클라우드 컴퓨팅법 및 개인정보 보호법의 개인정보 국외이전 규정의 검토

Cloud computing is a critical technology in the era of the Forth Industrial Revolution and is a basis of other related technologies. Decentralized and virtualized cloud computing make personal data stored abroad or provided to third parties abroad. In this case, Article 26 of the Cloud Computing Act stipulates that a user may request to inform a service provider of which country their data is stored in. Also, Article 17 of the Personal Information Protection Act stipulates that a service provider shall obtain the consent of a data subject after notifying the data subject of several matters stipulated in the law, when providing the personal data to a third party overseas. Article 39-12 of the Personal Information Protection Act stipulates that a service provider shall notify a user of the name of the country where the personal data is provided to obtain consent. While these regulations seem to provide for overlapping matters, they are repeated but somewhat different. Therefore, I think that it is necessary to coordinate the contents of these regulations and it will be more appropriate to integrate the overlapping regulations into one regulation. In addition, for now the content of Article 26 of the Cloud Computing Act seems to be less effective, and it is considered that the provision needs to be amended as the provision the a service provider shall notify a user of the name of the country where the personal data is transferred, reflecting Article 39-12 of the Personal Information Protection Act. Additionally, it seems that there is a need to add a penalty provision to enhance the effectiveness of the provision.