• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.83-92
• /
• 2018

The GDPR implemented since 25 May 2018 is common to all EU Member States and is legally binding. It is also important and legally valuable in that it takes into account the latest trends related to privacy protection. The purpose of this study is to propose a comprehensive review and improvement direction of the personal information protection laws in South Korea through a comparative analysis of EU GDPR and privacy related laws in South Korea. As a result of this study, the differences between the GDPR and privacy related laws in South Korea are Definition of personal sensitive information, Right to data portability, Data protection officer, Transfers of personal data to third countries, Supervisory authority, and Punishment, etc. The differences in these regulations were necessary to protect the rights and interests of data subjects and to properly handle personal information of personal information controllers. Therefore, based on the results of the comparative analysis of this study and suggestions on improvement direction of the law related to personal information protection, it is expected that it will contribute to the overall inspection and improvement of the law related to personal information protection in South Korea.

• Journal of Legislation Research
• /
• no.41
• /
• pp.303-335
• /
• 2011

The rapid changes in telecommunications have exercised an important influence on the telecommunications law system, including the protection of the privacy. It was a decisive assignment that telecommunications law protected the confidentiality of privacy. But in new digitalized telecommunications circumstance, every steps of the conveyance of the individual informations should be protected, in particular by telecommunications carriers as a subject of the protection of information. EU Privacy Directive in 2003 and the amendment of Communications Act in U. S. A. in 1996 have reflected the necessity of the privacy from a new point of view. In Korea, "Protection of Privacy Act" has been established as general law as to the protection of privacy and "Electronic Communications Net-work Act" and "Location Data Act" have been functioned as special law in telecommunications, and these laws have developed the legal systems about the protection of privacy in telecommunications. Such a legal system could be affirmatively evaluated. But the regulations should be reformed in a way that corresponds to the detailed types of the privacy and it should be devised a method, that the consent of users could be fulfilled practically.

• International Commerce and Information Review
• /
• v.3 no.2
• /
• pp.131-142
• /
• 2001

IT 산업은 인터넷을 발달시킴으로써 새로운 경제 시대 (New Economic Era)를 열게 하였을 뿐만 아니라 민주주의제도의 발전가능성을 한층 더 앞당기는 계기를 마련하고 있다. 그러나 개인들은 그들의 개인정보가 국가기관이나 민간기관에 자신도 모르는 사이 누출되어 국가기관의 감시체제를 구축하거나 불공정한 상업적 목적으로 쓰일 수 있다는 우려 때문에 온라인상의 구매활동이나 정치활동을 주저하고 있다. 특히 유럽민족은 과거의 역사적인 사건들로 인해 개인정보 유출문제에 매우 민감하게 반응한다. 이러한 이유로 EU는 EU국가들 내에서의 인터넷관련 개인정보처리문제와 EU와 제3국간의 개인정보 이전 문제를 규정하는 지침을 1995년 재정하고 1998년부터 시행하고 있다. 동 지침은 또한 미국과의 정보이전협상인 safe harbor를 탄생시켰다. 본 고에서는 왜 개인정보 보호법이 필요한지 그 이유와 개인정보보호에 대한 국제적인 논의 그리고 EU의 개인정보지침 내용을 연구한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1013-1023
• /
• 2016

Transborder data flow(TBDF) of personal information in Korea has been limited by current Privacy law which request data subject to give consent. As the IT industry is growing at an incredible rate, there is a need to review the existing law to cope with growing industrial demand and increasing numbers of international data transfer. The transfer of personal data overseas not only allow businesses providing IT services including finance, internet, e-commerce to thrive, but also impact every aspect of our lives which are increasingly depended on these technology. Transmitting personal data across borders raises serious questions of privacy protection and restriction of business operation. In ordrer to promote interoperability of personal data in international environment, a considerable amount of research and debate needs to be taken before implementing a sound policy. This paper presents a need for a sound TBDF policy in Korea by examine the main policy challenges associated with TBDF. Finally, the paper identify policy suggestions based on European Union's approach as they have successfully implemented TBDF policy that balanced data privacy and economic agenda.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.8
• /
• pp.2124-2139
• /
• 2023

