Bigdata Anonymization Using One Dimensional and Multidimensional Map Reduce Framework on Cloud

Shalin Eliabeth S,Sarju S 보안공학연구지원센터 2015 International Journal of Database Theory and Appli Vol.8 No.6

Data privacy preservation is one of the most disturbed issues on the current industry. Data privacy issues need to be addressed urgently before data sets are shared on cloud. Data anonymization refers to as hiding complex data for owners of data records. In this paper investigate the problem of big data anonymization for privacy preservation from the perspectives of scalability and time factor etc. At present, the scale of data in many cloud applications increases tremendously in accordance with the big data trend. Here propose a scalable Two Phase Top-Down Specialization (TPTDS) approach to anonymize large-scale data sets using the MapReduce framework on cloud. For the data anonymization-45,222 records of adults information with 15 attribute values was taken as the input big data. With the help of multidimensional anonymization on map reducing framework, here implemented the proposed Two-Phase Top-Down Specialization anonymization algorithm on hadoop will increases the efficiency of the big data processing system. In both phases of the approach, deliberately design multidientional MapReduce jobs to concretely accomplish the specialization computation in a highly scalable way. Data sets are generalized in a top-down manner and the better result was shown in multidmientional MapReduce framework by compairing the onedimentional MapReduce framework anonymization job. The anonymization was performed with specialization operation on the taxonomy tree. The experiment demonstrates that the solutions can significantly improve the scalability and efficiency of big data privacy preservation compared to existing approaches. This work has great applications to both public and private sectors that share information to the society.

생명윤리법상 익명화의 개선 방안에 관한 연구

이서형 한국생명윤리학회 2019 생명윤리 Vol.20 No.2

정보통신 기술이 발달하면서 대량의 정보 처리가 가능하게 되었다. 이에 따라 생명윤리법상 인간대상연구, 인체유래물연구 등을 수행함에 있어서도 연구대상자나 인체유래물 기증자 등으로부터 구체적인 동의를 획득하지 않고 이들의 개인정보를 대량으로 수집, 익명화하여 이용하고자 하는 요구가 높아졌다. 이와 같이 연구대상자 등의 구체적인 동의 없이 이들의 개인정보를 이용하기 위해서는, 적어도 동법에 따른 익명화가 개인정보를 충분히 보호할 수 있는 처리에 해당한다는 점을 신뢰할 수 있어야 한다. 이 글은 미국과 EU의 관련 규정에서 제시하는 개인정보 및 개인정보를 처리하는 개념과, 그 구체적인 기준 등을 살펴보면서, 이에 비추어 볼 때 과연 생명윤리법상 익명화가 연구대상자 등의 개인정보를 충분하게 보호할 수 있는 처리에 해당하는지 여부를 검토하고자 하였다. 생명윤리법은 “개인에 관한 정보”를 개인정보로서 폭넓게 보호하는데, 이와는 별도로 식별 가능성을 기준으로 개인식별정보를 정의하고 이를 처리하는 개념으로 익명화를 제시한다. 다만 동법은 개인식별정보에서 식별 가능성의 기준이나, 익명화의 구체적인 기준 및 처리 방법 등에 대해 제시하지 않는다. 미국과 EU의 관련 규정을 살펴볼 때, 생명윤리법상 익명화가 개인정보를 보호할 수 있는 처리에 해당하기 위해서는 최소한 익명화의 처리 대상인 개인식별정보의 정의, 즉 직·간접적인 식별 가능성의 기준을 보다 명확하게 제시하는 것이 필요하다. 그리고 기술의 발달에 따라 식별 가능성의 위험이 높아지기 때문에, 이러한 변화가 개인정보 보호에 미치는 영향과 그에 따라 식별 가능성의 기준을 변경해야 할 필요성에 대해 지속적으로 평가하고, 나아가 그 결과를 생명윤리법상 개인식별정보와 익명화 개념에 지속적으로 반영하려는 노력이 수반되어야 한다. 무엇보다 이에 따라 변화한 개인식별정보 및 익명화 개념에 대해서는, 그 변화의 필요성과 구체적인 내용, 기준과 방법 등을 공중에 공개함으로써 개인들로 하여금 자신들에 관한 정보가 어떠한 기준과 절차에 따라 처리되는지 알도록 하고, 이와 같은 처리에 따를 때 자신들에 관한 정보가 충분하게 보호될 수 있는지, 그렇지 않다면 개인정보를 보호하는 체계는 어떻게 구성해야 하는지에 대해 숙고하도록 하면서, 궁극적으로는 이를 통해 개인들이 그 체계를 구축하는 데 능동적으로 참여할 수 있도록 할 것이 요구된다. With the development of information and communications technology, a large amount of information can be easily processed. Accordingly, there has been a growing demand for collecting, anonymizing, and using the personal information of research subjects or donors without obtaining their specific consent while conducting research on human beings or human-derived materials under Bioethics Law. If personal information is being used without the specific consent of the research subject, it should be guaranteed that anonymization under the same law would constitute sufficient protection of personal information. By delving into the concept of personal information, its processing, and the specific criteria presented in the relevant regulations of the United States and the EU, this paper examines whether anonymization under Bioethics Law constitutes sufficient protection of personal information of the subject. Bioethics Law provides extensive protection of the “information relating to individuals” as personal information, separately defining personally identifiable information based on its identifiability and presenting anonymization as a concept that processes it. However, the same law does not provide criteria for identifiability in personally identifiable information, or specific criteria or method for anonymization. In the background of the relevant provisions of the United States and the EU, it is necessary to at least present a more clear definition of personally identifiable information that is subject to anonymization, that is, standards of direct and indirect identifiability, in order for anonymization to constitute a method that can protect personal information under Bioethics Law. In addition, because the risk for identifiability increases with the development of technology, it should be accompanied by an ongoing assessment of the impact of these changes on privacy and the need to change the criteria for identifiability accordingly, as well as efforts to reflect the results in the concepts of personally identifiable information and anonymization under Bioethics Law. Most importantly, in terms of the concept of personally identifiable information and anonymization that has changed accordingly, it is necessary that, by disclosing to the public the need, specific contents, standards and methods of the change, individuals are aware of the standards and procedures by which their personal information is processed, whether it can be adequately protected when processed in this manner and, if not, how the system of protecting personal information should be built, and ultimately for individuals to actively participate in constructing such a system.

