AI 학습데이터와 개인정보 권리의 경계 : 에이닷(A.) 사례를 통해 본 통제와 거버넌스의 과제

The rapid expansion of generative AI has significantly increased the demand for large-scale, high-quality training data, raising critical legal and ethical concerns regarding the use of personal information. Telecommunication-based AI services, such as SK Telecom’s “A.” assistant, have structural access to sensitive data, including call logs and voice content. This study examines how such data is utilized for AI training, highlighting challenges related to user control, third-party rights, and algorithmic transparency. Through a case analysis of A., and a comparison with the Stack Overflow incident, this study highlights how even publicly available datasets can cause harm when proper consent, attribution, and legal compliance are absent. Existing legal frameworks, such as Korea’s Personal Information Protection Act (PIPA), are found to be inadequate in addressing AI-specific risks, particularly concerning high-risk data types. As a normative response, this paper explores the applicability of governance principles derived from the GNU General Public License (GPL), including openness, shared responsibility, and continuity of rights. The findings indicate a need for hybrid governance models that integrate legal, technical, and ethical mechanisms to ensure transparency, accountability, and data sovereignty in the era of artificial intelligence(AI).