사물인터넷 환경과 개인정보보호의 법적 문제

‘Internet of Things(IoT) society’ is not a physically active society but a ‘Cyber-Physical System’ society in which the demands of individuals and society are met in real time by physical systems controlled by non-physical digital data. In these societies, the fulfillment of individual needs without the provision of personal data or the promotion of public welfare can not be assumed. In this regard, the demands of the public and private parties to realize the infinite value inherent in a myriad of personal data generated in real time in the IOT environment and the data subject to protect personal data are in conflict with one another. In this conflict phase, the fact that the self-determination authority of the data subject has become virtually defective due to the data gap and the methods and means of seizing personal data are considered to be difficult to prove, even if personal data infringement occurs do. Based on these considerations, the following suggestions are made. First, a reasonable level of anonymization of personal data should be accepted as a social constraint that members of IoT society should recognize for the benefit of the community. Secondly, it is necessary to solve the digital divide existing between data processors who want to create new value by using personal data and simple users who want to enjoy the benefits, and to improve the responsibility of data processors by using legal system such as ‘PbD’. Third, national effort to institutionalize ‘STIX’(Structured Threat Information eXpression) should be strengthened so that illegal access to personal data and social community monitoring of misuse and abuse of personal data can be realized in real time. Finally, I hope that the legislative policy toward ‘Digital First’ in each country will become a competition stage of wisdom for ‘Positive-Sum’ at global community level.