개인정보보호법상의 국외이전 개정방안 연구

With the world moving toward a hyper-connected society, personal information functions as the most valued resource to the success of innovative services. In the absence of international regulations that can be applied universally, countries have adopted different cross-border regulation or data localization for different purposes. The Personal Information Protection Act of Korea also has regulation on cross-border transfer of personal information in order to protect privacy and data security. However, inadequate rules and discrepancy in regulations act as barrier to global digital trade and cross-border data flows. Most of the recent services or applications require the collection and process of users' personal information. And even if these services are only provided within a certain country, many service providers are using global cloud services which inevitably transfer personal information to oversea servers. The articles on cross-border transfer under the Korean Personal Information Protection Act is very tightly interpreted allowing only few types of cross-border data transfer is permitted. And although it is heavily regulated, it does not have sufficient regulatory system for the management nor remedies against the infringement of the already transferred personal information. And due to the recent revisions of the data related Acts, confusion over the application and the interpretation of the cross-border regulation is expected to grow. It is the goal of this paper to present a number of recommendations on the regulations of cross-border transfer of Korea that align with the laws in other jurisdictions. Measures and provisions suggested will reduce controversy and confusion on cross-border regulations while ensuring sufficient privacy protection and still maintain the benefits of cross-border data flows.