데이터 기반 인간대상연구의 확대에 따른 생명윤리법 규율 체계 재구성 방안

In recent years, the use of pseudonymized health data for large-scale, data-driven research has grown rapidly across the healthcare sector. These studies, which do not involve physical intervention or direct interaction with research subjects, enable applications such as disease prediction, public health policy evaluation, and genomic analysis. Under Korea’s Bioethics and Safety Act, such research is generally classified as human subject research, requiring Institutional Review Board (IRB) approval and informed consent. In contrast, the Personal Information Protection Act permits the scientific use of pseudonymized data without the subject’s consent, leading to potential legal inconsistencies between the two regimes. This tension is further compounded by the dual-review system involving both IRBs and Data Review Boards (DRBs), which has created institutional confusion. Additionally, the lack of clear exemption criteria for IRB review reduces regulatory predictability for researchers. This paper critically examines Korea’s current regulatory framework for data-driven human subject research and compares it with international models, including the U.S. Common Rule and the EU’s GDPR and EHDS. It argues for a shift in IRB review standards—from a focus on formal criteria such as physical intervention to substantive factors such as the risk of re-identification. It also proposes clarifying exemption conditions for pseudonymized data research and institutionalizing DRB functions or enhancing data protection expertise within IRBs. These reforms aim to promote responsible data use while upholding the ethical protection of research participants, ultimately contributing to a more coherent legal framework suited to the future of digital health and AI-driven medical research.