Suggestions for the Protection of Personal Information
At the heart of a smart city is the storage, integration, and management of city data in a data hub, obtained through the Internet of Things (IoT), mobile devices, and various service platforms in a cloud system. It provides intelligent services based on artificial intelligence to solve urban problems such as security, transportation, energy, and healthcare. As such, smart cities are based on the flow of data, making the processing and protection of personal information one of the most critical major legal issues in data collection and analysis. Smart cities will bring a number of benefits, such as convenience and efficiency, new services, and security. On the other hand, issues related to the protection of personal information, such as the invasion of privacy due to the risk of personal information leakage, the misuse and abuse of personal information, and data security concerns, may arise regardless of the consent of the subject of the information. In addition, as even non-identifiable information becomes identifiable depending on how it is collected, combined, and analyzed, it is no longer protected within the regulatory scope of the current personal information protection legislation, resulting in a regulatory vacuum. The current “Act on the Promotion of Smart City Development and Industry,” “Personal Information Protection Act,” and other laws on the processing and protection of personal information do not promptly reflect the social changes brought about by the development of digital technology, and have certain limitations in solving the above-mentioned problems. Therefore, it is necessary to adapt the content of personal information prescribed by these laws to the era of the Fourth Industrial Revolution. However, in the digital information environment, the opt-in method of personal information protection laws based on the consent of the information subject has fundamental limitations in solving the problems of using personal information in smart cities. Therefore, the following measures should be considered: the introduction of an opt-out method combined with an opt-in method depending on the type of information, the development of a system for tracking the collection and use of personal information, and the inclusion of personal information protection indicators in the smart city certification system.