and other laws related to personal information is an issue. It is necessary to investigate the relationship between the 「Personal Information Protection Act」 and the Credit Information Act and between the Personal Information Protection Act and the Location Information Act. As a problem of systematic and consistent support for the protection of the rights and interests of the data subject, it is difficult to confirm the inconsistency of applicable laws and support organizations for rights relief when rights relief is necessary. It is necessary to amend the law on the subject and scope of application of the Personal Information Protection Commission, which has the general supervision of ʻpersonal information protectionʼ. It is necessary to establish a senior supervisory body to perform the role of managing and supervising all workplaces that process personal information. The hierarchical hierarchy of supervisory bodies should be rearranged, and senior supervisory bodies should be set up to separate them by sector. Supervisory body should be performed personal information protection through compliance with personal information protection principles, receipt of reports on personal information infringement notices and handling of complaints, cooperation between personal information processors and consignees, and mutual support and cooperation with the Personal Information Protection Committee. According to the revision of the Credit Information Act, similar or overlapping contents to the 「Personal Information Protection Act」 were changed to apply the 「Personal Information Protection Act」, but there are some differences in the contents of the two laws. While the Credit Information Act includes statistical and industrial research on the use of pseudonymous information, the 「Personal Information Protection Act」 has no explicit regulations, so there is a difference in interpretation. In addition, the reason for obtaining the consent of the information subject under the Credit Information Act, exceptions, and the format of the consent form are stipulated differently from the 「Personal Information Protection Act」, causing confusion. It is difficult to confirm the inconsistency of the applicable law and the organization supporting the relief of rights when remedies are applied. When personal information is leaked to credit information companies, excluding commercial enterprises and corporations, it is stipulated that the Financial Services Commission has jurisdiction. It is necessary to improve the subject and scope of application of the Personal Information Protection Committee, which has the general supervision of ʻpersonal information protectionʼ. In order to resolve the confusion in the application of personal information, the 「Personal Information Protection Act」 should be basically applied, and the Personal Information Protection Committee should perform professional and systematic supervision in each area. After deleting provisions similar to the 「Personal Information Protection Act」 in the Credit Information Act, make the 「Personal Information Protection Act」 apply as the basic law, and stipulate only the provisions requiring exceptions in the Credit Information Act.

