• The Journal of the Korea Contents Association
• /
• v.12 no.7
• /
• pp.156-168
• /
• 2012

As the increase of violent crimes such as robbery, murder, and rape has become a social problem, the government is considering institutionalizing the identification of criminals to prevent crime and to guarantee people's right to know. Such an atmosphere led to the approval of the revision of 'Special Law On the Punishment of Specific violent Crimes' in the National Assembly in April 2010. The revision allows the revelation of the profiles of crime suspects including the pictures of their faces at the investigation stage. However, whether the revision had been effective in preventing crime has not been demonstrated empirically. Moreover, identity revelation is a grave intrusion into privacy and an abuse of human rights such as personal rights and the right to a fair trial, since personal information of criminal suspects would be released to the media prior to the court's final judgements. Also it violates the principle of presumption of innocence, the principles of due process, the principle of double jeopardy, the principle of prohibition against excessive, the principles of clarity, and the principle of liability.

• Journal of Convergence for Information Technology
• /
• v.8 no.2
• /
• pp.141-148
• /
• 2018

The purpose of this paper is to explore the scope of realization of multiple perspectives so that the implementation of the right to be forgotten is more realistic than the ideal information deletion concept. We examined domestic and foreign legal system and technology/service trends, and reflected the classification realization level of service realization, processing type and information characteristics of personal information processor, and legislative/technical factors for multi-level scope analysis. As a result, we have presented a matrix of the range of realization of the right to be forgotten and the scope of diversified regulation by the subject of protection. This study will be extended to the convergence of law and engineering, and will contribute to the prediction of social costs and expansion of the market by identifying the scope of 'deletion rights'.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.3-10
• /
• 2013

Cyber attacks are threats to national security. Today, cybersecurity threats have various types, the theft or spread of privacy and national secret, the realization of direct attacks to infrastructure and the hacktivism with political or social objectives. Furthermore, There are special situations in South Korea because of North Korea's threats. Thus, It is necessary to handle cybersecurity as a kind of national security problem. It is a time to identify problems of governance system in cybersecurity and to improve related Acts and subordinate statutes. There are several tasks for legal improvement for governance system in cybersecurity. They are improving legal bases for the roles of the relevant authorities in cybersecurity, consolidating national joint response to cyber accidents, establishing and vitalizing information sharing system, constructing foundation of cybersecurity through industry promotion and manpower development, and acquiring defensive tools by enhancement research an development. In order to address these challenges, it is necessary to pay much attention to enactment and to revision laws and to practice legislative procedure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1607-1621
• /
• 2018

The financial industry, which guarantees a credible transaction and can not permit forgery of its transaction information, has hitherto adhered to a traditional centralized ledger management method. However, the blockchain technology has a decentralization which has been regarded as unsafe for the time being, and the more reliable transaction agreement and data integrity are guaranteed The world's financial industry and the IT world is causing the wave. Nevertheless, the inherent characteristics of the blockchain, such as the irreversibility of block information within a blockchain and the sharing of blocks between blockchain participants, can not avoid conflicts with the privacy laws. The purpose of this study is to investigate the problems related to deletion and the third party supply of personal information by focusing on these characteristics of the blockchain and to suggest the technical alternatives of the applicable blockchain and the improvement direction of the personal information protection law for using of blockchain technology.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.6
• /
• pp.786-794
• /
• 2020

For systematic pet management, the pet registration system has established. It makes the owner of the pet is given greater responsibility through the pet registration system but it also provided with welfare. One of the advantages of the pet registration system is that prepare system what return to owner quickly and safety through information inquiry when the pets are lost. But there are some conflict with the law in the information inquiry, so it occurs interfere the system. In this paper, we propose using the Smart Contract to finding the missing animal effectively. Proposed method discloses only the partially information. Thus it will be eliminated conflict parts, and increases the information accessibility to increase the number of people who can inquiry information. In addition, keeping the RFID inquired feature for compatible with the existing system. The smart contract querying enables quickly and precision access to information. Lastly, compare the proposed method with existing method to see the improvement.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.53-63
• /
• 2020

In accordance with the revision of the Data 3 Act, such as the Personal Information Protection Act, it is possible to process pseudonym information without the consent of the information subject for statistical creation, scientific research, and preservation of public records, and unlike personal information, it is legal for personal information leakage notification and personal information destruction There are exceptions. It is necessary to revise the pseudonym information in that the standard for the pseudonym processing differs by country and the identification guidelines and anonymization are identified in the guidelines for non-identification of personal information in Korea. In this paper, we focus on the use of personal information in accordance with the 4th Industrial Revolution, examine the concept of pseudonym information for safe use of newly introduced pseudonym information, and generate / use / provide / destroy domestic and foreign non-identification measures standards and pseudonym information. At this stage, through the review of the main contents of the law or the enforcement ordinance (draft), I would like to make suggestions on future management / technical protection measures.