ShareSafe: An Improved Version of SecGraph

( Kaiyu Tang ),( Meng Han ),( Qinchen Gu ),( Anni Zhou ),( Raheem Beyah ),( Shouling Ji ) 한국인터넷정보학회 2019 KSII Transactions on Internet and Information Syst Vol.13 No.11

In this paper, we redesign, implement, and evaluate ShareSafe (Based on SecGraph), an open-source secure graph data sharing/publishing platform. Within ShareSafe, we propose De-anonymization Quantification Module and Recommendation Module. Besides, we model the attackers’ background knowledge and evaluate the relation between graph data privacy and the structure of the graph. To the best of our knowledge, ShareSafe is the first platform that enables users to perform data perturbation, utility evaluation, De-A evaluation, and Privacy Quantification. Leveraging ShareSafe, we conduct a more comprehensive and advanced utility and privacy evaluation. The results demonstrate that (1) The risk of privacy leakage of anonymized graph increases with the attackers’ background knowledge. (2) For a successful de-anonymization attack, the seed mapping, even relatively small, plays a much more important role than the auxiliary graph. (3) The structure of graph has a fundamental and significant effect on the utility and privacy of the graph. (4) There is no optimal anonymization/de-anonymization algorithm. For different environment, the performance of each algorithm varies from each other.

