해외 디지털 서비스 규제에 관한 헌법적 연구

Concerns over the cross-border transfer of personal data through foreign digital services have increasingly been framed in terms of national security, underscoring the need for regulatory intervention. In 2024, the United States enacted the Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACA), which barred distribution of TikTok, a Chinese-owned video-sharing application, and in 2025 the U.S. Supreme Court upheld the statute’s constitutionality. In Korea, similar debates followed the 2025 introduction of DeepSeek, a Chinese generative AI application, amid fears of personal and public data leakage. The Personal Information Protection Commission temporarily suspended its domestic distribution, later allowing access after remedial measures were adopted. Compared with the U.S. approach, however, the Commission’s response can be criticized as both insufficient to address the risks of cross-border data transfers and disproportionate in restricting users’ freedom to access digital services. The U.S. legislative model illustrates the distinctive challenges posed by data transfers in the digital era and suggests that restrictions on foreign digital services may be constitutionally permissible even where users have consented to data processing. Korea likewise should consider a regulatory framework capable of addressing these risks effectively, recognizing that such a framework requires not only a clear statutory foundation but also strict adherence to constitutional limits in both substance and procedure. The free use of diverse digital services is closely tied to individual dignity and autonomy and therefore shall enjoy significant constitutional protection. Restrictions should thus be permissible only where national security threats are sufficiently concrete, imminent, and plausible. In addition, robust procedural safeguards-such as prior notice of regulatory action and mechanisms for content recovery-are essential to ensuring the protection of users’ rights.