전 분야 마이데이터 추진의 경과와 법·정책적 시사점

In March 2023, Korea added Article 35bis to Personal Information Protection Act (the Act) to base government policy to expand data portability (MyData) across all areas of the society. In August 2023, the Government identified health, telecommunications, energy, employment, real property, transportation, education, distribution, welfare, and leisure as 10 focus areas in its National MyData Promotion Strategy. In May 2024, the Personal Information Protection Commission (PIPC) released a draft enforcement regulation elaborating covered data controllers, covered data, and agencies involved in implementing Article 35bis of the Act. The MyData expansion policy, however, encountered strong opposition from some markets and civil society. Government conceded and changed its plan to apply MyData to health and telecommunications sectors in 2025 and to energy in June 2026. This paper overviews and analyses issues that emerged during this timeline and makes proposals to refine legal foundations for advancing the MyData policy. This paper proposes: 1. The Act should be amended to incorporate free flow of data, alongside data protection, as purpose of it; 2. The monistic structure of the enforcement regulation dealing with direct request and request via a third party in a single manner is not in harmony with the dualistic approach of the Act and fails to produce proper results; 3. The promotion of the use of non-personal data should be effectuated by relevant ministries in cooperation with the PIPC; 4. Besides market-based approaches, a society-based approach to MyData should be initiated such as digital giving to public data pools; 5. Expansion of MyData to foreign or offline controllers should consider specific circumstances of the respective foreign country and controller.