‘소비자 보호 모델’ 기반 개인정보 보호 체계- 미국의 개인정보 보호 체계에 대한 평가와 시사점을 중심으로 -

The U.S. privacy system is based on the consumer protection model, contrasting with the EU's data protection model. Without a comprehensive federal privacy law, the Federal Trade Commission (FTC) serves as the de facto data protection authority, enforcing privacy rules case-by-case under the FTC Act. This approach provides flexibility but lacks a systematic and consistent regulatory framework. The consumer protection model treats privacy as a corporate responsibility and consumer right, allowing for sector-specific, risk-based regulation. This fosters innovation by reducing regulatory rigidity but leads to inconsistent protections across industries. The FTC’s enforcement creates quasi-common law norms, yet the AMG Capital ruling has weakened its ability to impose monetary penalties, reducing its enforcement power. Additionally, rulemaking authority requires Congressional approval, making privacy regulation less predictable and consistent. South Korea follows the EU’s stricter regulatory model, ensuring strong oversight but with less flexibility. Adopting elements of the U.S. model, such as industry-specific rules and FTC-style consent decrees, could help balance privacy protection and innovation. A hybrid approach, combining case-by-case enforcement with comprehensive regulation, could enhance both compliance and adaptability.