아동 개인정보 보호 강화를 위한 법제 정비방안에 관한 연구

Amid the global COVID-19 pandemic as well as technological advancements, children’s online activities are being skyrocketed. Children, or the Alpha Generation, have the latest technological innovations during their course of growth. They are able to purchase newest smartphones and to use state-of-art mobile networks. However, their data privacy is more likely to be vulnerable than ever. To respond the threat to privacy, governments across the globe are pushing to improve legal systems regarding the children’s data privacy including amending relevant data protection laws and imposing massive fines against large IT companies which violated the laws regarding the children's personal information. Actions to protect children’s personal data are no exception to South Korea. In 2022, a number of South Korean ministries, Personal Information Protection Commission, Ministry of Health and Welfare, Ministry of Education and Ministry of Gender Equality and Family, jointly released “The Master Plan for Data Protection of Children and Teenagers”. Along with the Master Plan, the Personal Information Protection Commission released “The Guideline for Protection of Children and Teenager’s Personal Information”. The Master Plan and the Guideline contain various schemes such as a tentative enactment of the Children and Teenager’s Personal Data Protection Act by 2024 and acknowledging the right to be forgotten for children. Although it is noteworthy that the South Korean government is in alignment with the global trajectory that could significantly impact on children’s data protection, it should make different approaches for reasons. First, given that the South Korean data protection laws are standing on a preemptive relationship between a general law and special laws, enacting a new law only for children and teenagers could result in conflicts with the existing laws and ineffective protection for the children’s data privacy. Thus, rather than enacting a new law, those provisions for strong protection on children and teenagers data privacy should be added under the Personal Information Protection Act. Second, recognizing the right to be forgotten into the legal system is worthwhile to reconsider. Considering that the right to be forgotten is similar to the right to request for deletion of incorrect personal information, under the article 36 of the Personal Information Protection Act, it should be amended to ensure the rights inherently given to data subjects. Thus, the article 36 of the Personal Information Protection Act should allow individuals (data subjects) to exercise the right without any pre-conditions, such as requiring data subjects to access his or her personal information in advance. Third, children’s right to be forgotten is notable. Global data protection laws – the UK’s age appropriate design code or the California Age-Appropriate Design Code Act - target at providing an environment to enable children to exercise their rights as a data subject. Children are not mere objects needed to be protected and rather children are encouraged to exercise their rights regarding personal information and its processing. In this regard, the Personal Information Protection Act is necessary to make sure that the right to be forgotten should be guaranteed to children as the subject, not as the object. Guardians for children including parents should be secondary actors. In addition, it is crucial to keep the principle of transparency for using concise, easily accessible languages that children can understand.