개인정보 보호법의 문제점과 법적 대안 - 가명정보를 중심으로 -
Problems and Legal Suggestions of 「the Personal Information Protection Act」
윤익준(대구대학교); 이부하(영남대학교)
23호, 41~72쪽
초록
The main contents of the revised “Personal Information Protection Act” are: First, clarification of the conceptual system related to personal information, second, definition of pseudonymized information and establishment of basis for processing, third, reinforcement of personal information controller's responsibility, and fourth, agreement within reasonable scope. Establishment of the basis for collecting, using, and providing personal information that is not available. Fifth, the supervisory body is unified with the Personal Information Protection Committee. The main contents of the revised 「Enforcement Decree of the Personal Information Protection Act」 include first, additional use and provision of personal information, second, procedures for combining pseudonymized information, third, measures to ensure safety of pseudonymized information, and fourth, information on race or ethnicity in sensitive information. Problems of the revised Personal Information Protection Act are: First, the liquidity of the concept of personal information, pseudonymized information, and anonymous information, second, the problem of handling pseudonymized information. (1) Processing of pseudonymized information without the consent of the data subject, (2) handling of pseudonymized information without consent to limited matters, (3) obligation to destroy pseudonymized information, and third, the risk of using pseudonymized information. (1) handling of sensitive information, (2) scope of application of pseudonymized information, (3) There is a problem of combining data with pseudonymized information, and (4) There is a problem with the designation and operation of a specialized data organization. It is necessary to stipulate clear regulations on how public officials or public institutions should pay expenses without cost handling regulations in the pseudonymization and combination processing steps, and in cases where pseudonymized information is provided or provided by pseudonymization. In the case of combining pseudonymized information, if personal information is leaked, there is a possibility of civil and criminal liability, so it is necessary to consider regulations on immunity for this.
Abstract
The main contents of the revised “Personal Information Protection Act” are: First, clarification of the conceptual system related to personal information, second, definition of pseudonymized information and establishment of basis for processing, third, reinforcement of personal information controller's responsibility, and fourth, agreement within reasonable scope. Establishment of the basis for collecting, using, and providing personal information that is not available. Fifth, the supervisory body is unified with the Personal Information Protection Committee. The main contents of the revised 「Enforcement Decree of the Personal Information Protection Act」 include first, additional use and provision of personal information, second, procedures for combining pseudonymized information, third, measures to ensure safety of pseudonymized information, and fourth, information on race or ethnicity in sensitive information. Problems of the revised Personal Information Protection Act are: First, the liquidity of the concept of personal information, pseudonymized information, and anonymous information, second, the problem of handling pseudonymized information. (1) Processing of pseudonymized information without the consent of the data subject, (2) handling of pseudonymized information without consent to limited matters, (3) obligation to destroy pseudonymized information, and third, the risk of using pseudonymized information. (1) handling of sensitive information, (2) scope of application of pseudonymized information, (3) There is a problem of combining data with pseudonymized information, and (4) There is a problem with the designation and operation of a specialized data organization. It is necessary to stipulate clear regulations on how public officials or public institutions should pay expenses without cost handling regulations in the pseudonymization and combination processing steps, and in cases where pseudonymized information is provided or provided by pseudonymization. In the case of combining pseudonymized information, if personal information is leaked, there is a possibility of civil and criminal liability, so it is necessary to consider regulations on immunity for this.
- 발행기관:
- IT와 법연구소
- 분류:
- 기타법학