빅데이터 환경에서 프라이버시권 개념의 재정식화

변용완,장재옥 아주대학교 법학연구소 2022 아주법학 Vol.16 No.3

In today's information technology era, even if there is no individual confidentiality in itself, if it is comprehensively collected and processed, the individual's life and personality are in a position to be revealed without hiding. The current situation is that personal information or personal data in the information age can be searched and used at any time, increasing the risk of infringing on an individual's personality or privacy. In particular, there have been many studies in the fields of philosophy, ethics, and law on the value of privacy and social functions. In other words, there are personal values such as building and maintaining various human relationships, realizing social freedom, securing superiority in strategic behavior or competition with others, and easing tensions, while considering social values such as realizing individual autonomy, balance of power relations with organizations such as governments and companies, etc. are becoming serious. In particular, when big data including personal information is used for the purpose of realizing social benefits, there is a problem of conflict or balance between the principle of personal information or privacy protection and free use of information. In this paper, I examined the development process of constitutional privacy rights in the United States, which can be considered the starting point of privacy, and the domestic discussion process. In the United States, the existing privacy type has a limitation in that it cannot grasp new privacy violations caused by the development and distribution of information technology, and in Korea, privacy rights are understood as a kind of personal rights, so it can be seen that they are unclear. Based on this awareness of the problem, the theory of Solove and Nissenbaum was examined as a major study of the pragmatic approach to privacy in big data. Solove presented the approximate types of situations such as information collection, processing, diffusion, and intrusion from the perspective of the information subject, and further subdivided each situation type to extract 16 types of harmful activities. Identifying the problem of privacy infringement according to the above type and classification system can prevent the phenomenon that privacy with conceptually abstract and ambiguous characteristics is exaggerated and recognized. Furthermore, according to Solov's classification system, various cultural perceptions of privacy can be reflected depending on the detailed types of harmful or problematic acts belonging to privacy violations. Nissenbaum grasped privacy by context. Context refers to a structured social situation characterized by typical activities, roles, relationships, power structures, rules, and internal values (goals or purposes), and using this basic framework, Nissenbaum can predict the possibility of privacy invasion when new information services, science, and business are introduced. Solove and Nissenbaum's practical approach is meaningful in that it specifically illuminates the abstract problem of privacy from various angles and provides specific measures suitable for the purpose of privacy protection. In particular, Nissenbaum's proposition, "Privacy is the proper flow of information," is meaningful as a starting point for alternatives to improve the limitations of the concept of privacy in big data era.

AI Ethics and Privacy Right

Yi Li,박균열 J-INSTITUTE 2020 Robotics & AI Ethics Vol.5 No.2

Purpose: The Purpose of this paper is to ensuring AI ethics in view of the privacy rights. With the development of science and technology, artificial intelligence robots have become a part of human life. It can not only help people to complete tedious work, but also improve human work efficiency. In order to provide better services to humans, AI needs to collect and analyze human information. This paper focuses on this point and tried to show the rights and duty of the privacy manager as an AI ethics. Method: This research reviews from the definition of the privacy right. And focusing on the critical development of privacy right. This paper focuses on the privacy problems and reasons for AI in this point, especially AI robots. This paper analyzes the current AI privacy issues and their causes through domestic robots, available robots, and AI wisdom networks. With this, this paper tries to explain the protection of human privacy through two parts as protection regulations and improved algorithms. Results: Relying on individuals or groups to achieve privacy protection is difficult and requires strong laws and regulations to restrict it. Privacy protection technology mainly uses data bundling, distributed computing, edge computing, machine learning, and other technologies to protect data security. Protecting privacy requires strong science and technology and a sound legal system, And it also requires the government to establish functional departments to supervise producers, operators, and users. Conclusion: All the final result is to make AI coexist with humans in the same society. The emergence of artificial intelligence robots has brought convenient services to humans, and at the same time, threatened human privacy. Whether it is a service robot or an AI smart network, they obtain users' private information all the time. In order to ensure privacy, developed countries in the AI field have successively promulgated AI regulation or AI ethics to protect privacy. Together with this, some researchers have improved algorithms to protect users' privacy.

