개인정보 처리정지요구권의 법적 성질과 가명처리 정지요구권 인정 여부 - 서울고등법원 2023. 12. 20. 선고 2023나2009236 판결을 계기로

The court recently ruled in favor of the data subjects who filed a lawsuit against a telecommunications service provider, seeking a preliminary ban on the pseudonymization of their personal data. While emphasizing the distinction between pseudonymization as a type of data processing and the processing of pseudonymized data, the court decided that the plaintiffs maintain the right to restrict pseudonymization as part of the right to restrict data processing. However, the Personal Information Protection Act should be interpreted in a way that can find a balance between the privacy rights of the data subject and the interests of the processor. The act does not intend all processing to be based solely on the will of the data subject, nor can the data subject control every aspect of the processing without exceptions. The right to restrict processing is similar to the civil law right to restrict infringements on personality rights. The latter applies only to acts with illegality sufficient to justify a restriction on the freedom of the other party's actions. Considering the balance between the interests of the data subject and those of the processor, the right to restrict processing should be interpreted as applicable only to illegal processing, or at least to processing that involves a foreseeable infringement of rights. Pseudonymization is a protective measure that reduces the identifiability of the data subject, lowering the risk of the processing. Therefore, pseudonymization does not require any separate authorization, and thus, there is no situation where pseudonymization itself infringes the rights of the data subject. Consequently, it should be interpreted that the right to restrict processing does not include the right to restrict pseudonymization.