국내 유전자은행 관련 법률 및 운영의 문제점과 개선 방안

이정념,최경석 이화여자대학교 생명의료법연구소 2008 생명윤리정책연구 Vol.2 No.1

A biobank is supposed to play an important role for the development of biomedical science. Bioethics and Safety Act (2005) in Korea regulates a gene bank, the function of which is almost the same as a biobank. This act has some problems related to a gene bank. First, the term 'gene bank' is not appropriate. It has to be replaced by “a biobank” in order to include most of units keeping human materials for studies. Second, a gene bank is legally allowed to directly use its own human material for research within its unit. This kind of use must be prohibited. Third, the government has a power to permit the establishment of a gene bank. But all of gene banks must be registered by notification in order to make them be covered by the act. According to a report of a survey and a site-visit, there are lots of gene banks whose standard operating practice is not fully developed and detailed. Most of gene banks have difficulties in hiring a full-time person for information security due to the financial burden. The government has a policy that human materials for research is distributed for free. One solution of this problem is a mutual exchange among gene banks for mutual benefits with the condition that all banks must be registered. For the improvement of operating a gene bank, we need a regularly-scheduled educational program. Especially, this program should focus on the unique characteristics of the different units We also must give an effort to the clarification of notions related to a gene bank. For example, ‘personal information’ must be distinguished from ‘personal identification information’. The latter is one type of personal information. But the latter is not identical to the former. Especially, there is a confusion of anonymization. We have to distinguish anonymous data from anonymized data. Anonymized date can be divided into data unlinked to personal identification information and data linked to it. In the United Kingdom, even linked anonymized data are also divided into data whose key of code is held within a research team and held by the third party. One may think that researchers can be free from ethical review if they use anonymized human material or data. Anonymized information is not personal information that should be protected by Privacy Rule. But anonymization does not guarantee the exemption of IRB's or Steering committee's review. The fact that a certain information is not PHI(Protected Health Information) is one thing, and the requirement that a protocol must be reviewed by IRB or Steering committee is another.

데이터 가용성을 위해 공개 튜플 허용함을 통한 동적 데이터베이스 환경에서의 익명화 기법 개선

김재훈(Jaehoon Kim),박순복(Soonbok Park) 한국정보기술학회 2010 한국정보기술학회논문지 Vol.8 No.4

Recently, the anonymization technique, which protects personal privacy against distributing large data to the third party, is an attractive research issue. In the technique, it is an important problem to provide high data availability. The public tuples are records in an relational database which have been applied to personal information disclosure. In this paper, we show how the public tuples can be used for the data availability in the existing anonymization techniques. Basically, since the public tuples are agreed to be disclosed, they are distributed as the original data not being anonymized and this provides more accurate query and analysis results for the distributed data. In addition, the public tuples can be used for reducing the information loss in anonymization. In performance analysis, we analyze that using the useful public tuples does not significantly degrade the execution performance of the existing methods.

Data Pseudonymization in a Range That Does Not Affect Data Quality: Correlation with the Degree of Participation of Clinicians

Shin Soo-Yong,Kim Hun-Sung 대한의학회 2021 Journal of Korean medical science Vol.36 No.44

Personal medical information is an essential resource for research; however, there are laws that regulate its use, and it typically has to be pseudonymized or anonymized. When data are anonymized, the quantity and quality of extractable information decrease significantly. From the perspective of a clinical researcher, a method of achieving pseudonymized data without degrading data quality while also preventing data loss is proposed herein. As the level of pseudonymization varies according to the research purpose, the pseudonymization method applied should be carefully chosen. Therefore, the active participation of clinicians is crucial to transform the data according to the research purpose. This can contribute to data security by simply transforming the data through secondary data processing. Case studies demonstrated that, compared with the initial baseline data, there was a clinically significant difference in the number of datapoints added with the participation of a clinician (from 267,979 to 280,127 points, P < 0.001). Thus, depending on the degree of clinician participation, data anonymization may not affect data quality and quantity, and proper data quality management along with data security are emphasized. Although the pseudonymization level and clinical use of data have a trade-off relationship, it is possible to create pseudonymized data while maintaining the data quality required for a given research purpose. Therefore, rather than relying solely on security guidelines, the active participation of clinicians is important.

A Stealthy Attack Against Tor Guard Selection

Quangang Li,Peipeng Liu,Zhiguang Qin 보안공학연구지원센터 2015 International Journal of Security and Its Applicat Vol.9 No.11

Tor is a popular low-latency anonymous communication system which could provide anonymity and anti-censorship. Based on previous researches on de- anonymization of Tor, this paper proposes a novel approach to attack users’ guard selection which can pose great threat against Tor users' anonymity. Under the current design of Tor, once entry guards are compromised, the probability that an attacker observes both ends of a Tor circuit will be highly improved. Actual and simulated experiments both show that an attacker (e.g., a local or national government which have the power to monitor a Tor user’s internet connection) can successfully compromise a specific Tor user’s entry guard in about 30 minutes, and this can further help de-anonymize the user’s anonymous communication.