In this article, the authors focus on the use of smart CCTV, a combnation of biometric recognition technology and AI algorithms. In fact, the advancements in relevant technologies brought a significant increase in the use of biometric information - fingerprint, retina, iris or facial recognition - across diverse sectors. Both the public and private sectors, with the developments of biometric technology, widely adopt and use an individual's biometric information for different reasons. For instance, smartphone users highly count on biometric technolgies for the purpose of security. Public and private orgazanitions control an access to confidential information-controlling facilities with biometric technology. Biometric infomration is known to be unique and immutable in the course of one's life. Given the uniquness and immutability, it turned out to be as reliable means for the purpose of authentication and verification. However, the use of biometric information comes with cost, posing a privacy issue. Once it is leaked, there is little chance to recover damages resulting from unauthorized uses. The governments across the country fully understand the threat to privacy rights with the use of biometric information and AI. The EU and the United States amended their data protection laws to regulate it. South Korea aligned with them. Yet, the authors point out that Korean data aprotection law still requires more improvements to minimize a concern over privacy rights arising from the wide use of biometric information. In particular, the authors stress that it is necessary to amend Section (2) of Article 23 of PIPA to reflect the concern by changing the basis for permitting the processing of sensitive information from 'the Statutes' to 'the Acts'.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.164-174
• /
• 2014

The purpose of this study is to explore ways to resolve the conflicting issues that are currently applied in medical Act and medical privacy Act through the comparative Analysis of the Privacy Act and the Medical Information Protection Act foreign. the results run to establish the Public Health Act coming for the protection of health information is a characteristic of many countries, France in Europe, the United States and Canada had been running an independent medical information laws are enacted. Prescribes penalties of up to a fairly systematic method from the case records of patients would not have occurred in the management and implementation of the law and the protection of the author of the book focuses on the subject of medical records and physician records between patient confidentiality and privacy it can be seen that the method defined in. This indicates the need for the establishment of an independent medical information laws to protect all records relating to the patient systematically Korea also.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.320-326
• /
• 2022

The use of the Internet has become commonplace for billions of people on the planet. The rapid development of technology, in particular, mobile gadgets, has provided access to communication anywhere, anytime. At the same time, there are growing concerns about the behavior of people on the Internet, in particular, towards each other and social groups in general. This raises the issue of human rights in today's information society. In this study, we focused on human rights such as the right to privacy, confidentiality, freedom of expression, the right to be forgotten, etc. We point to some differences in this regard, in particular between the EU, etc. In addition, we describe the latest legal regulation in this aspect in European countries. Such methods as systemic, factual, formal and legal, to show the factors of formation and development of human rights in the context of digitalization were used. The authors indicate which of them deserve the most attention due to their prevalence and relevance. Thus, we concluded that the technological development of social communications has laid the groundwork for a legal settlement of privacy and opinion issues on the Internet. Simultaneously, jurisdictions address issues on every aspect of human rights on the Internet, based on previous norms, case law, and principles of law. It is concluded that human rights legislation on the Internet will continue to be actively developed to ensure a balance of private and public interests, safe online access and unimpeded access to it.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.65-103
• /
• 2019

Purpose The purpose of this study is to find out in extent to which the companies in Korea and oversea, which has been subjected by different laws of their country, have guaranteed the personal information rights and have provided proper 'right to access' to the information subjects. Design/methodology/approach This study compared Korean laws with 'General Data Protection Regulation (GDPR)' of EU and 'California Consumer Privacy Act (CCPA)' to check each of the level of 'right to access' guarantee. In terms of the difference in guaranteeing the right, this study compared Korean IT leading companies with US global leading IT companies to find out how much 'right to access' are properly implemented in their policies and functions they provide. Findings The result of the study shows that 'right to access' has not been well guaranteed by Korean law, as it does not provide the right to choose method and medium by information subjects and does not clarify the types of diverse information. This was clearly opposite with the other laws providing the right to choose what method and medium that subjects want with clarifying every types of personal information possible to be more. In addition, 'right to access' has not been well guaranteed by Korean companies in comparison with by the oversea companies which proactively guarantee the right by setting the function enabling subjects to browse their information through their websites or applications.

• Journal of Convergence for Information Technology
• /
• v.8 no.2
• /
• pp.141-148
• /
• 2018

The purpose of this paper is to explore the scope of realization of multiple perspectives so that the implementation of the right to be forgotten is more realistic than the ideal information deletion concept. We examined domestic and foreign legal system and technology/service trends, and reflected the classification realization level of service realization, processing type and information characteristics of personal information processor, and legislative/technical factors for multi-level scope analysis. As a result, we have presented a matrix of the range of realization of the right to be forgotten and the scope of diversified regulation by the subject of protection. This study will be extended to the convergence of law and engineering, and will contribute to the prediction of social costs and expansion of the market by identifying the scope of 'deletion rights'.