온라인 사용자의 프라이버시 보호행동에 대한 연구

김종기(Jongki Kim),김상희(Sanghee Kim) 한국인터넷전자상거래학회 2013 인터넷전자상거래연구 Vol.13 No.1

This study clarifies the relationships among privacy concern/privacy protection importance and actual privacy protection behavior of online users based on privacy paradox perspective. According to numerous studies on privacy, actual privacy protection behavior is greater when an online user has a greater privacy concern or a higher attitude of privacy protection. However, this study shows that these relationships are not positive as there exists privacy paradox. According to the result of the empirical analysis, the antecedents of privacy concern and protection importance have statistically significant explanatory power except the relation between privacy experience and protection importance. Privacy concern and privacy protection importance don’t have a significant effect on the actual behavior to protect privacy. This shows the existence of privacy paradox.

개인정보 처리방침(Privacy Policy) 공개에 관한 주요 4개국 법제 비교분석

정태철,권헌영 한국IT서비스학회 2023 한국IT서비스학회지 Vol.22 No.6

This study compares and analyzes the legal systems of Korea, the European Union, China, and the United States based on the disclosure principles and processing policies for personal data processing and provides references for seeking improvements in our legal system. Furthermore, this research aims to suggest institutional implications to overcome data transfer limitations in the upcoming digital economy. Findings on a comparative analysis of the relevant legal systems for disclosing privacy policies in four countries showed that Korea's privacy policy is under the eight principles of privacy proposed by the OECD. However, there are limitations in the current situation where personal information is increasingly transferred overseas due to direct international trade e-commerce. On the other hand, the European Union enacted the General Data Protection Regulation (GDPR) in 2016 and emphasized the transfer of personal information under the Privacy Policy. China also showed differences in the inclusion of required items in its privacy policy based on its values and principles regarding transferring personal information and handling sensitive information. The U.S. CPRA amended §1798.135 of the CCPA to add a section on the processing of sensitive information, requiring companies to disclose how they limit the use of sensitive information and limit the use of such data, thereby strengthening the protection of data providers' rights to sensitive information. Thus, we should review our privacy policies to specify detailed standards for the privacy policy items required by data providers in the era of digital economy and digital commerce. In addition, privacy-related organizations and stakeholders should analyze the legal systems and items related to the principles of personal data disclosure and privacy policies in major countries so that personal data providers can be more conveniently and accurately informed about processing their personal information.

