개인정보자기결정권의 함정 ― 미국 privacy와의 비교를 중심으로 ―

The background of the discussion of ‘right to self-determination of personal information’ as a constitutional right in Germany originally began with the mission to curb the compulsory collection of personal information by the national public authority. In order to meet the legal principle that the national public authority can collect personal information only with the ‘base of law’ or the ‘consent’ of the data subject, the basic concept of ‘self-determination’ had to be derived. It was a natural authority for the national public authority to collect administrative information to achieve the administrative purpose (public interest), so it was also natural for the national public authority to collect personal information, a kind of administrative information. However, after experiencing the Holocaust, I became aware that personal information collected by the national public authority could be used as a tool to deprive an individual of the right to life. However, it was difficult to present a legal logic to control the collection of administrative information (personal information), which was an inherent authority that the national public authority originally had. The law that can restrict and control the exercise of state public power can be found in ‘guarantee of basic rights’. The Constitution requires that the law be based when the state public power restricts the basic rights of the people in order to guarantee the basic rights of the people. It is the principle of the rule of law, the principle of legal reservation. Therefore, in order to apply the law that the state collects the personal information of the people goes beyond just administrative information collection activities and must have the consent of the law or the data subject, ‘personal information’ had to be treated as a kind of basic right under the constitution. If the logic is established that individuals (basic rights subjects) have the basic right of ‘self-control’ for their information, there must be a basis for the law to limit these basic rights under the principle of the rule of law. Therefore, even if the state collects administrative information, the theory has been established that when collecting the personal information of the people, there must be voluntary consent from the people, who are the subjects of information, or there must be a basis for the law. However, as the development of the Internet and the services of big tech companies permeate our daily lives, the problem of personal data has expanded beyond simply controlling the activation of national public power, that is, limiting basic rights, and violating active rights such as personal and property rights of individuals due to indiscriminate collection, utilization, and leakage of personal information. It is no longer a situation in which individual information can be protected by ‘self-control’ alone. Nevertheless, as the ‘right to self-control’ is still emphasized by dogmatic thinking, the ‘right to self-control’ seems to be guaranteed in form, but personal information is not protected in practice, and the essential problem has begun to emerge that formal ‘right to self-control’ has resulted in only technological progress and innovative corporate activities rather than protecting individual information. The meaning that an individual has the right to freely make decisions about what one's personality is formed does not mean an on-off switch that mechanically decides whether to export or keep one's information. The right to form a true personality is not guaranteed to determine whether to expose one's information to others, but to protect and guarantee that the exposed information is protected and guaranteed so that one's personality is not formed contrary to one's intention. The right to self-determination of personal information is only an element of the general personal right, and it should not be misunderstood as all of the rights of the data subject. Just as information that is already out of one's control cannot be controlled only by an on-off switch, trying to control uncontrollable information with an on-off switch is bound to be seen as a formality deterrent. It is reasonable to rethink the nature of general personal rights and understand the basic rights guaranteed by the Constitution for the protection of the rights of data subjects as a practical concept in the broad sense of ‘personal information protection rights’ rather than a formal concept of consultation called the right to self-determination of personal information.