스마트그리드 전력데이터의 취급과개인정보 보호의 문제

Smart grids enable efficient power use and are in the spotlight as an important solution for responding to the energy crisis and climate change. However, as the sense of crisis spread that individuals' private lives can be exposed to power data through numerous smart devices connected to the smart grid, establishing a safety net for personal data protection became a prerequisite for the establishment and use of the smart grids. Smart grid big data is premised on the collection of countless consumer data and analysis using AI, and such big data can be considered a dilemma situation as it contains a fatal risk to invade privacy. Therefore, the personal data protection legislation should be viewed as a business-friendly foundation that enables the use of big data rather than purely as a regulation to guarantee personal privacy. In Korea, the protection of smart grid personal data is overlapped by the Smart Grids Act and the General Data Protection Act. In the future, it seems necessary to think deeply about whether to continue to adhere to the dual legal system or go to a comprehensive legal system of the General Data Protection Act. Regardless of how the legislation proceeds in the future, KEPCO and other smart grids operators will need to familiarize themselves with the basic details of data privacy protection and prepare thoroughly in order to build smart grids and utilize various power data. As mentioned in the text, failure to properly solve the customer's privacy problem will be a major obstacle to successfully building a new system. It is important to know exactly what personal information is held for what purpose. You need to understand what types of personal information you hold, how it is used and shared with whom, and what security measures are appropriate for it. When designing a product or service, it is necessary to carefully establish a data protection plan at the design stage. Smart grids operators should use the power grid data by anonymous processing as much as possible. In the case of pseudonymization, the pseudonymized data and additional data that can be linked to reveal personal data must be managed separately so that there is no connection with each other. The government should promptly enact standard terms and conditions for the collection and use of smart grid data to stipulate the obligations and responsibilities of consumers and businesses in response to the use of power big data and expansion of consumer participation. In addition, detailed guidelines for the protection of data of consumers in the electric power sector should be reorganized, establishing standards and procedures for consenting to provide information. The guideline should provide examples of the cases of statistics preparation, scientific research, and record preservation for the public interest stipulated as special exception for handling pseudonymized information without data subject’s consent under the General Data Protection Act. It is necessary to present a guideline for pseudonymizing power information.