개인정보 관련 법령의 실무적 운영과정에서 드러난 문제점과 개선방향

박광배 사법발전재단 2017 사법 Vol.1 No.40

우리나라는 일반법인 개인정보 보호법과 정보통신망 이용촉진 및 정보보호 등에 관한 법률(이하 ‘정보통신망법’), 신용정보의 이용 및 보호에 관한 법률(이하 ‘신용정보법’) 등의 특별법을 통해 개인정보보호에 관하여 규율하고 있다. 이러한 법령들은 개인정보의 성격(개인정보, 개인신용정보), 적용대상(개인정보처리자, 정보통신서비스 제공자, 신용정보회사 등) 등을 기준으로 다양한 규율을 하고 있지만, 정보기술의 발달로 인한 다양한 정보처리 방식의 대두, 온·오프라인을 동시적으로 사용하는 사업의 증가 등으로 인해 그 구체적인 적용에 있어 많은 혼란을 가져오고 있는 실정이다. 본고에서는 이와 관련하여 아래와 같은 일곱 가지 쟁점을 검토하였다. 첫째, 개인정보 개념은 위와 같은 개인정보보호 법령의 적용 여부를 결정하는 중요한 개념이라 할 것인데, 그 해석에 관하여 확립된 원칙이 존재하지 않는다. 특히 누구를 기준으로 ‘식별가능성’ 요건의 충족 여부를 판단할 것인가에 관하여 학설과 판례의 대립이 있는데, 필자는 개인정보처리자를 기준으로 이를 판단하는 상대설이 타당하다고 본다. 그러나 ‘식별’ 개념에 관하여는 아직 충분한 논의조차 이루어지고 있지 않은바, 앞으로 이 부분 논의가 활발하게 이루어질 필요가 있다. 둘째, 공개된 개인정보의 취급에 관하여도 논란이 존재하며, 공개된 개인정보라 할지라도 개인정보 보호법 제15조 및 제17조에 따라 정보주체의 사전 동의를 얻어야 한다는 견해도 존재하나, 최근 대법원 2016. 8. 17. 선고 2014다235080 판결이 정보주체의 동의가 있었다고 객관적으로 인정되는 범위 내에서 개인정보를 수집 내지 제공하는 경우에는 정보주체의 별도 동의가 필요 없다고 판시함으로써 공개된 개인정보의 활용과 정보주체의 보호를 조화할 수 있는 길을 열었다. 앞으로도 공개된 개인정보 취급에 있어 이와 같이 정보의 활용과 정보주체의 조화의 균형을 도모할 필요가 있다. 셋째, 개인정보 보호법, 정보통신망법, 신용정보법이 모두 개인정보의 보호에 관하여 규율함으로 인하여 각 법률들 간의 모순과 충돌이 발생하고 있다. 유럽이나 일본의 사례와 같이 개인정보보호 관련 법규를 적절히 통일할 필요가 있다. 넷째, 개인정보보호 법령상 정보주체의 동의는 정보주체의 개인정보 자기결정권을 보호하기 위하여 마련된 제도이나, 현실적으로 동의의 존재로 인하여 오히려 정보주체의 선택권이 박탈당하는 역설적 결과가 발생하고 있다. 그럼에도 불구하고 우리 개인정보보호 법령은 동의의 획득이라는 측면에 치우쳐 개인정보주체의 실질적 보호에 소홀한 한편, 개인정보의 활용도 어렵게 하고 있다. 이러한 동의 만능주의 내지 동의 형식주의는 조속히 극복될 필요가 있다. 다섯째, 우리나라의 개인정보보호 법령상 제재는 형사처벌에 집중되어 있는바, 이는 세계적으로 유례가 드문 방식이다. 이로 인하여 개인정보처리자들이 개인정보의 활용에 보수적이 되는 문제가 발생하고 있다. 더욱 심각하게, 형사처벌 규정들이 실제 위반행위의 중대성에 비례적이지 않은 부분도 드물지 않게 관찰된다. 형사처벌을 최소화하고, 민사 또는 행정적 제재 위주로 운영하는 방안을 검토해 볼 필요가 있다. 여섯째, 제3자 제공과 처리위탁에 관한 규율을 정비할 필요가 있다. 현재 제3자 제공과 처리위탁의 구분이 모호하며, 이러한 구분을 성공... In Korea, the collection and management of personal information is governed by relevant statutes, such as the Personal Information Protection Act (hereinafter “PIPA”), the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (hereinafter “Information Communications Network Act”), and the Credit Information Use and Protection Act (hereinafter “Credit Information Act”). Albeit the aforementioned statutes (hereinafter collectively referred to as “Data Protection Laws”) provide a wide range of regulations depending on the type of personal information (e.g., personal information or personal credit information) and subjects thereto (e.g., data handlers, information and communications service providers, and credit information companies), the actual enforcement of such regulations is becoming increasingly convoluted due to the emergence of various data processing methods stemming from advances in information technology and growing number of companies conducting business through both online and offline channels. Against this backdrop, this paper seeks to highlight and further discuss the following seven