마이데이터 산업의 전송요구권 동의방식에 관한 고찰

A study on the method of consenting the right to data portability in the My Data industry -Focused on the principle of GDPR transparency-

My Data is a series of processes in which an individual as an information subject actively manages and controls his or her information, and utilizes it in his/her personal life in an active way, including credit management, asset management, and health management . My Data process begins with the consent of the information subject since it receives personal data from organizations that hold them and then integrates and connects them to offer customized financial services. However, the consent system under the current domestic laws and regulations is overly complex and requires those vast notifications and the purpose of use to be listed one by one. This only causes fatigue to information subjects, resulting in them to agree without fully aware of the notice in a formality. Thus, this paper tries to find out the proper method of obtaining voluntary consent from the credit information subject as a way to realize the right to data portability of them in the My Data business. The current status of domestic My Data policy and the consent method of credit information subjects indicated in the guidelines of the My Data industry was first examined (Ⅱ). Then the direction of the consent method for the right to data portability of personal credit information was reviewed by comparing the contents in Article 20 of the European General Data Protection Regulation (GDPR) and Article 33-2 of Credit Information Use and Protection Act, the right to data portability of personal credit information (Ⅲ). Based on this, this paper argues that the voluntary consent method that My Data providers receive from data subjects should be based on the principle of transparency of the GDPR when the data subject wants to exercise the right to data portability (IV).