개인정보의 통계작성・연구 목적 활용에 관한 검토- GDPR의 관점상 김병욱 의원 대표발의 개정안의 비판적 검토를 중심으로 -

Recently, in response to the environment changed greatly due to the innovative development of technology, legislations for protection of personal information are being tried or have been completed around the world. The European Union has enacted a binding regulation called the ‘General Data Protection Regulation’ (hereinafter, GDPR) in 2016 and implemented it in May 2018. In the case of Korea, Korea has several dispersed related laws about personal information. Not only these laws have undergone frequent revisions but also multiple bills are submitted to Korean National Assembly for consideration. In particular, among the bills about personal information, the bill for revision of Use and Protection of Credit Information Act introduced in November 2018 by Representative Kim ByungWook (hereinafter, the revision bill) changes the basis of the existing legal frame of the current law thereby receiving a lot of attention from the industry and concern from the society at the same time. Regarding the process of personal information for purposes as compiling statistics or research discussed in this article, the revision bill has explicitly introduced that the out-of-purpose use for compiling statistics or research purpose doesn’t need information subjects’ agreement even if the research is intended for industrial or commercial purpose rather than academic one. Therefore, this article compares and reviews the 'exception' of agreement by personal information subjects for the purpose of 'compiling statistics and/or research' with that of the GDPR as this is one of the most controversial issues about the revision bill. It also examines the legitimacy of placing legal restrictions on how to combine multiple databases and the issue of having an exclusive authority which will supervise personal credit information, other than current Personal Information Protection Commission.