issues. First, the concept of personal information is of vital importance when determining the applicability of Data Protection Laws but nonetheless, there is no established interpretation regarding the concept thereof. Notably, there are opposing views between jurisprudence and judicial precedents regarding whose perspective should be considered when determining “identifiability” (this paper takes the view that the perspective of data handlers should be considered). However, given the lack of discussions regarding the concept of “identification,” active discussions thereon need to take place going forward. Secondly, legal controversy exists over the handling of publicly available personal informationinasmuch as views exist on the need to obtain prior consent from data subjects pursuant to Articles 15 and 17 of PIPA. However, the Supreme Court of Korea recently held that consent from data subject was not required for the collection and sharing of publicly available personal information in cases where such collection and sharing is deemed to be consistent with the data subject’s intention and purpose for disclosing his/her personal information(see Supreme Court Decision 2014Da235080 Decided August 17, 2016), thereby paving the way for achieving balance and harmony between the need for utilization of personal information and protection of the rights of data subjects. Thirdly, inasmuch as conflicts and discrepancies are persistent regarding statutory interpretation of Data Protection Laws, it is necessary to effectively harmonize the relevant laws and regulations as in the case of Europe and Japan. Fourth, even though the consent requirements under the Data Protection Laws were intended to protect the data subject’s right of self-determination of his/her personal information, such requirement is causing a paradoxical effect, i.e., data subjects are being deprived the opportunity to exercise de facto the right of informational self-determination. Nevertheless, the said Acts remain focused on strictly enforcing the consent requirement at the expense of providing actual protection to data subjects and in the process, is impeding the effective utilization of personal information. As such, it is necessary to move beyond this excessive focus on the consent requirement and the legal formalities related thereto. Fifth, Korea is unparalleled in its level of punishing violations related to personal information protection by establishing penal provisions under the PIPA. As such, data handlers are forced to rely on overly conservative practices when managing personal information. Even more concerning, such penal provisions appear to be disproportionate in many cases to the violative acts it seek to prevent. Therefore, it is necessary to consider minimizing criminal...