프라이버시 보호의 정당성, 범위, 방법

권영준 사법발전재단 2017 사법 Vol.1 No.41

We live in a highly information-based society. In such a society, privacy concerns are more seriously raised since information belonging to individual sphere is also collected, stored, and utilized in large quantities. Accordingly, the need for privacy protection is enhanced. However, the level of privacy protection cannot be elevated limitlessly. Without utilization of such information, one should give up convenience and efficiency arising from such utilization to a considerable extent. Such duplicity creates new and complicated privacy issues that were unknown before. In the face of such issues, one might need to step back and contemplate the fundamental issues of privacy protection. After identifying the common conceptual elements of privacy and reviewing the history of privacy and its relationship with other adjacent rights, such as personal information right, this article addresses three fundamental issues pertaining to privacy protection as follows. First, why do we protect privacy? The work of inquiring into the justification of privacy protection has a profound impact on privacy protection. The outcome of such work determines the intensity and the direction of privacy protection. This article offers an account on justification for privacy protection from three perspectives: autonomy, diversity, and reconciliation. Second, to what extent do we protect privacy? Even when privacy protection is justified, the issue on the scope of protection still remains. It is where most controversy arises. This article addresses two legal theoretical tools – area theory (Sphärentheorie) and balancing of interests theory – in order to add clarity to this issue. Further, this article also offers an analysis on the theoretical implications and practical limits of “consent” that influences privacy protection in the modern era. Third, how do we protect privacy? Discourse on the justification and the scope of privacy protection can become practical only by addressing specific methodologies of privacy protection. This article classifies such methodologies into judicial and technological protection, and emphasizes the normative significance of technological protection, including privacy by design, privacy enhancing technology, and de-identification The legal framework on privacy protection is still shrouded in mist. In order to eliminate the mist while responding to the fast-changing environment, continuing efforts for introspection and reestablishment of privacy protection theory in the modern context are required. A normative system needs to be put in place to offer a regulatory framework capable of synthesizing complex issues of privacy straddling diverse areas, while striking an optimal balance by being modestly abstract (not quite as abstract as the Constitution), but sufficiently concrete (not quite as fragmented as the various Special Acts), so that it possesses both flexibility and specificity. Further discussion in this regard is required and expected. 현대 사회는 고도의 정보 기반 사회이다. 고도의 정보 기반 사회에서는 프라이버시 침해에 대한 우려도 높아진다. 이러한 사회에서는 개인의 사적 영역에 속한 정보도 대량으로 수집, 축적, 활용되기 때문이다. 그만큼 프라이버시 보호의 필요성도 높아진다. 그런데 프라이버시 보호 수위를 마냥 올릴 수만은 없다. 이러한 정보의 도움 없이는 지금 누리는 삶의 편리함을 상당 부분 포기해야 하기 때문이다. 이러한 이중성은 종래 우리가 알지 못했던 새롭고 복잡한 프라이버시 문제를 양산한다. 새롭고 복잡한 문제에 대한 해결은 그 전선(戰線)에서 즉각적으로 이루어질 수도 있으나, 한 걸음 물러나 문제의 근본을 돌아봄으로써 촉진될 수도 있다. 프라이버시 보호 문제도 예외가 아니다. 필자는 이 글에서 프라이버시의 어원과 프라이버시의 역사를 토대로 프라이버시의 공통 개념 요소를 도출하고, 프라이버시권과 다른 인접 권리(예컨대 개인정보 자기결정권)의 관계를 살펴본 뒤 프라이버시 보호 문제의 ‘근본’이라고 일컬을 만한 다음 세 가지 사항을 다루었다. 첫째, 프라이버시를 왜 보호하는가? (프라이버시 보호의 정당성) 프라이버시 보호의 정당성을 규명하는 작업은 프라이버시 보호론 전체에 심대한 영향을 미친다. 프라이버시 보호 정당성의 근거가 무엇인지에 따라 프라이버시 보호의 방향성이 결정된다. 필자는 프라이버시 보호가 정당한 이유를 자유, 다양성, 완충성이라는 세 가지 관점에서 설명하였다. 둘째, 프라이버시를 어디까지 보호하는가? (프라이버시 보호의 범위) 프라이버시 보호의 정당성이 인정되더라도 그 보호가 무제한 확장될 수는 없다. 따라서 프라이버시 보호 범위를 탐구하여야 한다. 이는 프라이버시 보호론의 핵심이다. 필자는 프라이버시 보호 범위를 확정하는 데에 사용되는 이론인 영역론과 이익형량론을 분석함으로써 보호 범위를 확정하는 작업에 좀 더 명확한 가이드라인을 제공하는 한편, 프라이버시 보호 여부에 큰 영향을 주는 정보주체의 동의 문제가 가지는 이론적 함의와 실천적 한계를 고찰하였다. 셋째, 프라이버시를 어떻게 보호하는가? (프라이버시 보호의 방법) 프라이버시 보호의 정당성과 보호 범위 확정에 대한 논의도 프라이버시 보호 방법에 대한 논의와 활용을 통하여 비로소 실천적인 의미를 가지게 된다. 필자는 프라이버시의 법적 보호와 기술적 보호로 나누어 설명하되, 특히 프라이버시 중심 설계나 프라이버시 증강 기술, 비식별화 등 기술적 보호가 가지는 법적 함의를 강조하였다. 여러 차원과 국면에 복잡다기하게 얽힌 쟁점들 속에서 프라이버시 보호론은 여전히 안개에 쌓여 있다. 이러한 안개를 걷어내면서 동시에 급변하는 환경에 대응하기 위해서는 프라이버시 보호론의 지속적인 자기성찰과 재정립이 필요하다. 지나치게 추상적이거나(헌법), 지나치게 파편적인(각종 특별법) 법제의 중간 지대에서, 여러 분야에 걸친 프라이버시의 복잡한 쟁점들을 가지런하게 모아 규율하는 틀을 제공할 규범 체계가 요구된다. 프라이버시에 대한 앞으로의 공동 논의가 더욱 요구되고 기대되는 이유이다.

