블록체인과 개인정보보호- 블록체인의 매직(Magic)과 법적 도전 -

The use of blockchain technology can, and will, change our society profoundly. A blockchain as the next big thing for the decentralized internet is in essence a digital ledger containing lines of data or information. Such a ledger can contain different types of data, varying from transaction records, transactional attributes, credentials, or any other piece of data or information. As a matter of principle only lines of data can be added to this digital ledger, and none can be removed or altered. My aim in this article is to deal with blockchain technology and personal data protection and its use. For this purpose, first of all, I will attempt to answer the question "Is blockchain subject to personal data protection law?" Firstly, I will examine whether hash and public key of a blockchain system are personal data or anonymised data. Secondly, I will deal with the question "Who is the data controller and the data processor in a blockchain context?" Thirdly, the principle of personal data processing will be discussed. Fourthly, the issues of contract will be discussed. Fifthly, the problem of personal data deletion will be addressed. Sixthly, the issues of the applicable law and jurisdiction will be examined. Seventhly, I will discuss the problem of data protection impact assessment. Of course, I will take into account that there are limitations that can not be expressed in general because of the variety of models in which the blockchain technology is implemented. The answers to these questions may lead to the conclusion that a given blockchain project’nexus to personal data is so remote that only minimal data governance mechanisms are required. By contrast, some projects will involve high-risk data processing, requiring a full-blown data protection impact assessment. Based on the above review and discussion, I will suggest ways to improve the existing personal information protection law. In order to improve the personal information protection law considering the blockchain technology, compatibility with international norms should also be examined. Beyond the harmonization with the privacy principles of the blockchain technology, the blockchain seems to play a big role in the personal information management led by the individual. In the next few years, various personal-led personal information distribution and protection technologies and systems projects should be conducted to ensure that a large amount of data, including personal information, can be distributed and utilized safely and securely. It should also be supported by government policies supporting these projects. I hope that this paper will help to improve policies for taking balance between privacy and innovation in the data economy coming from the 4th Industrial Revolution, and improve related laws such as the Personal Information Protection Act and the Information and Communication Network Act.