일본에서의 P2P lending 비즈니스와 법적 규제에 대한 고찰

강영기 ( Kang Young-ki ) 한국상사판례학회 2018 상사판례연구 Vol.31 No.2

일본의 P2P lending에서는 자금제공자인 개인이 대금업등록을 하기는 어렵기 때문에 투자자로부터 자금을 모집하는 회사가 금융상품거래법상의 금융상품거래업의 등록을 하고 자금모집은 익명조합계약(일본상법 제535조)에 따른 출자의 형태를 취하고 있다. 이처럼 익명조합계약을 활용함으로써 투자자(출자자)의 대금업 등록을 회피할 수 있는데, 익명조합의 모집에서는 금융상품거래법상의 규제를 받기에, 익명조합계약 외에도 계약체결전의 교부서면이나 각종 서면의 교부의무가 있지만 인터넷상에서 해결하고 있다. 그리고 자금차입자의 연체가 있거나 대손(貸損)이 발생하는 경우에 투자자가 불법하게 추심행위를 할 가능성이 있기 때문에 감독당국은 사업자에 대해서 융자대상자를 익명화하도록 하고 있는데, 익명성으로 인하여 P2P lending에서는 최종적인 자금차입자의 구체적인 정보를 모른 채 투자자는 P2P lending 사업자를 믿고 투자할 수밖에 없다. 따라서 사업자가 악의를 가지고 익명성을 이용한 경우에 투자자가 보호받기는 어려운데, P2P lending업계가 주목을 받으면서 진입하는 사업자가 늘어나고 있어서 이러한 악덕 사업자의 진입가능성에 대한 대책이 없는 상황에서 익명화에 대한 비판이 있는 것도 사실이다. P2P lending 투자를 하는 경우에도 투자원금의 손실가능성이 있다는 점에서 어느 정도의 투자자보호 장치가 필요하기는 하지만, P2P lending 제도를 도입한 목적과 투자자보호의 관점에 대한 균형적인 시각이 필요하다고 본다. 비록 새로운 투자형태로써 P2P lending이 주목을 받고 있다고는 하지만, 인지도도 아직 충분하지 않은 상황에서 투자자보호를 지나치게 강조하다보면 제도의 활성화와 시장의 확대는 어렵게 될 수 있기 때문이다. P2P lending 투자가 일반적인 금융상품투자와 다른 측면을 고려한다면 통상적인 금융상품에 대한 투자자보호와 동일시하는 시각은 바람직하지 않고, 손실발생가능성에 대한 우려를 불식시키기 위한 필요최소한의 투자자보호 장치만 두면 될 것으로 본다. 물론 투자자가 주로 소액투자자인 개인이지만 투자상품에 해당하므로 적절한 투자자교육을 통해 성숙한 투자문화의 정착을 도모하는 것이 바람직하다. In the P2P lending process in Japan, it is difficult for an individual who is a fund provider to register for lending, so a company recruiting funds from an investor registers a financial products business under the Financial Instruments Transaction Act, and the fund raising is anonymous partnership contract (Article 535 of Japanese Commercial Code) In the form of equity investment. By using the anonymous union contract, investors can be prevented from registering lenders. In addition to anonymous union contracts, there are also obligations to give in writing and in various forms before the conclusion of contracts, but they are solved on the internet. The supervisory authority is obliged to anonymize the borrowers because there is a possibility that the borrower illegally withdraws when the borrower is overdue or a loan loss occurs. Due to the anonymity of the P2P lending, the investor is forced to invest in the P2P lending business without knowing the specific information of the final borrower. There is a criticism of anonymization in the absence of countermeasures against the possibility of entry of such malicious business operators because the number of operators entering the P2P lending industry is increasing, because it is difficult for the investor to be protected if the operator uses malicious anonymity. Even if investing in P2P lending is possible, there is a possibility of loss of investment principal. However, we need a balanced view on the purpose of adopting P2P lending system and the viewpoint of investor protection. Though P2P lending is attracting attention as a new form of investment, it is difficult to promote the system and expand the market if the protection of investors is over emphasized in the situation that the recognition is not yet sufficient. Considering that P2P lending investments are different from general financial product investments, it is not desirable to equate them with the protection of investors in ordinary financial products, and it is necessary to eliminate concerns about the possibility of loss. Of course, investors are mainly small-scale investors, but they are investment products, so it is desirable to establish a mature investment culture through appropriate investor education.

