GDPR의 관점상 신용정보법 개정안(김병욱 의원 대표발의안)의 검토 - 가명조치·익명조치 개념, 정보주체의 동의범주 이슈를 중심으로 -

This article reviews the issue of allowing pseudonymisation or anonymisation of personal data and its legal effect, and unauthorized collection of personal data disclosed to SNS under the new bill of the Credit Information Act (hereinafter referred to as 'the bill') introduced by Kim ByungWook, member of Korean National Assembly in November 2018. The bill has the cause of improving and strengthening effective devices to protect data subjects, and at the same time, of supplementing the use of big data. Nevertheless, the bill proposes that the Korean government intervenes in judging the appropriateness of anonymization and actively grants the relevant legal effects such as giving legal presumption as anonymous data. Furthermore, it is also problematic to allow a data processor, etc. to collect personal data without the data subjectʼs consent. The newly introduced concept of ʻfurther processingʼ by the bill is designed to omit the unnecessary step of data subjectʼs agreement for processing his or her data. However, it is allowed in the range ʻʻnot in conflict with the originally collected purposeʼʼ, which differs considerably from the GDPRʼs further processing that allows only when compatible with the originally collected purpose. The bill will incur controversy over the rational expectations of data subjects. Therefore, rather than pushing the bill to pass the National Assembly, this paper recommends discussions open to all stakeholders thereby analyzing all the effects which will be directly or indirectly brought about by the bill to gain acceptable and reasonable balance between personal data protection and smooth data use.