개인정보 관련 민사판례상 손해배상책임의 인정 기준 - 2010년 이후의 판례의 동향과 그 분석을 중심으로-

Until recently, since the protection of personal data has become a social issue, our courts have shown a considerable number of precedents. It is thought that the recent cases at least illustrate the trend of court attitudes. The issues under consideration in the cases has several aspects depending on the facts, through the analysis of them we can see when the court admits responsibility for damages. This is thought to be a potent gauge of how similar cases will be handled in the future. With the inductive classification, the recent cases can be divided into two group of cases, ① one of them is the cases without informed consent and ② the other is the group of hacking, or involvement of employees, etc. Our Supreme Court divides illegality and damages in each case and examines the responsibility for damages based on the division. Based on the criteria of the cases, it was found that the first step was to determine whether data on the issue would be personal data subject to the protection (step 1), whether or not illegality was retained (step 2), and whether damages were incurred (step 3). According to the latest cases, profit, technical or administrative protective measures are considered in determining illegality in step 2. In this article, we looked at the criteria in which civil liability is recognized in relation to personal data infringement cases. Regarding the responsibility for damages caused by the infringement of personal data, our cases have shown that the criteria is settling. Depending on the viewing position, it may be thought that the protection of personal data is weakened by the strict recognition of a liability for damages by the court. However, in light of the criteria for recognizing damages in illegal activities, this trend in court cases is acceptable for now in that they are based on the more analytic logic and provide certain predictability in the handling of future events and the prior management of companies' risks.