「정보통신망법」상 민감정보의 규율방안에 대한 검토

Sensitive data is required to be handled differently from general personal data because of the 'seriousness of privacy invasion' and so on. 「The Personal Information Protection Act」 and 「Act On Promotion Of Information and Communications Network Utilization and Information Protection, etc.」 regulate sensitive data, respectively. However, the types and standards of sensitive data defined by each law are slightly different. In particular, biometric data and personal image data are widely used in the process of providing information and communication services. It is necessary to examine whether such data corresponds to sensitive data, and if so, it is necessary to specially regulate unlike general personal data. In addition, 「Act On Promotion Of Information and Communications Network Utilization and Information Protection, etc.」 regulates providers of information and communications services and users. This Act shall be governed by the compatibility with the 「The Personal Information Protection Act」, which is the general law of personal data, harmonization with foreign legislation, and the specificity of information and communication services. Therefore, this study examines the issues of using sensitive data in the process of providing information and communication services, analyzes the current status and limitations of sensitive data discipline, and suggests ways to improve sensitive data discipline in 「Act On Promotion Of Information and Communications Network Utilization and Information Protection, etc.」. In the main content, it is suggested that "sensitive data" should not be defined in an illustrative manner but in a limited enumeration method in terms of clarity of law and compliance with the Personal Information Protection Act. In addition, as a type of sensitive information, biometric information, information on health, sexual life, sexual orientation, and genetic information should be added. Currently, sensitive information processing is permitted without any condition if it is based on the law, but it suggests a way to deal with it only if it meets certain criteria.