개인정보의 보호와 이용의 균형을 위한 법적 문제와 개선방향
Legal issues for the balance between protection and reuse of personal data
정준현(단국대학교)
38권 1호, 125~154쪽
초록
Our country in claiming IT powerhouse is seemly taking the laws onlyforcused on personal data protection and privacy purposes without utilizing thevalue of personal data. If focusing on protection of personal data not to achievethe balance between the protection and reuse of personal data like abovementioned, it is impossible to create value of personal data based on Bigdatatechnology, and our current laws related personal data are not the laws of ITpowerhouse but fall into the not evolved law like life of the Galapagos Islands. In modern society with no privacy, anyone who has a relationship with otherpeople, society or the country is bound to release their part. Our Constitutionaims to harmonize and balance fundamental rights of personality, secret rights ofprivacy including the liberty of occupation, etc. And no amount of legislation tothe public, even private collection of personal data can not prevent illegal. Nomatter how much legislation shall perform, we can not prevent illegal collectionand disclosure of personal data. Considering the before mentioned comprensively,following legislative improvements can be proposed. First, legally protected personal data should be limited to the individual’sdirectly identifying data(residental regislation number, etc.), collection andprocessing of personal behavior data with no identity should be left to selfresponsibilityof personal data processor. Secondly, the scope of processor and their partners(Service Provider) shall bestrictly limited by law and the full informed consent of data subject must bepreceded, when the processor wants to profile individually with collected andprocessed personal data for preemptive service. Thirdly, a data subject’s right of participation in the value creation processmust be ensured and shall be notified about usage history of profiled personaldata, if they want to provide him/her preemptive service on the basis ofprofiling. Finally, for the harmonious balance between a certain amount of protectionand use of personal data, the law should require the processor not only to keepthe Minimum requirements for risk prevention but also to take additionalprotective measures according to technical development as the duty of goodmanagers care(Fiduciary Duty), in the case placing the right to process or profileindividual’s behavior data under the autonomous responsibility of the processorby law, and the statutory damages be paid regardless of whether or not theoccurrence of actual damage in case of personal data violation.
Abstract
Our country in claiming IT powerhouse is seemly taking the laws onlyforcused on personal data protection and privacy purposes without utilizing thevalue of personal data. If focusing on protection of personal data not to achievethe balance between the protection and reuse of personal data like abovementioned, it is impossible to create value of personal data based on Bigdatatechnology, and our current laws related personal data are not the laws of ITpowerhouse but fall into the not evolved law like life of the Galapagos Islands. In modern society with no privacy, anyone who has a relationship with otherpeople, society or the country is bound to release their part. Our Constitutionaims to harmonize and balance fundamental rights of personality, secret rights ofprivacy including the liberty of occupation, etc. And no amount of legislation tothe public, even private collection of personal data can not prevent illegal. Nomatter how much legislation shall perform, we can not prevent illegal collectionand disclosure of personal data. Considering the before mentioned comprensively,following legislative improvements can be proposed. First, legally protected personal data should be limited to the individual’sdirectly identifying data(residental regislation number, etc.), collection andprocessing of personal behavior data with no identity should be left to selfresponsibilityof personal data processor. Secondly, the scope of processor and their partners(Service Provider) shall bestrictly limited by law and the full informed consent of data subject must bepreceded, when the processor wants to profile individually with collected andprocessed personal data for preemptive service. Thirdly, a data subject’s right of participation in the value creation processmust be ensured and shall be notified about usage history of profiled personaldata, if they want to provide him/her preemptive service on the basis ofprofiling. Finally, for the harmonious balance between a certain amount of protectionand use of personal data, the law should require the processor not only to keepthe Minimum requirements for risk prevention but also to take additionalprotective measures according to technical development as the duty of goodmanagers care(Fiduciary Duty), in the case placing the right to process or profileindividual’s behavior data under the autonomous responsibility of the processorby law, and the statutory damages be paid regardless of whether or not theoccurrence of actual damage in case of personal data violation.
- 발행기관:
- 법학연구소
- 분류:
- 법학