북유럽모델 관점에 따른 마이데이터의 쟁점 및 과제

초록

This paper seeks to analyze pending issues with MyData and relevant policy lessons for Korea from the perspective of the Nordic Model. What separates the Nordic Model from other MyData models is the choice over how to secure data subject’s effective control of personal data. The former requires data subject’s control over the (second) transaction involving the handling of personal data between a data holder and a data utilizer, let alone the (first) transaction between the data subject and a data holder. Since interoperability and reliability of the MyData ecosystem are prerequisites for that purpose, sophisticated legal and technical norms must be advanced on such matters as right to data portability, consent management program, and data ownership. MyData in Korea has been growing much more rapidly and successfully in the financial sector than in other sectors. There is more work to do, however. In particular, the transfer of personal credit information to third parties, newly overseen by the Credit Information Use and Protection Act, is conceptually not unlike an agency service involving a personal data transaction on behalf of a data subject. Important questions remain concerning how to enhance the compatibility of such transfers with MyData’s ultimate goal of enabling data subjects to exercise effective control over their personal data.

키워드