재판공개원칙의 현대적 의미와 한계

김주석 ( Kim Joo-seok ),서용성,이단비 사법정책연구원 2023 연구보고서 Vol.2023 No.3

이 보고서는 우리나라의 재판공개원칙에 관한 규범과 논의를 정리하고, 일본, 독일, 프랑스, 영국, 미국 등 주요 각국 및 국제형사재판소의 관련 사례와 논의 상황을 살펴봄으로써 그 현대적 의미와 한계를 짚어 본 다음, 이를 통해 재판공개원칙을 폭넓게 이해하고 그 바람직한 운용과 개선을 위하여 유용한 시사점을 얻고자 하였다. 우리나라에서 재판공개원칙은 법원의 심리와 판결은 공개되어야 한다는 헌법상 원칙으로서 공중의 감시를 통해 재판의 공정성을 제고하고 국민의 신뢰를 보장하는 수단으로 언급된다. 국가안보, 안녕질서 또는 선량한 풍속을 보호하기 위한 심리 공개의 예외가 인정된다. 간접공개는 원칙적으로 금지되고, 팬더믹을 계기로 확대된 영상재판의 공개가 새롭게 문제되고 있다. 소송기록은 확정된 사건에 한하여 일반에 공개된다. 원칙적으로 모든 판결서는 인터넷 공개되고, 개인정보는 비실명 처리된다. 주요 각국은 각기 처한 법 제도적, 사회적 환경하에서 재판공개원칙을 적정하게 구현하고자 하나, 때로는 여러 문제점을 드러내면서 시행착오도 겪고 있다. 재판공개원칙은 각국에서 다양한 역사적, 규범적 배경 아래 형성된 관계로 그 접근방식과 내용에 차이가 있고, 논의되는 바도 다양하다. 일본의 경우 일본국 헌법 제82조에서 재판공개에 관한 명문 규정을 두고 대심 공개에 관한 예외 사유도 규정하고 있다. 정치범죄 등 사건의 비공개는 금지된다. 절차의 공개 측면에서 공개대상은 공판절차, 변론절차에 사실상 한정되고, 간접공개에도 소극적이다. 기록의 공개는 헌법상 보장 대상이 되지 않으나 일본 민사소송법은 진행 중인 사건을 포함하여 누구라도 소송기록 열람을 청구할 수 있게 하고 있다. 형사소송기록의 경우 확정된 기록만 공개하고 많은 예외를 인정한다. 독일의 경우 기본법상 공개의 원칙에 관한 명문 규정은 없으나 민주국가 및 법치국가의 원리와 결부하여 재판공개원칙을 헌법상 보장되는 것으로 본다. 절차의 공개와 관련하여 폭넓은 예외 규정을 두고 있고 간접공개도 원칙적으로 금지된다. 일반 공중의 기록열람은 원칙적으로 금지된다. 판결서는 널리 공개되나 익명화 처리된다. 프랑스의 재판공개원칙은 명문 규정은 없으나 헌법적 가치를 지니는 것으로 이해된다. 재판공개는 변론공개와 판결공개로 나뉘고, 판결서를 제외한 소송기록은 일반 공개되지 않는다. 절차의 공개와 관련하여 간접공개는 금지됨이 원칙이나 최근 공익을 이유로 한 방송 허가가 가능하게 되었다. 영국에서 재판공개원칙은 불문헌법의 지위를 가지고 있다. 법원의 고유 권한, 보통법, 성문법 규정에 의하여 재판공개의 예외가 인정된다. 언론 보도와 관련하여 엄격책임의 원칙이 인정되고, 성문법적 예외로 자동적 보도제한과 재량적 보도제한이 인정된다. 간접공개는 원칙적으로 금지되나 근래 범위를 확대하는 추세다. 법원은 기록 공개와 관련하여 고유한 권한이 있고, 민사의 경우 사건진술서, 판결, 증인 진술 등은 일반적으로 공개되나 다른 문서는 관련된 이익형량을 통한 법원의 허가를 받아야 한다. 형사의 경우 법원은 관계 단체와 협약을 맺고 법원 목록, 등록부 정보를 언론에 제공하고 있다. 미국에서 재판은 공적 사건으로 간주되고, 재판공개원칙은 수정헌법 제1조의 표현의 자유와 제6조의 공개재판을 받을 권리 차원에서 다뤄진다. 수정헌법 제1조가 적용되면 공개의 추정이 인정되어 공개제한은 중대한 이익과 함께 최소 침해의 요건이 충족되어야 정당화된다. 기록 공개에 관한 법원의 판단은 심리의 공개와 연계하여 접근하는 방식과 독자적으로 접근하는 방식으로 나뉜다. 정보화 시대 도래에 따라 전자소송과 전자기록 공개시스템을 연계하여 기록 공개를 하고 있고, 사생활 보호에 대한 새로운 위험성을 인식하고 절차규칙으로 공개제한의 근거 규정을 두고 있다. 국제형사재판소의 경우 간접공개를 재판소 사무국이 직접 행하는 점, 피해자 및 증인 보호를 위한 예외 규정을 두고 증인의 신원 정보를 보호하기 위한 여러 수단이 활용되는 점 등이 특징적이다. 정보화 사회의 환경하에서 재판공개원칙의 장단점은 모두 증폭되어 나타나고 이러한 양면성을 적절히 고려하여 재판공개원칙을 구현하는 것은 주요 각국이 당면한 과제다. 긍정적 측면은 재판에 대한 공중의 참여가 촉진되는 점, 실체진실 발견에 도움이 되는 점, 정보의 입각한 토론을 통해 민주주의 과정에 기여하는 점, 공중의 감시를 통해 재판의 공정성을 확보하고 사법 신뢰를 촉진하는 점, 유사한 사건에서 일관되고 공정한 판례 형성에 기여하는 점, 법에 관한 공중의 이해도를 높여 법치주의 확산에 기여하는 점, 치유의 가치 등을 들 수 있다. 부정적 측면은 개인정보나 사생활, 영업비밀과 그 밖의 민감한 정보의 침해 우려, 국가안보나 공공질서, 선량한 풍속 등의 침해 위험, 재판의 공정성이나 수사의 효율성을 저해할 수 있는 점, 사건관계인의 명예, 인격, 신체의 안전을 해할 수 있는 점 등이 포함된다. 이 보고서는 재판공개원칙에 관한 각국의 규율 사례와 논의에서 나타난 시사점을 바탕으로 공개의 이익과 비공개이익의 규범 조화를 반영한 헌법 내지 법원조직법 개정안을 제시하였다. 재판정보 관리자로서 법원의 주도적 역할을 인정하여 공개제한 결정에 있어 법원의 폭넓은 재량 인정과 법원 주도의 간접공개 활성화, 언론과 공중에 대한 공보업무 활성화의 필요성을 제기하였다. 나아가 재판공개의 방식에 관한 규율의 정비 조치로서 심리의 간접공개에 관한 명시적 근거를 대법원규칙으로 마련할 것을 제안하고, 영상공판준비기일에 대한 인터넷 공개의 법적근거 마련, 인터넷 중계 방식에 관한 실무지침 설정, 형사판결서 열람자의 부당한 정보 이용금지의무에 관한 준용 규정 마련, 비실명 처리방법의 통합, 그 밖에 민사소송기록 공개 방법으로서 등사 내지 복사의 허용, 민사소송기록 열람 등 제한 관련 신청권자의 확대, 당해 소송관계인의 동의 요건을 의견 청취로 변경할 것, 각종 정의 규정의 정비 등을 제안하였다. 또한 공개 촉진의 유인을 부여하기 위해 정보공개법 및 개인정보 보호법의 적용을 배제함으로써 관련 법의 중복적 적용에 따른 혼란을 피할 것과 비실명 처리에 관한 책임을 제한하는 해석론을 제안하고, 전자소송과 연계된 전자기록 공개시스템의 구축을 위한 법률 제정안과 이를 위해 선행적으로 해결되어야 할 과제 등도 제시하였다. 한편 공개의 부작용 억제를 위하여 가사소송절차에 대한 비공개의 근거 마련 방안, 간접공개 방식의 법원 통제 방안, 재판정보 이용의 책임성 확보를 위한 부당한 이용에 대한 과태료 제재 방안, 판결서 인터넷 이용 시 책임성 확보를 위한 조치의 근거 마련 방안 등도 제시하였다. 미확정 사건의 소송기록을 공개할 경우 유의할 사항과 판결서 공개와 관련하여 제기되는 수수료 부과(면제) 문제, 미확정 사건의 형사판결서 공개 문제 등 공개의 부작용 억제와 관련된 현안에 대하여도 가능한 해결방안을 제시하였다. This report summarizes the norms and discussions on the principle of open justice in Korea, and examines its modern meanings and limitations by researching relevant cases and discussions of major countries such as Japan, Germany, France, the United Kingdom, and the United States, as well as the International Criminal Court. Following such research, this report attempts at broadening the understanding of the principle of open trial and obtaining useful implications for its desirable operation and improvement. In Korea, the principle of public trial is predicated on the Constitution to the effect that court hearings and judgments must be made public and referred to as a means of enhancing fairness in trials and securing public trust through public scrutiny. Exceptions to open hearings for the purpose of protecting