Published in:KIEP Research Paper, Policy References 20-05
Extent:
1 Online-Ressource (115 p)
Language:
Korean
DOI:
10.2139/ssrn.3812098
Identifier:
Origination:
Footnote:
Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments November 20, 2020 erstellt
Description:
Korean Abstract: 이 보고서는 EU GDPR 위반사례에 관한 통계를 분석하고, EU 법원 판결문 및 개인정보 감독당국의 결정을 검토한 후, 판결 및 결정의 근거가 된 EU GDPR 조항과 국내법령을 비교분석하여 시사점을 도출했다. EU GDPR의 위반사례가 지속적으로 늘어날 것으로 예상되므로 우리 기업과 정부의 적극적인 대비와 함께 개인정보의 국외이전에 따른 부과사례에 관한 연구가 필요하다. 또한 미국을 포함한 여러 국가가 EU GDPR을 개인정보보호 분야의 중요한 표준으로서 참고하는 추세이므로, 우리나라도 국내 데이터 관련 법률을 정비하고 개선하기 위한 노력이 요구된다. 이 보고서에서 식별한 우리 법률과 EU GDPR의 차이점을 기초로 개인정보의 국외이전을 위한 다양한 근거 허용 여부와 국외로 이전된 개인정보에 대한 효과적인 보호 방안에 관한 논의가 확산되길 기대한다
English Abstract: This report reviews the preliminary judgments of the CJEU on the interpretation of the EU GDPR and compares them with Korean laws and precedents in order to derive implications related to the validity of passive consent, the basis for the transfer of personal data abroad, and the content and scope of application of the right to be forgotten. The CJEU have ruled that passive consent, such as preselected check boxes, is not a valid agreement. In addition, the ombudsperson mechanism which cannot make any decisions binding on intelligence agencies is not effective judicial redress. That is why the Privacy Shield, which was the basis for the transfer of personal data between the EU and the United States, is invalid. Finally, the deletion from search engines based on the right to be forgotten is restricted to the EU region, not the entire world. By comparing those precedents of the CJEU with Korean laws and precedents, the report provides the following implications. First, the passive consent was interpreted as invalid even if it was in accordance with Korean laws. Besides, the precedent is also in the same position, which shows important criterion was whether the data subject could objectively confirm the intention of the data subject. However, since Korean laws are less specific than the EU GDPR, it seemed necessary to supplement them. Second, the transfer of personal data to third countries or international organizations was allowed only when the data subject agreed. Otherwise, the EU GDPR recognized various other reasons besides the consent of the data subject. It is time that the supervisory authorities of Korean law should consider whether to allow other basis for the transfer of personal data or not. Last, there was a ruling that the right to be forgotten has not yet been introduced into Korean law. The right to correct and delete in Korean law is recognized only if the information is incorrect after the exercise of the right to read, and there is a difference from the right to be forgotten. Discussions on whether to introduce the right to be forgotten are needed