개인정보 보호와 개인영향평가제도

이종구(Lee, Jong-Koo) 충북대학교 법학연구소 2012 法學硏究 Vol.23 No.2

Since e-government maturing of privacy and personal information is emerging a key issues among others. The personal information protection act established in March, 2011 in Korea. But the personal information protection act have many problems. First, it must promote the efficiency of the law. Second, it must improve the organization personal information protection. Third, it must harmonies another acts on the personal information protection. Fourth, it must well perform the personal information impact Assessment. The legislation of the Personal Information Protection Act(hereinafter 'PIPA') streamlined various Acts related personal information, and made the privacy right for the information subject reinforce. Albeit better than before, there are some articles to provide reasonable adjustment to make them clear what is to be achieved firstly, the correction of legal terminologies and legal sentences for getting the legislative purposes of this PIPA, secondly, the harmonization between the PIPA and the other related Acts, based on PIPA which is the center for the protection of personal information, thirdly, the legislative consideration of the emerging 'right to be forgotten'. The personal information protection act will promote the level of personal information protection. And the establishment of personal information protection committee enables institution and policy changes differently from the personal information protection and promote the efficiency of the law the collection and use of personal information.

개인정보보호를 위한 비교법적 연구

고기복 유럽헌법학회 2019 유럽헌법연구 Vol.0 No.31

As the Personal Information Protection Act passed the National Assembly in 2011, a personal information protection legislation was established that unites the public and private sectors. Although the legislative environment for personal information protection was systemized by the implementation of the Personal Information Protection Act, the Personal Information Protection Act changed once again with the bursting of personal information leakage of the three card companies. The revision of the Personal Information Protection Act prohibits the collection of sensitive personal information, such as social security numbers, in the private sector. Nevertheless, personal information leakage incidents continue to occur. In Korea, the Personal Information Protection Act is the basic law for the protection of personal information, but various laws deal with personal information, so a unified and systematic legal system should be established. The modern information society is moving toward the intelligent information society with the development of artificial intelligence. In the intelligent information society, the protection of personal information is becoming more important due to the wide use of data. The European Union has already enacted and implemented the Privacy Guidelines in 1995 with the growing importance of privacy. In 2002, the Personal Information Protection Guidelines were prepared in the area of electronic communication. Since then, privacy has been upgraded to basic rights through the European Charter of Human Rights. The European Union has implemented a GDPR that has been further embodied since 2018 and strengthened the rights of data subjects. GDPR strengthens the rights of information subjects in line with the intelligent information society, and improves efficiency through more flexible responses in the use of personal information. On the contrary, Korea's privacy protection legislation is implemented not by a single law but by plural laws, which makes it difficult to respond quickly and uniformly to personal information infringement. Therefore, a unified legal system must be established for the protection of personal information. In order to improve the system of oversight of the protection of personal information, the Commission must first become a fully independent institution and authorize equivalent international standards. The Privacy Commissioner shall establish a legal status as a central authority for the protection of personal information. In addition, the authority to supervise, investigate, and execute the supervisory authority should be granted. In addition, the rights of information subjects should be expanded to meet the new intelligent information society, and regulations should be established to specify the right to move personal information and the right for automated decision-making, and to specify the conditions of foreign relocation. In addition, through the introduction of pseudonym processing system, overall improvement is needed, such as activating the use of personal information. As the European Union implements GDPR for personal information protection in the new era of intelligent information, legislation is needed to protect personal information. The European Union has upgraded the right to privacy to basic rights through the Charter of Basic Rights. Accordingly, various measures for the protection of personal information were prospectively included in GDPR. The Personal Information Protection Act should also be improved and maintained in accordance with the intelligent information age. 유럽연합은 2018년부터 한층 구체화되고 정보주체의 권리가 강화된 GDPR을 시행하고 있다. GDPR은 지능정보사회에 걸맞게 정보주체의 권리를 강화하면서 개인정보의 활용에 있어서 보다 탄력적 대응을 통하여 효율성을 제고하고 있다. 이에 반하여 한국은 개인정보보호법제가 단일법 형태가 아니라 복수법으로 분야별로 시행되고 있어서 개인정보침해에 대하여 신속하고 통일적인 대응하기 어려운 문제를 갖고 있다. 그래서 개인정보보호를 위한 통일된 법체계를 갖추어야 한다.

유럽연합의 개인정보보호 집행체계에 관한 연구

김일환(Kim, Ilhwan),홍석한(Hong, SeokHan) 성균관대학교 법학연구소 2012 성균관법학 Vol.24 No.4

Data protection was addressed through legislation adopted by the EU as early as October 1995, when the EU adopted Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The basic principles of the right, freedom, and privacy of an individual included in the Directive were based on the contents of the 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data aimed at protecting individuals in automatically processing personal information. The Directive is designed to protect the basic rights and freedoms of the public in each EU Member State, to safeguard their privacy right associated with personal information, and to promote free distribution of personal information among the EU nations. The Directive is commonly applied to both the public and the private sector. The Directive pushes ahead with a powerful personal information protection policy. The Directive requires EU Member States to enact their own legislation implementing its terms. The EU Directive is aimed at protecting the basic rights and freedom of an individual and bis or her right to privacy in relation to the treatment of personal information. The EU plays a leading role in adopting personal information protection laws in the world, as is c1early exhibited in its personal information protection provisions discussed above. Not only has the EU been concemed with protecting data within EU Member States, but also the risks posed by the transmission of personal information to third countries. The European Union is showing the recent movement for the amendment of the legal system of personal information protection. If this new regulation for personal information takes effect, there is going to be a lot of changes in the European enforcement system for the protection of personal information.

