개인정보 누설의 의미와 범위 - 형사고소를 중심으로 -

A complainant of a criminal case has been sued by a defendant for infringement of the defendant’s personal information, and is experiencing a new pain that is different from the previous crime. These side effects, which are quite different from the purpose of the legislation, can impose a heavy legal obligation on the 'personal information processor' for the purpose of actively protecting personal information, and also put the blame on the legislators who punished them as punishments. In other words, in order to protect personal information, the legislator in principle required the 'consent' of the information subject or 'existence of other special provisions in the law' for 'processing of personal information'. Therefore, first of all, for the correct use of party consent, it is necessary to find a balanced legal principle that resolves the conflicting values of protection and use of (personal) information in the information society without contradiction. In addition, the Personal Information Protection Act stipulates the cases where there are special provisions in other laws or inevitable cases to comply with legal obligations as an exceptional requirement for the use of personal information. Article 18 of the same Act is a representative case. The Personal Information Protection Act requires the personal information processor to respect the data subject's right to self-determination as much as possible, andⅰ) in principle, Article 18 (1) of the same Act prohibits use or provision of personal information to third parties. ⅱ) In the case of exceptional permission under paragraph (2) of the same Article, the grounds for permission shall be deemed "any of the following cases", except again "when there is a concern that the interests of the information subject or a third party may be unfairly infringed". And iii) In the case of personal information processors who are 'information and communication service providers', the exceptional reasons for permission under the provison to Article 18 (2) of the same Act are limited to cases where a third party receiving personal information is used for public purposes (or for the public interest). Based on the systematic understanding of the "restrictions on use and provision of personal information other than the purpose of collection," criminal complaints may unfairly infringe on the interests of personal information subjects. Thus, this study sought a balanced legal principle on the use and protection of personal information in particular, focusing on several lower and Supreme Court rulings in criminal cases where unauthorized use of personal information or violations of prohibition of leakage and leakage were problematic. The result proposed here is a criticism of the current legislative policy that uses legal sanctions of punishment priority as a means of achieving administrative purposes. And at the same time, it is the expectation of its repercussions, that is, the rationality of punishment regulations for personal information protection.