정보화정책 (Informatization Policy)

한국지능정보사회진흥원 (National Information Society Agency)
권호 표지
DOI QR코드

DOI QR Code

개인정보 이동권의 법적 이슈와 입법 정책 방향

A Study on Legal Issues of Data Portability and the Direction of Legislative Policy

  • 투고 : 2021.08.30
  • 심사 : 2021.11.10
  • 발행 : 2021.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

정보 이동권은 정보주체의 개인정보 자기통제권 강화뿐만 아니라 개인정보 활용 촉진이라는 측면에서도 도입 필요성이 인정된다. 그러나 정보 이동권은 정보주체의 프라이버시 침해 위험이 크고 개인정보처리자의 정보 재산권을 침해할 수 있어 신중한 설계가 필요하다. 정보 이동권이 심각한 개인정보 집중 및 독점 문제를 더욱 심화시킬 수 있고, 공공정보의 무분별한 국외이전을 야기할 수 있으며, 정보주체에게 이전 비용을 부담지움으로써 거대 플랫폼기업 등의 수익만 챙겨주는 결과를 가져올 수 있다. 반면, 중소기업들은 더욱 더 개인정보 기근에 빠져들 가능성이 없지 않다. 입법 예고 중인 「개인정보 보호법」 개정안과 관련해서는 i) 이동 대상 정보에 추론·파생 정보, 공공정보, 메타정보, 행동정보, 민감정보, 제3자 정보 등을 포함시킬지 여부, ii) 정보 이동의무를 지는 정보 이동자의 범위에서 중소기업, 공공기관 등을 포함시킬지 여부, iii) 정보를 이전받을 수 있는 정보 수령자의 범위에서 중소사업자 또는 거대 플랫폼기업을 배제할지 여부, iv) 정보 이전 요구권(다운로드권 등) 이외에 전송 지시권을 허용할지 여부, v) 공공정보의 국외이전 문제, vi) 정보 이동권의 안전한 행사, vii) 정보 이동자의 책임범위 및 면책 등 다양한 이슈가 제기되고 있다. 본고는 GDPR, CCPA, S-PDPA 등과의 비교 분석을 통해 앞에서 제기된 여러 법적 이슈에 대한 입법방향을 제시하고자 한다.

The right to data portability needs to be introduced to strengthen the self-control of data subjects and promote personal data use. However, the right to data portability constitutes a high risk of invasion of privacy of data subjects and may infringe on the property rights of data controllers, so careful and thorough design is warranted. The right to data portability can intensify the concentration and monopoly of personal data, result in problems of overseas transfer of personal data held by public institutions, and enrich only the profits of giant platforms by burdening the data subject with high transfer cost. By contrast, SMEs are more likely to endure a personal data deprivation. From the proposed amendment to the Personal Data Protection Act are raised various legal issues such as. i) Whether to include inferred/derived data, personal data held by public institutions, activity data, sensitive data, and personal data of third parties within the scope of data portability; ii) whether SMEs are included in the data porting organization; iii) whether to exclude SMEs or large platforms from the scope of the data receiving organization; iv) Whether to allow the right to transmit to other data controllers, v) Whether to allow the overseas transfer of personal data held by public institutions, vi) How to safely exercise the right to data portability, vii) the scope of responsibility and immunity of a data porting organization, etc. The purpose of this paper is to propose the direction for legislative action based on various legal issues related to data portability.

키워드

참고문헌

  1. Article 29 Working Party (2016), Guidelines on the right to data portability Revised and adopted on5 April 2017).
  2. Cho, S., Chung, W., Lee, S., Yi, C. & Park, G. (2019). A Study on the System to Promote Individual-led Data Transactions, KOREA INFORMATION SOCIETY DEVELOPMENT INSTITUTE.
  3. Cho, Y. & Choi, J. (2020). "Data Portability, MyData issues and future tasks." issues and issues 1767, National Assembly.
  4. Chung, W. (2020). "Benefits of introducing Data Portability and legislative measures." Sungkyunkwan Law Journal 32(2), 69-112 .
  5. Aw, C. & Chia, C. (2020). Singapore's Amended Data Protection Law To Take Effect Imminently, 8 October, Reed Smith (https://www.reedsmith.com)
  6. Kim, S. & Lee, Y. (2019). "Discussions on Data Portability in EU and U.S., and implications for Korea." Chung-Ang law Journal 21(4).
  7. European Data Protection Supervisor (2015). Meeting the challenges of big dataA call for transparency, user control, data protection by design and accountability, P. 12-13.
  8. European Parliamentary Research Service (2021). Online platforms: Economic and societal effects.
  9. EUROPEAN PARLIAMENT AND OF THE COUNCIL (1995). Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
  10. EUROPEAN PARLIAMENT AND OF THE COUNCIL (2016). REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  11. EUROPEAN PARLIAMENT AND OF THE COUNCIL (2020). Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on contestable and fair markets in the digital sector (Digital Markets Act).
  12. Lee, C. (2019). "Laws on the Utilization of Private Data for the Estimation of Travel and Tourism Information in the United States." Latest foreign legislation information, 5, 8-9.
  13. Personal Information Protection Committee (2021). Notice on the amendment of Personal Information Protection Act, January 6.
  14. U.S. Department of Health, Education & Welfare (1973). Records, Computers, and the Rights of Citizens: Report of the Security's Advisory Committee on Automated Personal Data Systems.
  15. Wilson Ang, Stella Cramer, Jessica Paulin & Jeremy Lua (2020). Singapore's Public Consultation on proposed changes to the Singapore Personal Data Protection Act, May 21.
  16. California Consumer Privacy Act of 2018 (California Civil Code, DIVISION 3. OBLIGATIONS, PART 4 . OBLIGATIONS ARISING FROM PARTICULAR TRANSACTIONS, TITLE 1.81.5.)
  17. Singapore Personal Data Protection (Amendment) Act 2020, PART VI B DATA PORTABILITY. 26F~26J.