Abstract
The basic approach of the law to protect the rights of data subjects in the United States and Europe, including Korea, is to provide data subjects with a set of rights to make decisions about their privacy or personal information self- management, and the core is 'consent’. However, if you ask whether real consent truly plays its role in various online services, the answer is negative. This study attempted to analyze the limitations of these “consent” norms and derive improvement tasks. The limitations of the current consent regulations are summarized below. First, in the environment of big data, artificial intelligence, and Internet of things, the way and purpose of data processing and analysis continues to change without human intervention. Therefore, the'notice-consent' method in the current law that specifies the purpose and scope of data processing is difficult to meet its validity requirements. Second, as a result, it became difficult to “privacy and personal information self-management,” which is the practical purpose of “consent”. The widespreadness of the personal information being processed, incomprehensible notices, and the asymmetry of information between the data subject and the personal information controller made it impossible for the data subject to truly participate in the consent process.
In order to solve this limitation of “consent”, it is necessary to ensure that “privacy and personal information self-management” is not entirely under the responsibility of individuals based on consent, but through the intervention of the state's guardianism, ‘Paternalism’. As a concrete measure, an appropriate harmonization between opt-out and Paternalism, while allowing opt-in only in exceptional cases can be considered. In addition, there is a limit to improving the privacy and personal information self-management ability of the data subject, as so far, so rather, a method of improving the privacy management ability of the personal information controller should be sought. In addition, since the value of personal information can be more accurately evaluated during various use processes rather than at the time of collection, the protection of personal information should be shifted from ‘collection-centered’ to ‘use-centered’.
In order to solve this limitation of “consent”, it is necessary to ensure that “privacy and personal information self-management” is not entirely under the responsibility of individuals based on consent, but through the intervention of the state's guardianism, ‘Paternalism’. As a concrete measure, an appropriate harmonization between opt-out and Paternalism, while allowing opt-in only in exceptional cases can be considered. In addition, there is a limit to improving the privacy and personal information self-management ability of the data subject, as so far, so rather, a method of improving the privacy management ability of the personal information controller should be sought. In addition, since the value of personal information can be more accurately evaluated during various use processes rather than at the time of collection, the protection of personal information should be shifted from ‘collection-centered’ to ‘use-centered’.
| Translated title of the contribution | The Dilemma of Guaranteeing Information Subject's Rights and ‘Consent’ System |
|---|---|
| Original language | Korean |
| Pages (from-to) | 93-133 |
| Number of pages | 41 |
| Journal | 성균관법학 |
| Volume | 32 |
| Issue number | 3 |
| DOIs | |
| State | Published - 2020 |