The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Liability of Information Protection for the Third Party Supply of Personal Information/Focus on Fintech Companies Using OPEN APIs

개인정보의 제3자 제공시 정보보호 관련 법상 책임에 관한 연구/OPEN API 이용 핀테크 기업을 중심으로

  • Kim, Jo-eun (Graduate School of Information Security, Korea University) ;
  • Kim, In-seok (Graduate School of Information Security, Korea University)
  • Received : 2017.07.26
  • Accepted : 2017.10.20
  • Published : 2017.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.

금융회사, 공공기관 등이 보유하고 있는 다양한 정보를 오픈 플랫폼을 통해 적극적으로 핀테크 기업에게 개방하고 있는 추세다. 본 연구에서는 개인정보보호법, 정보통신망 이용 및 촉진에 관한 법률 등 정보보호 관련 법상 개인정보처리의 "제3자 제공"과 "위탁"의 개념 차이를 살펴볼 것이다. 그리고 "위탁"과 달리 핀테크 기업처럼 "제3자 제공", 즉 일반적으로 "제휴" 관계인 경우 제공하는 기업의 법적 의무가 지나치게 완화되어 있는데 반해 정보유출 위험은 상대적으로 높기 때문에 현실에 맞는 정보보호 관련 법제도 정비를 제언하고자 한다. 또한 "제3자 제공"시 제공받는 기업이 스스로 정보보호 수준을 높일 수 있도록 정보보호 자가진단 체크리스트를 제시한다. 이를 통해 금융회사 오픈 플랫폼을 활용하는 31개 핀테크 기업을 진단한 결과, 수탁자보다 정보보호 수준이 상대적으로 미흡하다는 것을 확인하였다. 금융회사와 "제3자 제공" 관계인 핀테크 기업의 정보보호 수준이 높아질 수 있도록 체크 리스트의 적극적인 활용을 제언한다.

Keywords

References

  1. Financial services commission, "Project assignment task for financial reform-Clear reference criteria for consignment of personal credit information processing," 2015.
  2. Financial services commission, Financial supervisory service, Ministry of the Interior, "Guidelines for personal information protection in financial field," pp. 30-33, 2016.
  3. Judgement of Seoul Central District Court, 2008-Ga-Hap-49696, 2011.
  4. Judgement of supreme court, 2011-do-1960, 2011.
  5. Judgement of supreme court, 2016-do-13263, 2017.
  6. Judgement of supreme court, 2016-do-13263, p. 17, 2017.
  7. Kang, M.-S. and Back, S. J., “A Study of Self-Checklist for Personal Information Protection of FinTech Service: For the Simple Payment Service,” The Journal of Society for e-Business Studies, Vol. 20, No. 4, pp. 77-102, 2015. https://doi.org/10.7838/jsebs.2015.20.4.077
  8. Kang, T.-H., “A Study on Consigned Party Management System Enhancement for Personal Information Protection,” Journal of The Korea Institute of Information Security and Cryptology(JKIISC), Vol. 23, No. 4, pp. 781-797, 2013. https://doi.org/10.13089/JKIISC.2013.23.4.781
  9. Kim, G.-Y., "Correct understanding of the differences between consignment of personal information processing and provision of personal information processing to a third-party, http://www.sgsecurity.co.kr, 2016.
  10. Ko, Y.-D., "A Proposal of Enhanced Personal Information Security management Framework of Consigning of Personal Information," Journal of The Korea Institute of Information Security and Cryptology( JKIISC), Vol. 25, No. 2, pp. 383- 393, 2015. https://doi.org/10.13089/JKIISC.2015.25.2.383
  11. Korea communications commission, KISA, "Manual on privacy protection statement for information service providers," pp. 44-48, 2012.
  12. Korea Internet and Security Agency, "Examples of personal information protection counseling," p. 21, 2017.
  13. Korea Internet and Security Agency, "Perspective trend and prospect of fintech Industry in domestic and foreign countries," p. 5, 2015.
  14. Korea Software Industry Association, "Investigation on employees of fintech industrial workforce and training on education," p. 25, 2016.
  15. Ministry of the Interior, "Manual of PERSONAL INFORMATION PROTECTION ACT and related regulations," pp. 90-91, 2016.
  16. Ministry of the Interior, Personal Information Protection Commission, "2016 Survey report on personal information protection," pp. 43-44, 2016.
  17. Ministry of the Interior, Personal Information Protection Commission, "2016 Survey report on personal information protection," pp. 82-83, 2016.
  18. Mun, K.-T., “A Study on the Supply of Personal Information to a Third Person and the Consignment of Personal Information to a Third Person,” Ewha Law Journal, Vol. 14, No. 1, pp. 231-252, 2009.
  19. The bank of Korea, "The future of digital innovation and financial services," pp. 50-51, 2017.