Chapter 1: Why Regulate Personal Information and Personal Credit Information?

Section 1: Concept of Personal Information and Personal Credit Information 3
Section 2: The Concept of Pseudonymous Information and Anonymous Information 13
Section 3: The Basis for Regulating Personal Information and the Basic Philosophy of Interpreting the Personal Information Protection Act 25

Chapter 2: How are personal information and personal credit information regulated according to their life cycle?

Section 1 Collection and Use of Personal Information and Personal Credit Information 37
Section 2 Processing and Use of Personal Information and Personal Credit Information 102
Section 3 Provision and Transfer of Personal Information and Personal Credit Information 163
Section 4 Destruction of Personal Information and Personal Credit Information 200

Chapter 3: How are personal information and personal credit information regulated for safe management?

Section 1 Safety Measures Obligation 210
Section 2: Establishment and Disclosure of Personal Information Processing Policy, Evaluation and Recommendations for Improvement, and Public Announcement of Credit Information Utilization System 234
Section 3 Registration and Disclosure of Personal Information Files 240
Section 4 Designation of Personal Information Protection Officer and Credit Information Manager/Protector 243
Section 5 Designation of Domestic Agent 258
Section 6 Personal Information Protection Certification 263
Section 7 Personal Information Impact Assessment 271
Section 8 Notification and Reporting of Personal Information Leaks, etc. and Notification of Leakage of Personal Credit Information, etc. 279
Section 9 Deletion and Blocking of Exposed Personal Information 288

Chapter 4: How are regulations implemented to protect the rights of information subjects and individual credit information subjects?

Section 1: Rights of Information Subjects and Individual Credit Information Subjects 296
Section 2 Access to Personal Information and Personal Credit Information 304
Section 3 Correction and Deletion of Personal Information and Personal Credit Information 309
Section 4 Request for Suspension of Personal Information Processing 316
Section 5. Rights of data subjects regarding automated decisions, explanations of automated evaluation results for individual credit information subjects, and objections, etc. 322
Section 6 Request for Transmission of Personal Information and Personal Credit Information 333
Section 7. Notification of the source of personal information collected from sources other than the data subject, etc. 381
Section 8: Notification of Personal Information Use/Provision Details and Request for Notification of Credit Investigation Facts, etc. 385
Section 9 Guarantee of Compensation for Damages 395

Chapter 5: How to handle and remedy violations of personal information and personal credit information?

Section 1: Surcharges 408
Section 2: Opinions, Recommendations for Improvement, and Corrective Actions, etc. 421
Section 3: Reporting, Disciplinary Recommendations, and Publication of Results 425
Section 4 Fines 431
Section 5 Penalties, Confiscation, and Collection, etc. 443
Section 6 Liability for Damages and Statutory Damages 456
Section 7 Personal Information Dispute Mediation Committee 468
Section 8 Personal Information Class Action Lawsuit 483

Chapter 6 Who Regulates Personal Information and Personal Credit Information?

Section 1 Personal Information Protection Committee 492
Section 2 Financial Services Commission 514
Section 3 Relationship with Other Laws 518

preface

We published a commentary on the Personal Information Protection Act in 2020 and a commentary on the revised Personal Information Protection Act and Credit Information Act in 2023.
The books published so far were titled “Law Commentary” because they were commentaries on related laws, but this time, instead of Jinhan M&B, an IT publishing company that published commentaries on the Telecommunications Act, Radio Waves Act, Terminal Distribution Act, and Personal Information Protection Act, we have published the Personal Information Protection Act and Credit Information Act with Park Young Sa, a law publishing company.
The reason for publishing the Personal Information Protection Act and the Credit Information Act is that the first revision of the Enforcement Decree of the Personal Information Protection Act in accordance with the 2023 revision of the Personal Information Protection Act was completed in the second half of 2023, but the second and third revisions of the Enforcement Decree of the Personal Information Protection Act were carried out after the publication of the commentary on the Personal Information Protection Act and the Credit Information Act, making it inevitable to publish a new book in the nature of a revised commentary on the Personal Information Protection Act and the Credit Information Act.
In particular, the enforcement ordinance related to My Data introduced in the Personal Information Protection Act had to be reflected, but due to the notice of re-legislation, the revision of the enforcement ordinance took longer than expected, so the publication was pushed forward taking into account the class and lecture schedule.
In addition, there have been cases in which major precedents regarding the Personal Information Protection Act have been confirmed by the Supreme Court, and there have been changes in domestic systems related to the Personal Information Protection Act. This revised edition of the commentary on the Personal Information Protection Act and the Credit Information Act has been written to reflect all of these related precedents and policy changes.


Meanwhile, in addition to the EU GDPR (General Data Protection Regulation), which is the mother of the Personal Information Protection Act, the EU Artificial Intelligence Act, the EU Digital Service Act, and the EU Digital Market Act have been enacted and implemented. Since these laws are thought to have a significant impact on the protection of personal information, I wanted to explain the related issues.
In addition, while previously published commentaries on the Personal Information Protection Act and the Credit Information Act explained the personal information protection laws and systems of the United States and Europe, they did not explain the personal information protection laws and systems of Japan and China. This revised edition attempts to explain the personal information protection laws and systems of Japan and China.

In particular, the main focus in writing this Personal Information Protection Act and Credit Information Act was given to the fact that there were many criticisms that the existing commentaries on the Personal Information Protection Act and the Personal Information Protection Act and the Credit Information Act were poor in readability and had many typos. We took these criticisms into account and made every effort to improve readability and reduce typos.
This is because, while teaching the Personal Information Protection Act to undergraduate students at Yonsei University, I once again realized that there were problems with typos and readability.
Of course, I think there are many shortcomings despite these efforts, but I believe that these are all the author's shortcomings.
In addition, in order to understand the Personal Information Protection Act and the Credit Information Act, the parts of the Information and Communications Network Act that are related to it were explained in this Personal Information Protection Act and the Credit Information Act. This is because, while teaching the Information and Communications Network Act at Yonsei University Law School, I felt that if a revised edition were to be published, it would be necessary to organically link and explain the Personal Information Protection Act, the Credit Information Act, and the Information and Communications Network Act.


This edition of the Personal Information Protection Act and the Credit Information Act is effectively the second revision of the commentary on the Personal Information Protection Act published in 2020, and the continued publication of this book is of great significance to the author.
I would like to express my gratitude to the readers who read my poor book.
I would like to express my gratitude to Planning Director Cho Seong-ho, who readily assisted Park Young-sa in publishing the Personal Information Protection Act and the Credit Information Act, which were insufficient at the time.
I would like to thank Assistant Professor Jihyun Ahn for her help with proofreading this time, and I wish her continued academic success.
I am always grateful to my family, and finally, I wish the readers who have read this book and shown interest in it good health and happiness for their families.

February 2025
At Yonsei University
Shin Jong-cheol