개인정보, 가명정보 및 마이데이터의 활용 범위 - 데이터 3법을 중심으로 -

The Three Data Laws, which have been revised to be the largest since the law was enacted, are expected to take effect on August 5, 2020. A number of revisions are included to increase the industrial utilization of data, and this paper will be discussed as follows. First, the principle of strict purpose limitation of the previous law was relaxed, and personal information could be further processed for a reasonably relevant purpose. However, there remained issues in the interpretation of the revised law to establish the scope and problems in the lower enforcement ordinances. Second, the revised law permits the use of ‘scientific research’ purposes on the condition that it controls the risk of re-identification of pseudonym information. This paper would like to summarize the basis of interpretation that the scope may include research for commercial purposes by private corporations. Third, this paper aims to complement the legal argument of the interpretation that pseudonymization can be allowed for sensitive information including medical information. Fourth, apart from the relaxation of data usage behavior regulation for pseudonym information, this paper presents the opinion that in the case of safety measure regulation, the technical and administrative protection measures required for current personal information are difficult to mitigate for pseudonym information. Fifth, this paper emphasizes the significance of the My Data regulation and predicts the expected changes.