Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.2.329

A Study on the Principle of Application of Privacy by Design According to the Life Cycle of Pseudonymization Information  

Kim, Dong-hyun (KOREA INTERNET & SECURITY AGENCY)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.2, 2022 , pp. 329-339 More about this Journal
Abstract
Recently, as personal information has been used as data, various new industries have been discovered, but cases of personal information leakage and misuse have occurred one after another due to insufficient systematic management system establishment. In addition, services that use personal information anonymously and anonymously have emerged since the enforcement of the Data 3 Act in August 2020, but personal information issues have arisen due to insufficient alias processing, safety measures for alias information processing, and insufficient hate expression. Therefore, this study proposed a new PbD principle that can be applied to the pseudonym information life cycle based on the Privacy by Design (PbD) principle proposed by Ann Cavoukian [1] of Canada to safely utilize personal information. In addition, the significance of the proposed method was confirmed through a survey of 30 experts related to personal information protection.
Keywords
Personal Information; Pseudonymization Privacy by Design; De-Identification Privacy by Design;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Soo-jeong Kim, "Big Data, Data Ownership and Data Economy", The Korean Journal of Civil Law, 96, pp. 3-40, Sep. 2021   DOI
2 Personal Information Protection Commission, "Six principles of personal information for the establishment of a smart city", Dec. 2020
3 Dong-hyun Kim and Soon-seok Kim, "A New Scheme for Risk Assessment Based on Data Context for De-Identification of Personal Information", Journal of The Korea Institute of Information Security and Cryptology, 30(4), pp. 719-734, Jun. 2020   DOI
4 CNIL, "CONNECTED VEHICLES AND PERSONAL DATA", COMPLIANCE PACKEGE, Oct. 2017
5 Pedro hartung, "The children's rights-by-design standard for data use by tech companies", UNICEF Global Insight Issue brief, 5, Nov. 2020
6 Bojana Bellamy, "Global Data Privacy Law and Practice-Looking Around the Corners", Centre for Information Policy Leadership, Dec. 2014
7 Personal Information Protection Commission, "AI Personal Information Protection Autonomous Checklist", Jun. 2020
8 Office for Government Policy Coordination at el, "Guidelines for De-identification of Personal Data", Jun. 2016
9 Information Commissioner's Office, "Age appropriate design : a code of practice for online services", Sep. 2020
10 Rolf H.Weber, "The Right to Be Forgotton", Journal of Intellectual Property, Information Technology and E-Commerce Law, 2010
11 Hye-seon Choi, "New Trend of Personal Information Protection -Concept on Privacy by Design-", Ilkam Law Review, 24, pp. 305-340, 2013   DOI
12 ISO/IEC 20889. "Information technology-Security techniques-Privacy enhancing data de-identification techniques", Nov. 2018
13 Mackey, E and Elliot, M. J, "Understanding the Data Environment," XRDS: Crossroads, 20(1), pp. 37-39, 2016
14 Na-roo Kim, "A Study on the Introduction and Application of Privacy by design", SungKyunKwan Law Review, 29(4), pp. 1-30, Dec. 2017   DOI
15 ENISA, "Pseudonymisation techniques and best practices", Nov. 2019
16 Sung-ho Jin, "UK Announces Policy Directions for Online Hazardous Products Distribution", KISDI Policy trends, Jan. 2021
17 CNIL, "HOW CAN HUMANS KEEP THE UPPER HAND? The ethical matters raised by algorithms and artificial intelligence", Dec. 2017
18 Japan, "Personal Information Protection Act", Jun. 2020
19 Ann Cavoukian, "Privacy by Design by Regulation", International Conference of Data Protection and Privacy Commissioners, 2010
20 ENISA, "Privacy and Data Protection by Design-from policy to engineering", Dec. 2014
21 Personal Information Protection Commission, "Guidelines for processing pseudonym information", Dec. 2021
22 General Data Protection Regulation, Regulation (2016) 2016/679 of the European Parliament and of the Council, Regulation (EU), 2016
23 ENISA, "DATA PSEUDONYMISATION: ADVANCED TECHNIQUES & USECASES", Jan. 2021
24 Simson L. Garfindel, "NIST IR8053 De-Identification of Personal Information", NIST, Oct. 2015