The role of privacy policy on consumers’ perceived privacy

Chang, Younghoon,Wong, Siew Fan,Libaque-Saenz, Christian Fernando,Lee, Hwansoo JAI Press 2018 Government information quarterly Vol.35 No.3

<P><B>Abstract</B></P> <P>With today's big data and analytics capability, access to consumer data provides competitive advantage. Analysis of consumers' transactional data helps organizations to understand customer behaviors and preferences. However, prior to capitalizing on the data, organizations ought to have effective plans for addressing consumers' privacy concerns because violation of consumer privacy brings long-term reputational damage. This paper proposes and tests a Privacy Boundary Management Model, explaining how consumers formulate and manage their privacy boundary. It also analyzes the effect of the five dimensions of privacy policy (Fair Information Practices) on privacy boundary formation to assess how customers link these dimensions to the effectiveness of privacy policy. Survey data was collected from 363 customers who have used online banking websites for a minimum of six months. Partial Least Square results showed that the validated research model accounts for high variance in perceived privacy. Four elements of the Fair Information Practice Principles (access, notice, security, and enforcement) have significant impact on perceived effectiveness of privacy policy. Perceived effectiveness in turn significantly influences perceived privacy control and perceived privacy risk. Perceived privacy control significantly influences trust and perceived privacy. Perceived privacy concern and trust also significantly influence perceived privacy.</P> <P><B>Highlights</B></P> <P> <UL> <LI> We test a Privacy Boundary Management Model and perceived effectiveness of FIPPs. </LI> <LI> Access, notice, security, and enforcement affect the effectiveness of privacy policy. </LI> <LI> Perceived effectiveness significantly influences privacy control and privacy risk. </LI> <LI> Privacy control, privacy concern, and trust significantly influence perceived privacy. </LI> <LI> The results have important implications for policy makers and financial institutes. </LI> </UL> </P>

소비자의 정보 프라이버시 염려와 보호행동: 개인적 요인의 영향을 중심으로

하리다,이환수 한국진로·창업경영학회 2023 한국진로창업경영학회지 Vol.7 No.4

With the emphasis on balancing the use of personal information with privacy protection, there has been a lot of academic discussion on the factors that influence privacy concerns and the consequences of those concerns. However, there are relatively few studies that examine the impact of various individual factors of customer on privacy concerns and behaviors from the perspective of consumers, who are the subjects of personal information. Furthermore, the role of privacy knowledge level has not been sufficiently discussed. Therefore, this study aims to examine the relationship between information privacy concerns and protective behavior based on the APCO model and the theory of motivation to protect. To this end, we examined differences in information privacy concerns and privacy protection behaviors according to personal factors such as gender, age, legal knowledge of privacy laws, education, and income, and tested whether there is a moderating effect between concerns and protection behaviors. The results showed that information privacy concerns were higher among women and those with high legal knowledge, and privacy protection behaviors were higher among those with low age, high legal knowledge, high education, and high income. We also found that legal knowledge had a moderating effect that strengthened the relationship between concerns and protection behaviors. In other words, research results shows that the interaction between personal factors plays an important role in consumers' privacy-protective behavior. This study contributes to the understanding of existing findings on the impact of personal factors on privacy concerns and protective behaviors and extends existing theories. 소비자의 개인정보 활용과 프라이버시 보호 간 조화가 강조됨에 따라 정보프라이버시 염려에 미치는 영향 요인과 염려의 결과에 대한 많은 학술적 논의가 이루어져 왔다. 그러나 개인정보의 주체인 소비자 관점에서 여러 개인적 요인이 정보프라이버시 염려와 행동에 미치는 영향을 살펴본 연구는 상대적으로 부족한 실정이다. 더욱이 정보프라이버시 관련 지식 수준이 어떠한 역할을 하는지도 충분한 논의가 이루어지지 못하였다. 이에 본 연구에서는 APCO 모델과 보호동기이론을 바탕으로 정보프라이버시 염려와 보호행동 간의 관계를 보다 구체적으로 살펴본다. 이를 위해 성별, 연령, 개인정보보호법에 대한 법지식, 학력, 소득 등 개인적 요인에 따른 정보프라이버시 염려 수준의 차이와 정보프라이버시 보호행동 수준의 차이를 살펴보고, 염려 수준과 보호행동 사이에서 조절효과 여부를 검증하였다. 연구결과에 따르면 정보프라이버시 염려는 여성과 법지식이 높은 사람이 높고, 프라이버시 보호행동은 저연령, 높은 법지식, 고학력, 고소득인 경우 높게 나타났다. 또한 법지식이 염려 수준과 보호 행동의 관계를 강화하는 조절효과를 가지는 것을 확인하였다. 즉, 분석 결과는 소비자들의 프라이버시 보호행동에 개인적 요인들 간의 상호작용이 중요한 역할을 한다는 것을 시사한다. 본 연구는 개인적 요인들이 프라이버시 염려와 보호행동의 미치는 기존 연구 결과들을 이해하고 기존 이론을 확장하는 데 기여할 것이다.

