• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1013-1023
• /
• 2016

Transborder data flow(TBDF) of personal information in Korea has been limited by current Privacy law which request data subject to give consent. As the IT industry is growing at an incredible rate, there is a need to review the existing law to cope with growing industrial demand and increasing numbers of international data transfer. The transfer of personal data overseas not only allow businesses providing IT services including finance, internet, e-commerce to thrive, but also impact every aspect of our lives which are increasingly depended on these technology. Transmitting personal data across borders raises serious questions of privacy protection and restriction of business operation. In ordrer to promote interoperability of personal data in international environment, a considerable amount of research and debate needs to be taken before implementing a sound policy. This paper presents a need for a sound TBDF policy in Korea by examine the main policy challenges associated with TBDF. Finally, the paper identify policy suggestions based on European Union's approach as they have successfully implemented TBDF policy that balanced data privacy and economic agenda.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.8
• /
• pp.2124-2139
• /
• 2023

In this article, the authors focus on the use of smart CCTV, a combnation of biometric recognition technology and AI algorithms. In fact, the advancements in relevant technologies brought a significant increase in the use of biometric information - fingerprint, retina, iris or facial recognition - across diverse sectors. Both the public and private sectors, with the developments of biometric technology, widely adopt and use an individual's biometric information for different reasons. For instance, smartphone users highly count on biometric technolgies for the purpose of security. Public and private orgazanitions control an access to confidential information-controlling facilities with biometric technology. Biometric infomration is known to be unique and immutable in the course of one's life. Given the uniquness and immutability, it turned out to be as reliable means for the purpose of authentication and verification. However, the use of biometric information comes with cost, posing a privacy issue. Once it is leaked, there is little chance to recover damages resulting from unauthorized uses. The governments across the country fully understand the threat to privacy rights with the use of biometric information and AI. The EU and the United States amended their data protection laws to regulate it. South Korea aligned with them. Yet, the authors point out that Korean data aprotection law still requires more improvements to minimize a concern over privacy rights arising from the wide use of biometric information. In particular, the authors stress that it is necessary to amend Section (2) of Article 23 of PIPA to reflect the concern by changing the basis for permitting the processing of sensitive information from 'the Statutes' to 'the Acts'.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.129-139
• /
• 2011

Recently by the privacy & data security law, when a user registers the online membership, we need to take action to check a progress of identification without resident registration number. On the most of websites, I-PIN is used by identification instead of the resident registration number. However, I-PIN causes dangerous situations if someone steals the ID and a password, the personal data can be easy to exposure. In this paper, we propose the OTP, which can solve all these problems by guaranteeing the identification of unlinkability. This type of method would help the process of membership registration without fixed data like ID and a password in online so it would be very useful to security of private data.

• Review of Korean Society for Internet Information
• /
• v.14 no.3
• /
• pp.78-85
• /
• 2013

The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.83-92
• /
• 2018

The GDPR implemented since 25 May 2018 is common to all EU Member States and is legally binding. It is also important and legally valuable in that it takes into account the latest trends related to privacy protection. The purpose of this study is to propose a comprehensive review and improvement direction of the personal information protection laws in South Korea through a comparative analysis of EU GDPR and privacy related laws in South Korea. As a result of this study, the differences between the GDPR and privacy related laws in South Korea are Definition of personal sensitive information, Right to data portability, Data protection officer, Transfers of personal data to third countries, Supervisory authority, and Punishment, etc. The differences in these regulations were necessary to protect the rights and interests of data subjects and to properly handle personal information of personal information controllers. Therefore, based on the results of the comparative analysis of this study and suggestions on improvement direction of the law related to personal information protection, it is expected that it will contribute to the overall inspection and improvement of the law related to personal information protection in South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.767-779
• /
• 2013

