개인정보의 개념에 관한 연구

From the definition on the Personal Data Protection Act of Korea, we can infer that personal data is composed of two elements: personally identifiability and information. The former is crucial. Any information about a living person becomes personal data when his/her identity is apparent by the data itself or easy combination with other data. Internet business industry argues that the definition is too broad to use big data, using of which is vital in gaining a competitive edge in business. However it is inevitable to include personally identifiable information in addition to personally identified information in defining personal data, considering the high speed of IT technology development. Information classified as “personally de-identified” based upon current IT technology can be categorized as “personally identifiable” in the future. EU takes the same position as Korea in terms of defining personal data. No important distinction is found. While EU decides “personally identifiable” when data is reasonably believed to be combined with other data, Korea decides based upon easiness of combination. With regard to legislation on personal data, factors to consider are as follows; First, the definition of personal data in the Act should contain the core value of the fundamental right to self-determination over personal data, which is guaranteed in several cases since 2005 by the Consitutional Court of Korea. Personal data about personhood should be designed more protectively than others. Second, the definition should contain the possible change of “personally de-identified” into “personally identifiable” due to rapid development of IT technology. Third, the evaluation on the definition of personal data is closely related to the entire regime of protecting personal data, under which personal data has two values: protection of individual’s personhood and free flow of information.