• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.300-303
• /
• 2018

유럽연합(EU)의 GPDR(개인정보보호일반규정)시행에 따라 개인정보를 활용하는 사업자 입장에서는 개인정보 보호도 중요하지만 활용측면에 더 많은 관심을 보이고 있다. 개인정보 보호와 활용에 따른 균형점을 찾는 제도적 정착을 위해 개인정보 이동권에 대한 요구가 생겼다. 국내 개인정보 관련 법률에는 아직 근거가 없으며 개인정보처리자의 독립적 데이터 보유에 따른 책임 강화와 정보주체가 자신의 데이터를 관리하는 권리를 가지고 데이터 활용을 할 수 있는 개인정보 자기결정권이 더 요구된다. 이에 따라 본 논문에서는 GDPR의 개인정보 이동권에 대한 현황 및 준수사항을 알아보고 각 나라별 개인정보 이동(data portability)에 따른 개인정보 활용방안과 고려사항을 제시하고자 한다. 개인정보이동에 한 형태로 국내 마이데이터 시범 사업이 정착하기 위한 법칙, 기술적 대응사항을 제시하고자 한다.

• Smart Media Journal
• /
• v.10 no.2
• /
• pp.84-91
• /
• 2021

In the EU GDPR, when collecting personal information, the right of the information subject(user) to consent or refuse is given the highest priority. Therefore, the information subject must be able to withdraw consent and be forgotten and claim the right at any time. Especially, restricted IoT devices(Constrained Node) implement the function of consent of the data subject regarding the collection and processing of privacy data, and it is very difficult to post the utilization content of the collected information. In this paper, we designed and implemented a management system that allows data subjects to monitor data collected and processed from IoT devices, recognize information leakage problems, connect, and control devices. Taking into account the common information of the standard OCF(Open Connectivity Foundation) of IoT devices and AllJoyn, a device connection framework, 10 meta-data for information protection were defined, and this was named DPD (Data Protection Descriptor). we developed DPM (Data Protection Manager), a software that allows information subjects to manage information based on DPD.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.6
• /
• pp.61-67
• /
• 2024

In this paper, we presented a strengthening plan to prevent personal information leakage incidents by securing legal compliance for personal information impact assessment and suggesting measures to strengthen privacy during personal information impact assessment. Recently, as various services based on big data have been created, efforts are being made to protect personal information, focusing on the EU's GDPR and Korea's Personal Information Protection Act. In this society, companies entrust processing of personal information to provide customized services based on the latest technology, but at this time, the problem of personal information leakage through consignees is seriously occurring. Therefore, the use of personal information by trustees.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.11
• /
• pp.233-236
• /
• 2021

Recently, the Justice Party is pushing for legislation of a bill called the Algorithm Transparency Act. The bill is a revision to the Information and Communication Network Act proposed by Rep. Ryu Ho-jung on June 25, 2021, and aims to form a separate committee under the Korea Communications Commission to ask organizations operated for profit to search algorithms and explain the principles of arrangement. Currently, Korea treats algorithms as corporate secrets and does not disclose them, while the European Union (EU) implements the Personal Information Protection Regulations (GDPR) in relation to algorithm regulations. Therefore, this study summarizes the main contents of the Algorithm Transparency Act currently proposed to the National Assembly and reviews the current status of algorithm-related laws and systems in the European Union (EU) and the improvement of algorithm transparency.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.07a
• /
• pp.173-174
• /
• 2018

EU의 GDPR(General Data Protection Regulation) 발효로 인해 유럽국가의 개인 정보 데이터를 활용하는 다국적 기업들이 규정에 맞는 데이터 보호정책을 수립하고 보안 투자를 강화하고 있다. 그러나 대다수의 기업들은 해커 등에 의한 사이버 보안을 위해서는 천문학적인 투자를 하고 있지만 기업 내 많은 직원들에 의한 실수나 고의에 의한 개인 정보 유출 방지에 대해서는 대처를 하고 있지 않다. 본 논문에서는 디지털 포렌식 기반의 앤드 포인트 실시간 모니터링 및 인간 행위 분석을 통한 앤드 포인트 개인 정보 보호 기능을 제공하여 기존의 사이버 보안에 국한된 통합 보안 관제의 효율성을 높이는 방안을 제안한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.12
• /
• pp.1565-1570
• /
• 2019

