| |
| META TOPICPARENT | name="SecondPaper" |
|---|
-- DaljaePark - 23 Apr 2024 | | | I. Background | |
<
< | In the world of globalization and digitalization, transfer of data, especially including the “Personal Data” seems somehow irresistible flow by now. However, prior to the comprehensive revision of “Big 3 Data Acts”, including Personal Information Protection Act (“PIPA”), in August 2020, South Korean legislation de facto prohibited oversea transfer of personal data. However, following the aforementioned revision, South Korean legislation permits overseas transfer of personal data when it aligns the requirement in the Framework for overseas transfer of personal data (the “Framework”).
The Framework was understood as comparable to or incorporating core aspects of the GDPR(Global Data Protection Regulation) of the EU. This perception arose from the adequacy discussions initiated between South Korean and EU, which is started in 2017, and subsequent joint declaration of South Korea and EU of a high-level of adequacy between their respective Framework in March 2021, which was based on aforementioned revision of relevant statues of South Korea.
However, it does not inherently guarantee the Framework`s constitutionality or offer sufficient privacy protection. From my perspective, several contentious issues remain unresolved. | >
> | In the world of globalization and digitalization, transfer of data, especially including the “Personal Data” seems somehow irresistible flow by now. Prior to the comprehensive revision of “Big 3 Data Acts”, including Personal Information Protection Act (“PIPA”), in August 2020, South Korean legislation de facto prohibited oversea transfer of personal data. However, following the aforementioned revision, South Korean legislation permits overseas transfer of personal data when it aligns the requirement in the Framework for overseas transfer of personal data (the “Framework”). The Framework was understood as comparable to or incorporating core aspects of the GDPR(Global Data Protection Regulation) of the EU. However, it does not inherently guarantee the Framework`s constitutionality or offer sufficient privacy protection. From my perspective, several contentious issues remain unresolved. | | |
II. Summary of the Framework in South Korea | | | III. Discussion and Conclusion - Is the Framework enough or constitutional?
| |
>
> | a. Background - Is the "Consent" of data subject a relevant consideration?
In light of massive surveillance scandal of US and other western countries, the concept of the "Transactionality of Privacy", which is regarded as a significant assumption in privacy legal framework of many countries, may be deemed totally irrelevant and fundamentally inappropriate, as criticized in Professor Moglen`s Snowden lectures. Nevertheless, irrespective of the pedagogical or academic feasibility of such criticism, it is challenging to refute that the notion of "Transactionality" of Privacy, ensuring the right of consent, serves as the last gatekeeper for preserving fundamental constitutional rights within current legal framework anyway. Therefore, following discussion does not seek to challenge the fundamental approach of the current framework, but rather aims to analyze its deficiencies in protecting data subject`s fundamental and constitutional rights within existing legal circumstances.
b. Discussion
| | | The new Framework of South Korea places emphasis on “Separate Consent”, which differentiate between ‘consent for transfer personal data oversea’ and ‘consent to “process” personal data (including collection, generation, connecting, interlocking, recording, storage, retention, value-added processing, editing, output, correction, recovery, use, provision, disclosure, and destruction of personal information and other similar activities, as defined by Art. 2 (2) of PIPA)
However, I believe that “Separate Consent” for transferring personal data overseas does not have a substantive effect on the protection of privacy. | | | The central question is not one of procedural detail. Why is consent the relevant consideration in dealing with an essentially environmental problem? I discussed this in the Snowden lectures and again in class. If consent is the relevant consideration in what is viewed as a transactional rather than social situation, then you should be able to show that. If it is not, if standards rather than gestures of individual decision-making are actually required, then GDPR-like approaches are irrelevant where they are not harmful.
| |
>
> | (Daljae Park) I do understand your perspective on the notion of the "Transactionality of Privacy" being deemed irrelevant and misleading, as you extensively discussed in your Snowden lectures and during this semester. However, even though such a notion poses serious risks of unconstitutionality, I still believe in the importance of analyzing the deficiencies within the current legal framework. This is because (i) if a comprehensive revision of the current legal framework, which is based on your approach, cannot be achieved in the near future, ensuring the consent rights of individuals would remain one of the most favorable interim tactics to protect fundamental rights; and (ii) considering the technical aspects of legislative drafting, a microscopic revisionary approach under current legal framework is necessary alongside revolutionary macroscopic changes; and (iii) personally, as a practitioner, I could not find any alternative to protect individual`s fundamental right as well as the above mentioned concept. In summary, while I agree with your remarks, I respectfully disagree with the assertion that the concept of the "Transactionality of Privacy" is entirely irrelevant within the legal framework. Therefore, I have revised my essay briefly in accordance with your comments and have retained other discussions.
| | | |
|