• Journal of the Korea Convergence Society
• /
• v.13 no.4
• /
• pp.25-37
• /
• 2022

The government and private companies are endeavoring to help the digital healthcare industry grow. This includes easing regulations on the big data industry such as the amendment of the Data 3 Act. Despite these efforts, however, there have been constant demands for the amendment of laws related to the medical field and for securing medical data transmissions. In this paper, the Data 3 Act of Korea and the legal system related to healthcare are examined. Then the legal, institutional, and technical aspects of the strategies are compared to understand the issues and implications. Based on this, a legal and institutional strategy suitable for the digital healthcare industry in Korea is suggested. Additionally, a direction to improve social perception along with technical measures such as safe de-identification processing and data transmission are also proposed. This study hopes to contribute to the spread of various convergent industries along with the digital healthcare industry.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.2
• /
• pp.15-20
• /
• 2023

Recently, digitalization is accelerating in all industries, and the use of information and personal information produced and used in the process of it is very important for the success or failure of a company. However, malicious attempts to steal or leak major information and personal information of a company as an adverse effect continue to increase, and appropriate defense and response are absolutely necessary. However, in the case of small and medium-sized enterprises, the priority of information protection and the possession of professional manpower are very insufficient compared to large enterprises. This paper studies the certification and audit implemented in Korea, and suggests ways to expand the certification of the information protection system suitable for SMEs and improve the effectiveness of the support system through the expansion of the privacy law notification standard and operation of support system.

• The Korean Journal of Air & Space Law and Policy
• /
• v.32 no.1
• /
• pp.225-285
• /
• 2017

In regard to the regulations related to the RPA(Remotely Piloted Aircraft), which is sometimes called in other countries as UA(Unmanned Aircraft), ICAO stipulates the regulations in the 'RPAS manual (2015)' in detail based on the 'Chicago Convention' in 1944, and enacts provisions for the Rules of UAS or RPAS. Other contries stipulates them such as the Federal Airline Rules (14 CFR), Public Law (112-95) in the United States, the Air Transport Act, Air Transport Order, Air Transport Authorization Order (through revision in "Regulations to operating Rules on unmanned aerial System") based on EASA Regulation (EC) No.216/2008 in the case of unmanned aircaft under 150kg in Germany, and Civil Aviation Act (CAA 1998), Civil Aviation Act 101 (CASR Part 101) in Australia. Commonly, these laws exclude the model aircraft for leisure purpose and require pilots on the ground, not onboard aricraft, capable of controlling RPA. The laws also require that all managements necessary to operate RPA and pilots safely and efficiently under the structure of the unmanned aircraft system within the scope of the regulations. Each country classifies the RPA as an aircraft less than 25kg. Australia and Germany further break down the RPA at a lower weight. ICAO stipulates all general aviation operations, including commercial operation, in accordance with Annex 6 of the Chicago Convention, and it also applies to RPAs operations. However, passenger transportation using RPAs is excluded. If the operational scope of the RPAs includes the airspace of another country, the special permission of the relevant country shall be required 7 days before the flight date with detail flight plan submitted. In accordance with Federal Aviation Regulation 107 in the United States, a small non-leisure RPA may be operated within line-of-sight of a responsible navigator or observer during the day in the speed range up to 161 km/hr (87 knots) and to the height up to 122 m (400 ft) from surface or water. RPA must yield flight path to other aircraft, and is prohibited to load dangerous materials or to operate more than two RPAs at the same time. In Germany, the regulations on UAS except for leisure and sports provide duty to avoidance of airborne collisions and other provisions related to ground safety and individual privacy. Although commercial UAS of 5 kg or less can be freely operated without approval by relaxing the existing regulatory requirements, all the UAS regardless of the weight must be operated below an altitude of 100 meters with continuous monitoring and pilot control. Australia was the first country to regulate unmanned aircraft in 2001, and its regulations have impacts on the unmanned aircraft laws of ICAO, FAA, and EASA. In order to improve the utiliity of unmanned aircraft which is considered to be low risk, the regulation conditions were relaxed through the revision in 2016 by adding the concept "Excluded RPA". In the case of excluded RPA, it can be operated without special permission even for commercial purpose. Furthermore, disscussions on a new standard manual is being conducted for further flexibility of the current regulations.