• Knowledge Management Research
• /
• v.25 no.2
• /
• pp.219-243
• /
• 2024

This study investigates the impact of privacy concerns, perceived utility, and awareness of the right to personal data self-determination on the effective use and expansion of MyData services, which are critical to the data economy. Integrating the value-based adoption model with privacy calculus theory, the research examines how perceived utility, privacy concerns, trust, and personal innovativeness influence perceived value, perceived privacy, and the intention to provide personal information. Data collected from an online survey of 442 MyData service users and prospective users were analyzed using PLS-SEM and Bootstrapping methods via SmartPLS 4. The results indicate that perceived utility positively affects the intention to provide personal information, while privacy concerns have a negative impact. Trust and personal innovativeness positively influence the intention to adopt MyData services, and the awareness of personal data self-determination rights moderates these intentions. The findings underscore the importance of developing beneficial services that mitigate users' privacy concerns and build trust for the successful implementation of MyData services. Additionally, the study highlights the need for education and awareness campaigns to enhance understanding of the right to personal data self-determination.

• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.141-150
• /
• 2024

The importance of personal data protection is increasingly emphasized both at home and abroad, and while overseas countries are applying various policies and dynamic management technologies, there are some gaps between compliance with laws and regulations and the application of technologies in Korea, and there are few user interfaces that provide convenient ways for data subjects to stop processing personal data. This study first analyzes the need for dynamic personal information consent management technology, the current state of the industry, and the prospects for its development. Next, this study proposes a basic model for dynamic management of personal information consent that maximizes the data subject's right to personal data self-determination while strictly complying with personal data protection laws in Republic of Korea. In particular, this study analyzes the basis of domestic laws and regulations related to the suspension of personal data processing, designs a basic model of personal data consent dynamic management interface, and presents its effectiveness. Based on the results of this study, we expect that the proposed dynamic management model for personal data use consent can be used in various ways for various websites and applications in the future.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.65-103
• /
• 2019

Purpose The purpose of this study is to find out in extent to which the companies in Korea and oversea, which has been subjected by different laws of their country, have guaranteed the personal information rights and have provided proper 'right to access' to the information subjects. Design/methodology/approach This study compared Korean laws with 'General Data Protection Regulation (GDPR)' of EU and 'California Consumer Privacy Act (CCPA)' to check each of the level of 'right to access' guarantee. In terms of the difference in guaranteeing the right, this study compared Korean IT leading companies with US global leading IT companies to find out how much 'right to access' are properly implemented in their policies and functions they provide. Findings The result of the study shows that 'right to access' has not been well guaranteed by Korean law, as it does not provide the right to choose method and medium by information subjects and does not clarify the types of diverse information. This was clearly opposite with the other laws providing the right to choose what method and medium that subjects want with clarifying every types of personal information possible to be more. In addition, 'right to access' has not been well guaranteed by Korean companies in comparison with by the oversea companies which proactively guarantee the right by setting the function enabling subjects to browse their information through their websites or applications.

• Information Systems Review
• /
• v.20 no.1
• /
• pp.159-177
• /
• 2018

With an extensive proliferation of information and communication technology, the volume and amount of digital information collected and utilized on the Internet have been increasing rapidly. Also on the rapid rise are side effects such as unintended breach of accumulated personal information and consequent invasion of personal privacy. Informational self-determination is rarely practiced, despite various states' legal efforts to redress data subjects' damage. Personal health information, in particular, is a subcategory of personal information where informational self-determination is hardly practiced enough. The observation is contrasted with the socio-economic inconvenience that may follow due to its sensitive nature containing individuals' physical and health conditions. This research, therefore, reviews factors of self-determination on personal health information while referring to the protection motivation theory (PMT), the long-time framework to understand personal information protection. Empirical analysis of 200 data surveyed reveals threat-appraisal (perceived vulnerability and perceived severity of threats) and coping-appraisal (perceived response effectiveness), in addition to individual levels of concern regarding provided personal health information, influence self-determination to protect personal health information. The research proposes theoretical findings and practical suggestions along with reference for future research topics.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.123-134
• /
• 2020

