With the development of information and communications technology, a large amount of information can be easily processed. Accordingly, there has been a growing demand for collecting, anonymizing, and using the personal information of research subjects or donors without obtaining their specific consent while conducting research on human beings or human-derived materials under Bioethics Law. If personal information is being used without the specific consent of the research subject, it should be guaranteed that anonymization under the same law would constitute sufficient protection of personal information. By delving into the concept of personal information, its processing, and the specific criteria presented in the relevant regulations of the United States and the EU, this paper examines whether anonymization under Bioethics Law constitutes sufficient protection of personal information of the subject. Bioethics Law provides extensive protection of the “information relating to individuals” as personal information, separately defining personally identifiable information based on its identifiability and presenting anonymization as a concept that processes it. However, the same law does not provide criteria for identifiability in personally identifiable information, or specific criteria or method for anonymization. In the background of the relevant provisions of the United States and the EU, it is necessary to at least present a more clear definition of personally identifiable information that is subject to anonymization, that is, standards of direct and indirect identifiability, in order for anonymization to constitute a method that can protect personal information under Bioethics Law. In addition, because the risk for identifiability increases with the development of technology, it should be accompanied by an ongoing assessment of the impact of these changes on privacy and the need to change the criteria for identifiability accordingly, as well as efforts to reflect the results in the concepts of personally identifiable information and anonymization under Bioethics Law. Most importantly, in terms of the concept of personally identifiable information and anonymization that has changed accordingly, it is necessary that, by disclosing to the public the need, specific contents, standards and methods of the change, individuals are aware of the standards and procedures by which their personal information is processed, whether it can be adequately protected when processed in this manner and, if not, how the system of protecting personal information should be built, and ultimately for individuals to actively participate in constructing such a system.