top of page

Aeri Lee (Barun ICT Research Center )

Soomin Son (Barun ICT Research Center )

Hyunjin Kim (Korea Credit Information Services)

Beomsoo KIM (Barun ICT Research Center)

The age of Internet of Things (IoT) has arrived. At Gartner, a global research firm, IoT was listed as one of the Top 10 Strategic Technology Trends for 2016. It is estimated that IoT will consist of approximately 20.8 billion objects by 2020.


Under this IoT infrastructure, numerous objects, unknown by people, automatically collect data, which are then combined and shared through data networks. Consequently, new challenges for personal information protection have emerged under IoT.


For instance, in IoT, personal information is automatically collected by devices and used. There is not only an increase in the quantity of personal information available but also a diversification in the types of information collected, which may involve sensitive types of personal information such as personal habits, preferences, and transportation routes. In particular, because of the spread of IoT, there is a greater risk of personal information leakage as data are collected and combined far from its origins, which may enable profiling and tracing through data mining and big data analytics.


Personal information protection issues may arise at various stages of the data life cycle, from data collection, storage and management, and usage, to erasure. As a result, the issues that may arise over the life cycle from both the traditional IT and IoT infrastructures were compared (Table).


This study identified the potential issues regarding the protection of personal information and offers countermeasures. First, in order to figure out the issues, various personal information contractors in the data life cycle were analyzed and the main issues from the perspective of personal information contractors, information rights management, and personal information protection were distinguished. The analyzed issues enabled the necessary countermeasures to be identified (for example, user-friendly notifications and flexible systems for consent, systems for monitoring re-identification, the introduction of standardized contracts for cross-border personal information protection, and strengthened user education). By investigating the necessity and urgency of these countermeasures, the first necessary steps were proposed.


In expectation of tremendous development in the IoT industry, various IoT-enhancing policies have been announced. To lead in the era of IoT and ensure a safe future in the information society, it is very important to consider personal data protection in the IoT environment country-wide. In this respect, the results of this research should be a good reference for setting up provisions to achieve
two purposes: activating IoT service and strengthening personal data protection.


Improving Personal Data Protection in IoT Environments, Journal of The Korea Institute of
Information Security & Cryptology, 26(4), Aug 2016


bottom of page