Many possibilities of Big Data has been discussed widely for several years. And the importance of protecting personal information has been emphasized more strongly. During the process of integrating several personal information for the improvement of usability of Big Data, there are many problems occured like the likelihood of the identification of one person, the level of personal infomation used to create personalized services in the companies making and using Big Data. In this study, I summarize GDPR(General Data Protection Regulation) of EU, CCPA(California Consumer Privacy Act) of USA and domestic Big Data 3 Acts Amendment proposals. Also I discuss re-identifcation of de-identificated information, social costs of the usage agreement of personal information, possible problems in construction and combination of private and public big data, political suggestions about settlement of regulatory environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.287-304
• /
• 2020

There have been a number of legal & policy studies on the affecting factors of big data utilization, but empirical research on the composition factors of personal information regulation or data combination, which acts as a constraint, has been hardly done due to the lack of relevant statistics. Therefore, this study empirically explores the priority of personal information regulation factors and data combination factors that influence big data utilization through Delphi Analysis. As a result of Delphi analysis, personal information regulation factors include in order of the introduction of pseudonymous information, evidence clarity of personal information de-identification, clarity of data combination regulation, clarity of personal information definition, ease of personal information consent, integration of personal information supervisory authority, consistency among personal information protection acts, adequacy punishment intensity in case of violation of law, and proper penalty level when comparing EU GDPR. Next, data combination factors were examined in order of de-identification of data combination, standardization of combined data, responsibility of data combination, type of data combination institute, data combination experience, and technical value of data combination. These findings provide implications for which policy tasks should be prioritized when designing personal information regulations and data combination policies to utilize big data.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.93-100
• /
• 2021

With the spread of digital trade, the share of digital trade under the global trade environment is increasing. However, since there is no international digital trade standard, the discussion to establish a new trade rule has important significance. Countries around the world are implementing digital trade policies in consideration of their own interests, but different regulatory policies are causing trade conflicts. In order to provide safeguards against personal information infringement due to the free movement of data across borders, major countries around the world have taken measures to localize data, and the EU has enacted GDPR. And the United States regards the imposition of the digital tax as a trade barrier, and some countries oppose the implementation of the digital tax for fear of negative impact on their countries. However, discussions on the global digital tax, centered on the OECD and the G20 are making progress. As it is highly likely that a digital tax agreement will be drawn up within this year, countermeasures must also be prepared. Therefore, this study presents implications for the future direction of Korea's trade policy by examining recent trends in digital trade norms and analyzing major issues in digital trade.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.57-66
• /
• 2023

Since 2009, Morocco has had a law governing the processing of personal data, the law 09-08, and a supervisory authority, the CNDP (National Commission for the Protection of Personal Data). Since May 2018, the European General Regulation on the Protection of Personal Data (GDPR) entered into force, which applies outside the EU in certain cases and therefore to certain Moroccan companies. The question of the protection of personal data is primarily addressed to the customer. The latter may not only be a victim of crime linked to ICT, but also have to face risks linked to the collection and abusive processing of his personal data by the private and public sectors. Often the customer does not really know how their data is stored, nor for how long and for what purpose. This fact raises the question of satisfying customer requirements, in particular for organizations that have adopted a quality approach based on ISO 9001 standard.In order to master these constraints, Moroccan companies have to adopt strategies based on modern quality management techniques, especially the adoption of principles issued from the international standard ISO 9001 while being confirmed by the law 09-08. It is through ISO 9001 and the law 09-08 that these companies can refer to recognized approaches in terms of quality and compliance. The major challenge for these companies is to have a Quality approach that allows the coexistence between the law 09-08 and ISO 9001 standard and this article deals within this specific context.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.513-525
• /
• 2020

Until today, the personal information of subjects has been centralized in many companies or institutions. However, in recent days, the paradigm has gradually changed in the direction that subjects control their personal information and persue their self-sovereignty. Globally, individual data sovereignty is strengthened by the European Union's General Data Protection Regulation(GDPR) and the US California Consumer Privacy Act(CCPA). In Korea, a few alliances consist of various companies are creating technology research and service application cases for decentralized ID service model. In this paper, the current decentralized ID service model and its limitations are studied, and a improved decentralized ID service model that can solve them is proposed. The proposed model has a function of securely storing decentralized ID to the third party and a linkage function that can be interoperated even if different decentralized ID services are generated. In addition, a more secure and convenient model by identifying the security threats of the proposed model and deriving the security requirements, is proposed. It is expected that the decentralized ID technology will be applied not only to the proof of people but also to the device ID authentication management of the IoT in the future.