‘명목을 앞세운’ 개인정보 보호법의 손해배상책임 규정에 대한 비판적 검토

Personal information(or personal data) means the information relating to a living individual that makes it possible to identify the individual under Personal Information Protection Act(hereinafter ‘PIPA’). PIPA focuses on the provisions for the processing and protection of personal information for protecting the freedom and rights of individuals, and further realizing the dignity and value of the individuals. One important form of personal information protection links to the administrative, civil and criminal remedies for unauthorized collection/usage, and loss/theft by hacking. Among these remedies, the civil remedies such as damages can be effective means of compensation for information subject who suffers damage by reason of a violation of PIPA. Article 39 (1) of PIPA stipulates the compensatory damages based on the general principles of the law of torts, to apply for cause, reason for fault, and damages of personal information cases. It also does specify that the burden of proof shifts to the personal information controller on the issues of reason for fault. In addition there are the punitive damages of Article 39 (3) & (4), and the statutory damages of Article 39-2 of PIPA. The punitive damages are intended to be punitive to prevent others from committing the same wrongdoing. Three times the amount of compensatory damages are awarded to each claimant, if the personal information controller is found to have committed a particularly egregious behavior. And the statutory damages are awarded a resonable amount of damages not exceeding three million won at the discretion of the court in lieu of producing the evidences concerning actual or compensatory damages. Where the errors of such technical, managerial, and physical measures of personal information controller would lead to personal information being leaked, information subject can be recovered for monetary compensation on pain and sufferings or emotional distress. While punitive damages and statutory damages have their own purposes and functions of deterrence, prevention, and effectiveness, they may not be eligible for personal information cases. The damages on pain and sufferings from personal information cases are different from the general economic loss, and have been calculated by the discretion of the court without the statutory damages. Even though Articles 39 and 39-2 concerning damages under PIPA seem to be successful way to solve the problems, there are inherent contradictions, and then ostensibly awarding damages that are vast sums for information subjects. It is necessary that the legal solutions to the problems be attempted through interpretative and legislative methods.