A Comparative Study on the Prevention of Re-identification by Combining Pseudonymous Data - Focused on the GDPR, the CCPA and the Revised Personal Information Protection Act -

Lee, Joo-Hee

KJC Korea
Journal Central

Journal of International Business Transactions Law 2021 KCI Impact Factor : 0.32

Korean | English

pISSN : 2092-769X / eISSN : 2733-6948

http://journal.kci.go.kr/IBT

BACK
TOP

Home > Explore Content > All Issues > Article View

5 of 6

A Comparative Study on the Prevention of Re-identification by Combining Pseudonymous Data - Focused on the GDPR, the CCPA and the Revised Personal Information Protection Act -

Journal of International Business Transactions Law
Abbr : IBT
2021, (32), pp.111-140

Publisher : The Institute for Legal Studies Dong-A University
Research Area : International Commercial Transactions Law

Received : December 20, 2020
Accepted : January 30, 2021
Published : January 31, 2021

Lee, Joo-Hee ¹

¹이주희 법률사무소

ABSTRACT
열림/닫힘 버튼

‘Pseudonymous data’ refers to the fake information in which the personal data cannot be revealed without additional information to retrieve the original data, which beforehand could be reached by using his name, social identification number or etc. The Revised Personal Information Protection Act allows that pseudonymous data from each personal information could be combined for statistical data, scientific research, and public record. However, when it happened, there occurs another problem of “re-identification”, through which the relevant individual information could be exposed: If the pseudonym data is allowed to be linked with the other data, thus being “easily combined”, the original data could be open to be retrieved through combining it with another data. This paper analyzes the measures to prevent this re-identification problem through comparing the GDPR(General Data Protection Regulation) of Europe and the CCPA(California Consumer Privacy Act) of the United States. In the revised Personal Information Protection Act, provisions were made regarding “an agency for processing pseudonymous data”, which are mentioned in the GDPR and the CCPA. Following these provisions, the Personal Information Protection Committee made guidelines for processing pseudonymous data on September 2020. We can appraise this installation highly since any other country has not tried it. However, this measure may have an aftereffect – by transferring all authorities to combine pseudonymous data to a special agency- to lower the incentive for private companies to use data. This paper examines the way the GDPR and the CCPA – both of them have no such special agency- prevents re-identification problem, thus giving another thought on our current actions of the Revised Personal Information Protection Act.
KEYWORDS
열림/닫힘 버튼

Pseudonymisation, the Revised Personal Information Protection Act, GDPR, CCPA, Re-identification

Statistics

576 Viewed

0 Downloaded

Tools

Print this page

Search PDF

Export Citation

Sharing

Facebook

Twitter

Issue List

Vol. No.35

Vol. No.34

Vol. No.33

Citation status

KCI Citation Counts (1)
열림/닫힘 버튼
REFERENCES (18)
열림/닫힘 버튼
* 2021년 이후 발행 논문의 참고문헌은 현재 구축 중입니다.

[journal] 고수윤 / 2020 / A Comparative Study on the Rights of Information Subjects under the General Data Protection Regulation and the California Consumer Privacy Act / 미디어와 인격권 / 언론중재위원회 6(1) : 71~106

[report] 김성천 / 2018 / 미국 캘리포니아주 소비자프라이버시법(CCPA)의 주요내용과 시사점

[journal] 김송옥 / 2019 / An Analysis on the Consent System of the GDPR in European Union and Its Implications for our Data Protection Laws / 아주법학 / 법학연구소 13(3) : 157~192 / 10.21589/ajlaw.2019.13.3.157

[journal] 박웅신 / 2018 / A Study on Improvement of Criminal Penalty Regulations in the Private Information Protection Law / 성균관법학 / 법학연구원 30(4) : 293~318

[journal] 윤영호 / 2019 / A Case Study for Improvement of Users’ Right to Informational self-determination:Focusing on the GDPR of EU and the CCPA of California, USA / 정보시스템연구 / 한국정보시스템학회 28(4) : 65~103 / http://dx.doi.org/10.5859/KAIS.2019.28.4.65

[journal] 윤태영 / 2020 / An Agenda in Civil Law for the Protecting Personal Rights from Use of Data / 비교사법 / 한국비교사법학회 27(4) : 37~69 / 10.22922/jcpl.27.4.202011.37

[report] 이인호 / 2020 / 데이터 3법의 개정과 향후 입법과제 모색 / 개인정보보호법학회

[journal] 이창민 / 2020 / A Comparative Legal Study on the California Consumer Privacy Act / 정보법학 / 한국정보법학회 24(1) : 77~114

[journal] 전승재 / 2020 / Scope of Industrial Use of Personal Information, Pseudonymous Information and My Data - Focused on Three Data Laws - / 선진상사법률연구 / 법무부 (91) : 249~279

[journal] 최창수 / 2020 / Comparative Analysis of Laws on the Personal Rights Protection System in the Data Age / 미디어와 인격권 / 언론중재위원회 6(1) : 1~38

[other] / 2013 / 대전지방법원 논산지원 2013. 8. 9. 선고 2013고단17 판결

[web] 개인정보보호위원회 / 가명정보처리 가이드라인 / file:///C:/Users/user/Downloads/%EA%B0%80%EB%AA%85%EC%A0%95%EB%B3%B4%20%EC%B2%98%EB%A6%AC%20%EA%B0%80%EC%9D%B4%EB%93%9C%EB%9D%BC%EC%9D%B8(%EC%B5%9C%EC%A2%85)%20(1).pdf

[web] 김인엽 / 데이터3법 발의 14개월 만에 국회 본회의 통과 / https://www.sedaily.com/NewsVIew/1YXKX3VNNC

[web] 연합뉴스 / 개인정보위, 삼성SDS·통계청 가명정보 결합전문기관 지정 / https://www.yna.co.kr/view/AKR20201127037600017

[web] 이상후 / 빅데이터 산업의 연료, 가명정보와 익명정보란? / https://it.donga.com/28239/

[web] 코리아헤럴드 / ‘이태원 집단감염’에 커지는 성소수자 혐오…‘아웃팅’ 우려 / http://www.koreaherald.com/view.php?ud=20200510000028

[journal] I. Glenn Cohen / 2019 / Big Data, Big Tech, and Protecting Patient Privacy / JAMA 322(12)

[journal] Luc Rocher / 2019 / Estimating the success of re-identifications in incomplete datasets using generative models / NATURE COMMUNICATIONS 10