• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.231-234
• /
• 2018

4차 산업혁명을 주도하는 신기술인 블록체인은 블록체인 네트워크에 속한 모두가 신뢰성을 가질 수 있는 새로운 형태의 탈중앙화 P2P 플랫폼이다. 2018년 기존 개인정보 보호 지침을 대체하는 GDPR이 발효되어 다양한 부분의 개인정보 보호에 법적인 영향을 미치게 되었다. 블록체인 또한 GDPR의 법적 규제를 피할 수 없게 되었고, 블록체인에서 잊혀질 권리를 충족시키기 위해 정보주체의 요청 시 민감한 개인정보를 삭제할 수 있어야 하는 필요성이 요구되었다. 본 연구에서는 기존 블록체인 시스템에서 잊혀질 권리를 준수할 개선방안을 제안한다.

• Journal of Internet Computing and Services
• /
• v.15 no.2
• /
• pp.59-71
• /
• 2014

This study applied customer perspective to find out ways how to protect customers' privacy by themselves. It does so by examining the factors which affect customer privacy protection behaviors. Based on the Privacy Act, this study developed the construct of Privacy Rights awareness and finds the law's effect on privacy awareness and behavioral change. The study finds that there exists a significant difference in privacy protection behavior according to privacy rights awareness. Independent variables are as follows: Five variables (Perceived vulnerability, Perceived severity, Perceived response effectiveness, Perceived barriers, Privacy Rights awareness) were tested as critical variables influencing Behavioral Intention in PMT model. Privacy awareness had a moderating effect on the relationship between perceived severity and privacy protection behavior. This study would contribute on theoretical expansion of Protection Motivation Theory and also provide practical implications for effective ways to promote behavioral changes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.591-605
• /
• 2017

The right to informational self-determination refers to the constitutional right for an individual, which is approved by the constitutional court, to decide what contents the collected information comprises and to control the circulation of information relation to oneself. It contains claim for inspection of personal information(The right to informational self-access) as a right for individual to review information of current state and processing history which information holders have. To assure the right to informational self-access, individual must be notified of the processing history of information by information holders regardless of individual's request(The unconditional right to informational self-access). This study will analyse current status of domestic and foreign legislation and global regulation which are related to the unconditional right to informational self-access. In addition, the action of domestic corporations will be introduced. Finally, it will be concluded with relevant problems and solutions to solve the problems.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.229-232
• /
• 2022

개인정보 보호법 위반 시 법률적 기준에 따라 행정처분을 하고 이에 대한 결과를 공표하게 된다. 개인정보보호위원회가 심의·의결 기관에서 국무총리 산하 중앙행정기관으로 출범하고 난 이후 개인정보보호법 위반으로 인한 행정처분 결과 공표 자료를 분석하였다. 공표 대상이 되는 주요 산업군과 위반 법률 조문을 분석해 향후 정보주체 권리 보장을 위한 안전한 보호 방안을 제안한다.

• Journal of Digital Convergence
• /
• v.12 no.12
• /
• pp.13-22
• /
• 2014

The right to be forgotten is a world-wide issue after the decision of the European Court of Justice which accepted that right. This essay discusses about the guide lines for protecting the right to delete, a category of the right to be forgotten. I classified those guide lines as follows : (1) sensitiveness of the personal information, (2) offensiveness to reasonable and ordinary people, (3) intention of writing the article, (4) value of historical record, (5) importance of privacy comparing with right to know with time flow, (6) public figure, (7) article based on fact or opinion. To effectively protect right to be forgotten and delete, we have to consider Privacy Impact Assessment, using blind system, unification of multiple institutions, and reforming press arbitration system.

• Journal of Convergence for Information Technology
• /
• v.8 no.2
• /
• pp.141-148
• /
• 2018

The purpose of this paper is to explore the scope of realization of multiple perspectives so that the implementation of the right to be forgotten is more realistic than the ideal information deletion concept. We examined domestic and foreign legal system and technology/service trends, and reflected the classification realization level of service realization, processing type and information characteristics of personal information processor, and legislative/technical factors for multi-level scope analysis. As a result, we have presented a matrix of the range of realization of the right to be forgotten and the scope of diversified regulation by the subject of protection. This study will be extended to the convergence of law and engineering, and will contribute to the prediction of social costs and expansion of the market by identifying the scope of 'deletion rights'.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.894-896
• /
• 2013

오늘날 전세계의 사람이 이용하는 SNS 상에 존재하는 보안 위협은 정보주체의 개인정보를 유출하고 스팸, 피싱 등의 2 차 피해를 야기하는 등 치명적인 결과를 초래한다. 본 논문에서는 잊혀질 권리와 SNS의 개념을 파악하고 SNS 상에 존재하는 보안 위협에 대해 논의하며 보안 위협을 해소하고 SNS 환경에서의 잊혀질 권리를 실현할 수 있는 UPP, Dual Watermarking Scheme, FaceCloak 등 기술적 방안을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.305-312
• /
• 2020

The Privacy Act stipulates that the privacy policy document, which is a privacy statement, should be disclosed in order to guarantee the rights of the information subjects, and the Fair Trade Commission considers the privacy policy as a condition and conducts an unfair review of the terms and conditions under the Terms and Conditions Control Act. However, the information subjects tend not to read personal information because it is complicated and difficult to understand. Simple and legible information processing policies will increase the probability of participating in online transactions, contributing to the increase in corporate sales and resolving the problem of information asymmetry between operators and information entities. In this study, complex personal information processing policies are analyzed using deep learning, and models are presented for acquiring simplified personal information processing policies that are highly readable by the information subjects. To present the model, the personal information processing policies of 258 domestic companies were established as data sets and analyzed using deep learning technology.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.123-134
• /
• 2020

Although the rights of data subjects are defined through laws such as the Personal Information Protection Act, the consent process for collecting personal information by financial institutions is only formal and does not guarantee the right of self-determination of personal information. Therefore, it is necessary to analyze the problem by information provision items of the current model, and to improve by changing the structure such as replacing the current method provided with the text with pictures and videos, and mandatory to provide the information subjects with personal information flow related images from the signing up stage. The improvement model is presented as a way to add a procedure to the current model. The effect was verified through a survey. It is hoped that the proposed model is actually reflected through the review to create an environment that can be a true meaning agreement that reflects the information subject's right to self-determination.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.3
• /
• pp.250-261
• /
• 2020

Today, data subjects should be considered to utilize various personal data. To support this paradigm, the concept of "My Data" has proposed and has realized in various industrial sectors, including medial sectors. Based on the concept of the medical My Data, this paper proposes a personal health record (PHR) and an electronic medical record (EMR) data trading model. Particularly, this paper proposes a system model to support the medical My Data environment and relevant procedure among stakeholders for PHR/EMR data trading that ensures the rights of data subjects. Based on the proposed system model, this paper also proposes various mathematical models to analyze the behavior of stakeholders and shows the feasibility of the proposed data trading model that satisfies the requirements of both data subjects and data consumers.