Although the rights of data subjects are defined through laws such as the Personal Information Protection Act, the consent process for collecting personal information by financial institutions is only formal and does not guarantee the right of self-determination of personal information. Therefore, it is necessary to analyze the problem by information provision items of the current model, and to improve by changing the structure such as replacing the current method provided with the text with pictures and videos, and mandatory to provide the information subjects with personal information flow related images from the signing up stage. The improvement model is presented as a way to add a procedure to the current model. The effect was verified through a survey. It is hoped that the proposed model is actually reflected through the review to create an environment that can be a true meaning agreement that reflects the information subject's right to self-determination.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• Journal of Platform Technology
• /
• v.6 no.4
• /
• pp.11-17
• /
• 2018

In the smart intelligence information society, there is a possibility that the social dysfunction such as the personal information protection issue and the risk to the electronic surveillance society may be highlighted. In this paper, we refer to various categories and classify electronic surveillance into audio surveillance, visual surveillance, location surveillance, biometric information surveillance, and data surveillance. In order to respond to new electronic surveillance in the intelligent information society, it requires a change of perception that is different from that of the past. This starts with the importance of digital privacy and results in the right to self-determination of personal information. Therefore, in order to preemptively respond to the dysfunctions that may arise in the intelligent information society, it is necessary to further raise the awareness of the civil society to protect information human rights.

• The Korean Society of Law and Medicine
• /
• v.24 no.2
• /
• pp.35-77
• /
• 2023

As the amendment to the Personal Information Protection Act, which newly established the basis for the right to request transmission of personal information, was promulgated through the plenary session of the National Assembly, MyData, which was previously applied only to the financial sector, could spread to all fields. The right to request transmission of personal information is the right of the information subject to be guaranteed for the realization of MyData. However, since the right to request transmission of personal information stipulated in the Personal Information Protection Act is designed to be applied to all fields, not a special field such as the medical field, it has many shortcomings to act as a core basis for implementing MyData in Medicine. Based on this awareness of the problem, this paper compares and analyzes major legal trends related to the right to portability of personal health information at home and abroad, and examines the limitations of Korea's Personal Information Protection Act and Medical Act in realizing Medical MyData. Under the Personal Information Protection Act, the right to request transmission of personal information is insufficient to apply to the medical field, such as the scope of information to be transmitted, the transmission method, and the scope of the person obligated to perform the transmission, etc.. Regulations on the right to access medical information and transmission of medical records under the Medical Act also have limitations in implementing the full function of Medical My Data in that the target information and the leading institution are very limited. In order to overcome these limitations, this paper prepared a separate and independent special law to regulate matters related to the use and protection of personal health information as a measure to improve the legal system that can effectively guarantee the right to portability of personal health information, taking into account the specificity of the medical field. It was proposed to specifically regulate the contents of the movement and transmission system of personal health information.

• Journal of Korea Entertainment Industry Association
• /
• v.15 no.8
• /
• pp.63-74
• /
• 2021

This study focuses on the increasing supply and consumption of affair dramas on TV with the theme of unconventional 'infidelity', therefore, is an empirical study that reveals factors related to the problem consciousness of married men and women about infidelity dramas that can affect the sexual socialization of married men and women. This study investigates the effect of married men and women's right to sexual self-determination between couples, personal psychological characteristics (emotional maturity, emotional alienation, self-perception), surrounding environmental characteristics (prevalence of extramarital relationships), and demographic background (gender, age, educational background, economic level) on 'the presence or absence of critical consciousness of infidelity dramas'. For the data of this study, an online survey is conducted on married men and women(614 people), and binary logistic analysis is conducted using SPSS. As a result of this analysis, first, 46% of married men and women have a relatively good level of critical awareness of affair dramas, and overall, the level of critical thinking of married men and women about the infidelity dramas is rather low. Second, there is no significant difference between genders in the perception of problems such as 'excessive beautification of infidelity', 'incitement of infidelity' and 'damage of family values', however, married women are more critical than married men regarding 'explicit sexual description', indicating differences according to gender characteristics. Third, for married men, the level of 'self-perception' and 'marital sexual self-determination right' have a significant effect on the critical mind with infidelity dramas. In the case of married women, it is found that 'the right to sexual self-determination' between married couples and 'emotional alienation' have a significant effect on 'the presence or absence of critical consciousness of infidelity dramas'.