미국의 개인정보보호 관련 법·정책의 변화와 시사점

권현호 경북대학교 IT와 법연구소 2014 IT와 법 연구 Vol.0 No.9

In 2014, Korea has experienced unprecedented on-line data breach by three major credit card companies that involved at roughly around hundred milion credit card users privacy information. Demand for enhanced security of privacy has suddenly skyrocketed in Korea, but due to the lax and ambiguous regulations that are in effect, many believe that the privacy fiasco might continue to erupt in Korea for sometime. While Korea is one of the countries that has government-led policies for ICT sectors, and accordingly, the government being the primary organ for privacy governance and management, the U.S.takes a quite different approach regarding on-line privacy. Main difference of the U.S. legal institution concerning the on-line privacy is that the U.S. government assumes mininum role in promulgating privacy norms, and supplements the diminished governments role by encouraging divergent stakeholders to a roundtable for self-regulations. Such a difference between the two systems can be summarized as Korea maintaining a standard guideline system, whereas the U.S. operates on a minimum standard system. Each of the two has their advantages and disadvantages in maintaining and governing the privacy issues, and therefore the paper shall examine the salient features of the U.S. legal framework as well as its recent policy development efforts. While the U.S. legal framework appears to be incompatible with that of Korean institutions, U.S. self-regulation agreement regarding privacy issues by the multistakeholders clearly exhibit some merits that is worth reviewing. Adopting the U.S. self-regulation approach on an experimental basis for a limited scope of privacy issues in Korea could possibly provide incentives for enterprises collecting and maintaining consumers privacy information and offer flexible control power to Korean government as well as a solutions to criticisms that strict regulation de-motivates further development in the ICT sector.

Online Users’ Cynical Attitudes Towards Privacy Protection : Examining Privacy Cynicism

Hanbyul Choi,Yoonhyuk Jung 한국경영정보학회 2019 한국경영정보학회 학술대회논문집 Vol.2019 No.11

This study aims to examine a role of privacy cynicism in online users’ privacy behaviors. As the complexity of managing online personal information is increasing and data breach incidents frequently occur, online users feel a loss of control over their privacy. Such a situation leads to their cynical attitudes towards privacy protection, called privacy cynicism. In this study, we assume that privacy cynicism is related to a prevailing phenomenon that online users are inclined to be negligent in making efforts to protect their online privacy, despite the perception of privacy threats. Data were gathered from a survey that 281 people participated in and were analyzed with covariance-based structural equation modeling. Findings reveal that privacy cynicism has not only a direct influence on disclosure intention but also moderates an effect of privacy concerns on the intention. Analytical results also revealed a nonlinear effect of privacy cynicism on the outcome variable. This study contributes to online privacy research by developing the concept of privacy cynicism and its significant role in online privacy behaviors.

The role of privacy fatigue in online privacy behavior

Choi, Hanbyul,Park, Jonghwa,Jung, Yoonhyuk Pergamon 2018 Computers in human behavior Vol.81 No.-

<P><B>Abstract</B></P> <P>The increasing difficulty in managing one's online personal data leads to individuals feeling a loss of control. Additionally, repeated consumer data breaches have given people a sense of futility, ultimately making them weary of having to think about online privacy. This phenomenon is called “privacy fatigue.” Although privacy fatigue is prevalent and has been discussed by scholars, there is little empirical research on the phenomenon. This study aimed not only to conceptualize privacy fatigue but also to examine its role in online privacy behavior. Based on literature on burnout, we developed measurement items for privacy fatigue, which has two key dimensions —emotional exhaustion and cynicism. Data analyzed from a survey of 324 Internet users showed that privacy fatigue has a stronger impact on privacy behavior than privacy concerns do, although the latter is widely regarded as the dominant factor in explaining online privacy behavior.</P> <P><B>Highlights</B></P> <P> <UL> <LI> Privacy fatigue is a multi-dimensional concept including exhaustion and cynicism. </LI> <LI> There is a significant effect of privacy fatigue on privacy coping behaviors. </LI> <LI> Privacy fatigue has a stronger impact disengagement behavior than privacy concern. </LI> </UL> </P>