Since utilization of data has become recognized as an important economic growth engine in the Fourth Industrial Revolution era, there is a growing need to modify the legal system to enable a balance to be achieved between utilization and protection of personal information.

In relation to the above, the concept of “de-identified information,” which is widely used in Korea in terms of utilization of personal information, is a combination of “anonymous information” and "pseudonymized information,” which are concepts most other countries distinguish when using, such that there may be confusion in terminology, which led some people to point out that there needs to be modification of laws related to safe utilization of personal information based on clear conceptual foundations.

Therefore, this proposal aims to stipulate that anonymous information, which has been produced after subjecting personal information to value-added processing such that it cannot be used to identify a person even when combined with other information, does not fall under this Act and may be utilized freely, and that pseudonymized information, which has been produced after subjecting personal information to value-added processing such that it cannot be used to identify a certain person without being combined with other information, may be utilized along with protective measures, thereby providing a systematic legal framework for seeking utilization and protection of personal information (Articles 2-2 and 22-2, newly inserted).

Prescribe that pseudonymized information, which has been produced after subjecting personal information to value-added processing such that it cannot be used to identify a certain person without being combined with other information, may be utilized along with protective measures (Article 22-2)

- Ensure that when a personal information controller wishes to use pseudonymized information for a purpose other than that for the original personal information or to provide such pseudonymized information to a third party, he/she shall bear obligations related to pseudonymized information consisting of: informing the data subject of the matters contained in each of the following subparagraphs, and in case the data subject requests suspension of use or provision of the pseudonymized information, abiding by such request; and refraining from practices aimed at producing personal information in the course of processing pseudonymized information, etc.