빅데이터 시대의 중국의 개인정보 입법의 인식론 - 중국 입법의 모델인 EU의 General Data Protection Regulation을 중심으로 -

The EU's General Data Protection Regulation(GDPR) has a broad international impact, but still adheres to the "personal information privacy theory" 50 years ago. Epistemology based on ideologized moral rights has limitations in adapting to the social reality of the era of big data. Since the GDPR is based on external factors such as "identifiable" rather than "personal factors" in defining personal information, there is a problem in which the extension of personal information is uncertain. This hinders the efficient use of data today, in the era of big data. In the future, personal information legislation needs to define its concept based on the essential properties of personal information. It is necessary to distinguish between "personal information" and "personal-related information" and take different legislative ideas. It is important for the former to value protection as privacy and self-displayed personal information, while the latter to prevent misuse. It is necessary to establish a correct concept of privacy, respect the objective laws of information technology, and reasonably adjust the interests of each field based on actual problems. Under these principles, "personal information" should be defined as "a variety of symbols that directly represent an individual's unique personal interests." The Personal Information Protection Act should protect the personal and property interests of "personal-related information" from being violated. "Personal-related information" and its commercial value belong to the legitimate owner, and companies should not need to obtain permission in handling "personal-related information". However, in order to effectively prevent misuse of "personal information" and "personal-related information", strict responsibility must be held against business operators such as information processors. In doing so, personal information can be protected while promoting efficient use of data.