A field of privacy protection lacks statistical information about the current status, compared to other fields. On top of that, since it has not been classified as a concrete separate field, the related survey is only conducted as a part of such concrete areas. Furthermore, this trend of being regarded as a part of fields such as informatization, information protection and law will continue in the near future. In this paper, a novel and practical way for collecting and storing a big amout of data from 110,000 privacy policies by data controller is proposed and the real analysis results is also shown. The proposed method can save time and cost compared with the traditional survey-based method while maintaining or even advancing the accuracy of results and speediness of process. The collected big personal data can be used to set up various kinds of statistical models and they will play an important role as a breakthrough of observing the present status of privacy information protection policy. The big data concept is incorporated into the privacy protection and we can observe the method and some results throughout the paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.135-144
• /
• 2009

This paper discusses an issue of serious security risks at web log which contains private information, and suggests solutions to protect them. These days privacy is core information to produce value-added in information society. Its scope and type is expanded and is more important along with the growth of information society. Web log is a privacy information file enacted as law in South Korea. Web log is not protected properly in spite of that has private information It just is treated as residual product of web services. Many malicious people could gain private information in web log. This problem is occurred by no classified data and improper development of web application. This paper suggests the technical solutions which control data in development phase and minimizes that the private information stored in web log, and applies in operation environment. It is very efficient method to protect private information and to observe the law.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.59-62
• /
• 2022

In the scientific research, the object of research is a complex of legal relations, which are formed by the use of modern digital technologies. The subject of this work is the novelties of Ukrainian and foreign legislation, norms of international law aimed at regulating social relations in the field of digital rights, as well as doctrinal provisions and materials of law enforcement practice. Within the framework of this work, two types of digital rights are distinguished, those that exist in the law of Ukraine, and the issues of law that apply to legal relations, regarding the turnover of each of them, are considered. Examples of law applied in foreign countries are given for comparison. On the basis of a comprehensive study of the legal framework and positions of scientists, the prospects for the development of legal regulation of digital rights were noted.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.183-193
• /
• 2014

Korean personal data(information) protection law requires privacy policies post on every website. According to recent survey results, users' interests on these policies are low due to these policies' low readability and accessibility. This study proposes a layout that effectively conveys online privacy policy contents, and assesses its impact on information understandability, vividness, and recognition of users. Studies on privacy policies and layouts, media richness theory, social presence theory, and usability are used to develop the new layered approach. Using experiments, three major layouts are evaluated by randomly selected online users. Research results shows that information understandability, vividness, and recognition of privacy policies in the revised-layered approach are higher than those of in the text-only or table-based layouts. This study implies that employing visual guides like icons on privacy policy layouts may increase users' interest in those policies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.12
• /
• pp.4062-4080
• /
• 2022

COVID-19, a highly infectious disease, has affected the globe tremendously since its outbreak during late 2019 in Wuhan, China. In order to respond to the pandemic, governments around the world introduced a variety of public health measures including contact-tracing, a method to identify individuals who may have come into contact with a confirmed COVID-19 patient, which usually leads to quarantine of certain individuals. Like many other governments, the South Korean health authorities adopted public health measures using latest data technologies. Key data technology-based quarantine measures include:(1) Electronic Entry Log; (2) Self-check App; and (3) COVID-19 Wristband, and heavily relied on individual's personal information for contact-tracing and self-isolation. In fact, during the early stages of the pandemic, South Korea's strategy proved to be highly effective in containing the spread of coronavirus while other countries suffered significantly from the surge of COVID-19 patients. However, while the South Korean COVID-19 policy was hailed as a success, it must be noted that the government achieved this by collecting and processing a wide range of personal information. In collecting and processing personal information, the data minimum principle - one of the widely recognized common data principles between different data protection laws - should be applied. Public health measures have no exceptions, and it is even more crucial when government activities are involved. In this study, we provide an analysis of how the governments around the world reacted to the COVID-19 pandemic and evaluate whether the South Korean government's digital quarantine measures ensured the protection of its citizen's right to privacy.