개인정보 보호와 다른 헌법적 가치의 조화

황성기 서울대학교 법학연구소 2012 경제규제와 법 Vol.5 No.2

Concerning personal information protection, in the past, the direction of the policy and practices in market have focused on the utilization of personal information. However recently, with the enforcement of the Personal Information Protection Act in Korea, the trend of the protection of personal information from the EU is emerging. Especially the concept of a right to be forgotten made in the EU is a representative symbol which shows this direction of the protection of personal information. However, in Korean constitutional jurisprudence, a right to be forgotten is not a new one. Because, in the context of its content, a right to self-determination on personal information in Korean constitutional jurisprudence can already include a right to be forgotten. So the substantial meaning of a right to be forgotten is being understood that a right to be forgotten is a kind of rhetoric which can be a motivative chance to transfer from the policy of the utilization of personal information to the policy of the protection of personal information. Therefore, to ensure the practical meaning of a right to be forgotten, it is important to maintain a harmony between the utilization of personal information and the protection of personal information. Based on this stance, this purpose of this study aims to present a direction and abstract standard to make a harmony between personal information protection and the other constitutional values. In this study, to present a direction and abstract standard to make a harmony between personal information protection and the other constitutional values, the following factors was considered. First, consideration of discrimination or differentiation in kinds of personal information, for example, sensitive information, personally identified information, personally identifiable information, etc. is necessary. Second, consideration of discrimination or differentiation in kinds of other constitutional values, for example, freedom of expression, right to know, freedom of business, which conflict with personal information protection, is necessary. Based on the two factors, this study has proposed a direction and abstract standard to make a harmony between personal information protection and the other constitutional values. Concerning personal information protection, in the past, the direction of the policy and practices in market have focused on the utilization of personal information. However recently, with the enforcement of the Personal Information Protection Act in Korea, the trend of the protection of personal information from the EU is emerging. Especially the concept of a right to be forgotten made in the EU is a representative symbol which shows this direction of the protection of personal information. However, in Korean constitutional jurisprudence, a right to be forgotten is not a new one. Because, in the context of its content, a right to self-determination on personal information in Korean constitutional jurisprudence can already include a right to be forgotten. So the substantial meaning of a right to be forgotten is being understood that a right to be forgotten is a kind of rhetoric which can be a motivative chance to transfer from the policy of the utilization of personal information to the policy of the protection of personal information. Therefore, to ensure the practical meaning of a right to be forgotten, it is important to maintain a harmony between the utilization of personal information and the protection of personal information. Based on this stance, this purpose of this study aims to present a direction and abstract standard to make a harmony between personal information protection and the other constitutional values. In this study, to present a direction and abstract standard to make a harmony between personal information protection and the other constitutional values, the following factors was considered. First, consideration of discrimination or differentiation in kinds of personal information, for example, sensitive information, personally identified information, personally identifiable information, etc. is necessary. Second, consideration of discrimination or differentiation in kinds of other constitutional values, for example, freedom of expression, right to know, freedom of business, which conflict with personal information protection, is necessary. Based on the two factors, this study has proposed a direction and abstract standard to make a harmony between personal information protection and the other constitutional values.

중국의 개인정보보호에 관한 연구

강수연 서울대학교 기술과법센터 2022 Law & technology Vol.18 No.1

China’s Personal Information Protection Act was passed on August 20, 2021, and came into force on November 1, 2021. Prior to this, personal information has been protected by separate laws such as the Consumer Rights Protection Act and the Network Safety Act. With increasing attention to protection of personal information, comprehensive regulations related to personal information protection were introduced in the Civil Code which came into effect in 2021. Although the work of law making is ongoing, the debates about the legal nature of personal information right is still sharp. Though there have been many regulations stipulates the protection of personal information generally, the personal information right has been treated in a similar way to the right of privacy in practice. Only recently have the meaning of the personal information right and the right of privacy begun to be distinguished. In addition, the disputes related to ‘informed consent’ to collection and use of personal information have been also raised. Concerns about the infringement of personal information have significantly increased with more frequent use of personal information in the era of big data. To address the issued newly raised in the era of big data, the Personal Information Protection Act stipulates the protection of personal information in a comprehensive way, which not only protects personal information at the civil level, but also stipulates the duties of the public authorities to protect the personal information. To be specific, the Personal Information Protection Act more clearly stipulates personal information processing rules and clarifies the rights of the subject of the personal information, the duties of processor of the personal information, and the responsibilities of government ministries in charge of personal information protection. This study examines the legislation evolution and legal disputes related to personal information protection in China and analyzes the newly enacted Personal Information Protection Act of China.