개인정보 개념의 해석 및 범위에 관한 연구

Under the Korea's legislation for the protection of personal information, the term ‘personal information’ is defined as information that pertains to a living person, including the full name, resident registration number, images, etc., by which the individual in question can be identified, (including information by which the individual in question cannot be identified but can be identified through simple combination with other information). This definition is based upon the term ‘personally identifiable information (PII)’ which means any data that could potentially identify a specific individual. Thus PII is the central concept to decide whether personal data statutes are applicable or not, and define their scope and boundaries of application. Despite its importance in personal data statutes, the concept of PII is ambiguous and it may extend the scope of personal data, resulting both in unreasonably expansive application of personal data protection and in curbing free flow of information. Korean courts tend to have expanded the definition of personal data. From the perspective of striking a balance between the protection of privacy and the free flow of information, this paper argues that the current definition on personal data under the Korea's legislation be construed rather narrowly. This paper introduces issues raised from the definition and how this definition is construed in the European Union. Finally this paper emphasizes that whether an individual is reasonably identifiable depends on the context and circumstances, and that the scope of personal information not be overly expanded.