스마트도시 환경에서의 데이터 활용과 정보주체 보호의 조화 ― 지방자치단체의 개인정보 보호 역량 제고를 위한 법제 개선과 거버넌스 구축을 중심으로 ―

This study aims to analyze the fundamental paradigm shift in data collection systems resulting from the transition to the Smart City 4.0 era and to propose practical measures for local governments to establish robust personal information protection governance and legal accountability. Contemporary smart cities have evolved from the static, infrastructure- oriented systems of the 1.0 and 2.0 stages into dynamic network ecosystems where Artificial Intelligence (AI), Digital Twins, and autonomous technologies are organically integrated. Data generated in this process is characterized by its immediacy, massiveness, and unstructurability. Such characteristics enable sophisticated profiling that encompasses not only location tracking but also behavioral patterns and biometric recognition, thereby posing unprecedented threats to the fundamental rights of data subjects. A particular focus of this research is the legal conflict between the special provisions for pseudonymized data and the data subject's right to self-determination, centered on the recent Supreme Court precedent (2024Da210554). By recognizing the data subject's right to request the suspension of processing even at the pre-pseudonymization stage, the court has introduced significant legal constraints on administrative actions previously performed by local governments for public statistics or scientific research. This ruling necessitates a solution for local governments to ensure the substantial control of data subjects while maintaining the flexibility of data utilization. However, most local governments currently face structural limitations—such as a lack of professional expertise, low fiscal independence, and ambiguity in liability arising from private outsourcing—which hinder their ability to respond effectively to this rapidly changing legal landscape. Through a comparative legal analysis, this study examines the doctrine of “Non-material Damage” under the EU GDPR and the “Surveillance Technology Oversight Ordinances” of major cities like San Francisco. Based on these findings, the study suggests the following enhancement measures for local governments: First, the consistency between the “Smart City Act” and the “Personal Information Protection Act” must be restructured at the legislative level. To allow local governments to demonstrate innovative services without legal uncertainty, specific legislative models for “Local Government-Specific Regulatory Sandboxes” and “Data Safe Zones” must be established. Second, from a governance perspective, the “Living Lab” model should be elevated to a legal control mechanism. By involving citizens from the planning stage to co-perform privacy impact assessments, local governments can enhance social acceptance of technology. Internally, it is essential to appoint independent Data Protection Officers (DPOs) with specialized authority to strengthen supervision over private contractors. Third, as a matter of judicial remedy, criteria for calculating compensation for non-material damages—including psychological distress and the loss of data control—must be specified. This will serve as a strong legal incentive for local governments to adhere to stricter data management standards and provide a solid foundation for actual rights remediation for citizens. In conclusion, this study emphasizes that local governments must transcend their roles as mere technology adopters and emerge as proactive “Data Trustees.” The proposed legislative improvements and participatory governance models are essential prerequisites for ensuring that smart cities remain sustainable as innovative spaces built on citizen trust, rather than becoming spaces of surveillance and control.