• Informatization Policy
• /
• v.28 no.4
• /
• pp.54-75
• /
• 2021

The right to data portability needs to be introduced to strengthen the self-control of data subjects and promote personal data use. However, the right to data portability constitutes a high risk of invasion of privacy of data subjects and may infringe on the property rights of data controllers, so careful and thorough design is warranted. The right to data portability can intensify the concentration and monopoly of personal data, result in problems of overseas transfer of personal data held by public institutions, and enrich only the profits of giant platforms by burdening the data subject with high transfer cost. By contrast, SMEs are more likely to endure a personal data deprivation. From the proposed amendment to the Personal Data Protection Act are raised various legal issues such as. i) Whether to include inferred/derived data, personal data held by public institutions, activity data, sensitive data, and personal data of third parties within the scope of data portability; ii) whether SMEs are included in the data porting organization; iii) whether to exclude SMEs or large platforms from the scope of the data receiving organization; iv) Whether to allow the right to transmit to other data controllers, v) Whether to allow the overseas transfer of personal data held by public institutions, vi) How to safely exercise the right to data portability, vii) the scope of responsibility and immunity of a data porting organization, etc. The purpose of this paper is to propose the direction for legislative action based on various legal issues related to data portability.