개인정보보호법의 개정 의의와 적용상 한계

About ten years, after the Personal Information Protection Act was enacted in 2011, our society is being rapidly digitalised by data-driven technologies such as the Internet of Things, cloud, big data, and artificial intelligence as part of the 4th Industrial Revolution. This is the background of discussions that are domestically and internationally under way to improve the legal system to enable more flexible use of personal data in order to have a competitive edge in new technology-based sectors that utilize various data. The European Union has established the General Data Protection Regulation, which has come into force since 25 May 2018. It is characteristic in that this regulation strengthens the level of protection of personal data while further widening the scope to which personal data can be used. In South Korea, legislative discussions are under way to establish a legal basis to clarify the scope of the use of personal data in order to catch up with the 4th Industrial Revolution dominated by new data-driven technologies. After various legislative proposals had been submitted to the legislative body, the amendment to the Personal Information Protection Act passed the National Assembly and was promulgated on 4 February 2020. This article focuses on analysing whether the revised Personal Information Protection Act can be effectively applied as a legal basis of both ‘personal information use’ and ‘personal information protection’ in the new data-driven technological society. Concretely, this article deals with the meaning, purpose, and main contents of the revised Personal Information Protection Act. Furthermore, this article reviews the limitations for the application of the revised Personal Information Protection Act, as regards special provisions for pseudonymization and the treatment of data, which has undergone pseudonymization.