national security, public safety and order or good morals are recognized. The indirect publicity is prohibited in principle, and the publicity of remote hearings, which have been expanded due to the pandemic, has become a new issue. Court records are open to the public only for final and conclusive cases. And all judgments are disclosed online in principle, with the personal information treated anonymously. Major countries are trying to appropriately implement the principle of open justice under the legal and social environments surrounding themselves, but sometimes they are also experiencing trial and errors by exposing various problems. As the principle of open justice has been formed under various historical and normative backgrounds in each country, there are some differences in its approach and content, further arises various discussions. In case of Japan, Article 82 of the Japanese Constitution stipulates a provision on the principle of public trial and also prescribes exceptions to the publicity of adversarial hearing. Private hearings of certain cases such as political crimes are prohibited. In terms of the publicity of procedure, the subject is virtually limited to the oral pleading procedures. They also accept indirect publicity on a limited basis. The public access to court records is not guaranteed under their constitution, but the Japanese Civil Procedure Act allows anyone to request access to court records, including the ones of ongoing cases. In the case of criminal court records, only the records of concluded cases are allowed public access, albeit wide exceptions. In case of Germany, there is no explicit provision on the principle of open trial in the Basic Law(Grundgesetz), but the principle is considered to be constitutionally guaranteed in conjunction with the principles of democratic state and rule of law. There is a wide range of exceptions regarding the publicity of procedures, and indirect publicity is also prohibited as a matter of principle. Public access to court records are also principally prohibited. The decisions are widely publicized nevertheless on the condition of anonymization. Although there is no explicit regulation on the principle of open trial in France, it is understood for it to have constitutional value. Open trial is divided into public hearings and public access to decisions, and court records, except for decisions, are not open to the public. Regarding the publicity of procedures, indirect publicity is prohibited in principle, but broadcasting permission has recently been made available for reasons of public interests. In the UK, the open justice principle has the status of unwritten constitution. Exceptions to public hearing are recognized under the courts’ inherent powers, common law, and statutes. In terms of media reporting, the principle of strict liability is recognized, and automatic and discretionary reporting restrictions are recognized as statutory exceptions. indirect publicity is prohibited in principle, but tends to expand its scope in recent years. Courts have inherent powers with respect to public access to records, and in civil cases, case statements, judgments, and witness statements are generally given access, but access to other documents must be authorized by the court through balancing of the related interests. In criminal cases, the judiciary entered into agreement with related organizations to provide court lists and registry information to the media. In the United States, trials are regarded as public events, and the principle of public trial is dealt with in terms of freedom of expression in Amendment I and the defendant’s right to a public trial in Amendment VI. When the First Amendment is applied, the presumption of openness is recognized, and restrictions on openness are justified only when there is a compelling interest to do so and the restriction is narrowly tailored to that interest. Deciding whether to allow public access to court records, the courts take either an approach in conjunction with the related procedure or an approach to independently decide it. With the advent of the information age, court records are open to the public online through public access system which is linked