개인정보처리자의 정당한 이익에 대한 형량 평가

This paper examines the 'legitimate interests' of the opt-out method as a legitimacy requirement of the Personal Information Protection Act from the perspective of expanding the use of personal information. With the development of ICT technology, consent as a legitimacy requirement has certain limitations, and processing personal information with consent within the scope of a specific purpose in the processing of big data by artificial intelligence is equivalent to giving up the de facto benefits. After obtaining the legitimacy requirements of consent and legitimate interest, and summarizing the rights of each data subject, it can be seen that 'legitimate interest' is superior as a requirement of legitimacy from the perspective of the data processor, and the scope of personal information processing is wider by not limiting the scope of purpose compared to consent, and as an accompanying requirement, the EU stipulates that the data processing can be reasonably expected based on the relationship between the data processor and the customer. It also recognizes technical safeguards as an important sentencing factor by allowing additional safeguards to be taken into account in the sentencing assessment to balance the potential interests of the data controller and data subject. 'Legitimate interest' has equal status with other legitimacy requirements and is relatively flexible, but requires a balancing of the interests of the data controller and data subject. Clarifying the penal component of the penalty test by specifying the penalty that is being requested can help ensure that it is a preferred option for data controllers over consent. This would serve to crystallize an unstructured 'legitimate interest' that is not limited to the flexibility of the sentencing regulation, which also allows the relationship between the parties to be fluid.