데이터이동성을 위한 유럽연합의 입법동향과 쟁점

Article 20 of the General Data Protection Regulation of the European Union introduced right to data portability, under which the data subject has the right to receive the personal data concerning him, which he has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The European Commission also proposed a Regulation on a framework for the free flow of non-personal data in the European Union in 2017. The EU purports to promote the 4th industrial revolution in the area of cloud computing, big data, IoT and artificial intelligence, which requires free flow of data as essential input. The proposal aims to curb data localization requirements of member governments and other barriers to data movement. It also tries to accommodate national interests for public authorities to access data concerning public security and provide room for self-regulation of the industry to develop details for the data portability. In June 2018, the European Parliament, the Council and the Commission reached a political consensus on the proposed regulation. The data portability in the GDPR and the proposed regulation complement each other in that one deals with personal data and the other deals with non-personal data. Both regulations are keen on balancing public interests in user protection and promotion of competition against industry self-regulation. The two, however, differs in conditions of data portability, which makes the harmonious application a complex mission.