with electronic filing system. And recognizing new risks to privacy protection, federal procedure rules were made to provide grounds for restriction to public access. In the case of the International Criminal Court, it is characteristic that the Registry conducts indirect publicity on its own, and that exceptions are provided to protect victims and witnesses, and various measures are used to protect the identity of witnesses. Under the environment of information society, the merits and demerits of the open justice principle emerges distinctively, and it is a challenge facing major countries to properly consider these ambivalence and implement the open justice principle. The positive aspects are promoting public participation in trials, helping to discover substantive truth, contributing to the democratic process through informed discussions, ensuring fairness of trials through public oversight and trust in the judiciary, contributing to the formation of consistent and fair precedents in similar cases, contributing to the expansion of rule of law by increasing the public's understanding of the law, and the so-called “therapeutic value”. Negative aspects include concerns about infringement of personal information, privacy, trade secrets and other sensitive information, risk of infringement on national security, public safety and order, good morals, etc.; and potential harm to be afflicted on the honor, personality and the safety of those involved in the proceedings. Based on the lessons learned from each country’s regulations and discussions on the principle of open justice, this report proposes a possible revision to the Constitution or Court Organization Act so as to reflect the harmonization of the norms between the public interests and those of non-publicity. Acknowledging the court’s leading role as a manager of trial information, it suggests the need to recognize the court’s wide discretion in determining the restriction of openness, activate indirect publicity led by the court, and promote public affairs for the media and the public. Furthermore, as a measure to improve the discipline on the method of open trial, it is proposed to provide an explicit basis for the indirect publicity of hearings by stipulating in the Supreme Court Rules; prepare legal grounds for Internet publicity of the remote pretrial proceedings, and set out practice direction for internet broadcasting method, establish provisions for mutatis mutandis regarding the duty to prohibit improper use of criminal judgment information; integrate anonymization methods; permit copying or duplicating as a method of access to civil case records; expand applicants for restrictions on access to civil case records; replace the requirement of consent of the parties concerned with that of hearing; and amend various definition clauses. In addition, in order to give incentives for promoting openness, this report proposes excluding the courts from the application of the Official Information Disclosure Act and the Personal Information Protection Act to avoid confusion arising from the duplicative application of related laws and interpretation theory limiting the liability for anonymization processing; legislative proposals for the establishment of public access system of electronic records that is linked to the electronic filing system, and preceding tasks to be resolved for the establishment. On the other hand, with an aim to suppress the side effects of openness, this report proposes measures to establish a basis for non-publicity of family court proceedings, measures to manage court-control in indirect publicity, measures to impose civil fines on improper use to secure accountability in the use of court information, measures to provide the grounds for ensuring accountability when using the online access to court judgments. Possible solutions are also suggested for currently pending issues related to the suppression of side effects such as matters to be aware of when allowing access to the whole court records of non-conclusive cases, and issues of charging or exempting fees on the public access to judgments, and contentions arising from allowing public access to the criminal judgments of unconcluded cases.

