자동화된 의사결정에 대한 기본권의 실효적 보장- EU AI법 제54조와 GDPR 제22조의 관계를 중심으로 -

This article looked at "automated decision-making" as an intersection between Article 54 of the EU AI Act (development of artificial intelligence systems for public interest purposes) and Article 22 of the GDPR. Article 54 of the EU AI Act regulates the development of artificial intelligence systems by allowing the further processing of personal data for public interest purposes, while Article 22 of the GDPR guarantees the rights of data subjects to automated decision-making by artificial intelligence. These regulations, which share a touch-point of privacy, have interpretative significance in the area of further processing of high-risk personal data such as medical information and the steps leading up to automated decision-making by AI. They also entail data subject’s consent and appropriate measures as justification. In high-risk areas, the requirements of consent are stricter, and data protection impact assessment or conformity assessment of AI is procedurally required. In addition to this proactive protection of the rights of data subject, the newly established Article 37(2) of Personal Information Protection Act (automated decision-making), which provides for the right to contest and the right to request explanation, is an extension of the principle of due process to the private sphere, and is important in terms of ensuring the rights of data subject reactively. In particular, since Korea's system of data protection impact assessment is limited to public institutions, the right to request an explanation can be an important means to compensate for legislative deficiencies in the private sphere where AI is operated.