EU 개인정보 역외이전 규제의 GATS 양립성이 국내 상호주의 법안에 주는 정책 시사점

초록

Being inspired by the adequacy test in EU GDPR, a reciprocity provision on overseas transfer of personal data in online services is stipulated both in ‘Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.’ going into effect this March, and amendment bill of ‘Personal Information Protection Act’ pending in National Assembly. It runs counter to common sense in that GATS requires MFN treatment as a general obligation. That question has motivated this paper to probe into trade issues and policy suggestions over the reciprocity provision by analyzing consistency of EU’s adequacy test with GATS. Research results are summarized as follows. EU’s adequacy test is not free from the infringement of GATS non-discrimination obligations. Whereas it seeks no explicit nationality-based distinction, it still could be treated as a measure discriminating between like services or service suppliers, depending on occasion. However, EU affords to make use of GATS Article XIV(general exceptions) as a defense mechanism against such a violation, since the adequacy test is formalized as a compliance measure. In contrast, Korea’s reciprocity provision is unambiguously a measure of nationality-based distinction discriminating between like online services or service suppliers. Not to mention, there exists no room to think of it as a compliance measure. In this context, it requires forward-looking modifications, including revision of the provision title written as ‘reciprocity’, preparation of sophisticated policy responses to cope with nationality-based distinction, and substantiating requirements and procedures for overseas transfer of personal data.

키워드