NTIS 데이터를 활용한 개인정보 보호 R&D 동향 분석 연구

김예원(Yewon Kim),최단비(Danbi Choi),김장원(Jangwon Gim) 한국정보기술학회 2021 Proceedings of KIIT Conference Vol.2021 No.6

데이터 3법 개정안이 통과됨에 따라 개인정보 비식별화를 통한 데이터 재활용이 가능하게 되었다. 따라서 개인정보의 안전한 활용을 위해 도메인 분야별로 상세하며 현실적인 규정 및 정책과 함께 개인정보 가명화 및 비식별화 기법 등에 대한 맞춤형 전략 수립이 필요하다. 본 논문에서는 가명화, 익명화와 관련된 정부 연구 개발 사업 현황을 분석을 통해 가명화와 관련된 연구가 초기 진입 단계임을 보인다. 따라서 인공지능 데이터의 필요성과 함께 개인정보 보호, 인터넷 윤리가 중요시 되는 최근의 연구 환경에서 데이터의 재활용성을 고려한 개인정보 가명화에 대한 연구가 필요함을 제언한다. With the passage of the amendment to the three data privacy laws, it became possible to recycle data through the de-identification of personal information. Therefore, for the safe use of personal information, it is necessary to establish customized strategies for personal information pseudonymization and de-identification techniques and detailed and realistic regulations and policies for each domain field. This paper shows that research related to pseudonymization is in the early stage of entry through analysis of the state of government R&D projects related to pseudonymization and anonymization. Therefore, it is suggested that research on the pseudonymization of personal information, taking into account the recyclability of data in the current research environment where personal information protection and internet ethics are essential, and the necessity of artificial intelligence data is necessary.