서면 답변 · 2024-04-03 · 국회 14
개인정보 삭제권 및 구제 메커니즘
의원이 개인정보 보호법에 개인정보 삭제권 및 관련 구제 메커니즘이 포함되어 있는지를 질의하였습니다. 정부는 법률이 조직들에게 데이터가 더 이상 필요하지 않을 때 보존을 중단하거나 적절히 처분하도록 규정하고 있으며, 동의 여부와 관계없이 개인정보 보호위원회가 조직에 데이터 삭제 또는 사용 중단을 명령할 권한이 있다고 응답하였습니다. 핵심 논쟁은 명확한 「삭제권」 조항 및 그 이행 보장이 존재하는지 여부입니다.
핵심 요점
- • No explicit right to erasure clause
- • Strict limits on data retention
- • Regulator has enforcement power
현행 법률 규정 및 감시 메커니즘 지지
명확한 삭제권 보장 부족에 의문
데이터 보유 및 폐기 감시 강화
“The Personal Data Protection Commission (PDPC) has the power to direct the organisation to destroy, or stop collecting, using or disclosing, the personal data concerned.”
참여자 (2)
영어 원문
SPRS Hansard · Fetched: 2026-05-02
27 Mr Chua Kheng Wee Louis asked the Minister for Communications and Information given the absence of a 'right to erasure' clause, whether the Personal Data Protection Act 2012 provides for (i) individuals who have not given consent for the collection, use, or disclosure of their personal data and requiring an organisation to delete their personal data upon request and (ii) the recourse for such individuals if the organisation does not do so.
Mrs Josephine Teo : The Personal Data Protection Act (PDPA) requires an organisation to cease retention of personal data or dispose of it in a proper manner when it is no longer needed for the purposes it was collected for, or other legitimate business or legal purpose.
This requirement applies regardless of whether consent had or had not been given for the organisation's collection, use or disclosure of personal data. Retention limits under the PDPA sufficiently safeguard the further use of an individual's personal data. If the organisation does not adhere to these requirements, the Personal Data Protection Commission (PDPC) has the power to direct the organisation to destroy, or stop collecting, using or disclosing, the personal data concerned.