Comparison of personal information de-identification policies and laws within the EU, the US, Japan, and South Korea

Moon Ho Joo, Hun Yeong Kwon

Research output: Contribution to journalArticlepeer-review


In the era of big data, data creates new added value by collecting, analyzing, and transforming the thoughts and actions of economic members and creating insights that can predict the future. This means that in the near future, data-driven decisions based on data, rather than subjectivity or experience, will be the driving force behind society. However, since valuable and useful data is bound to be generated from personal information, how to safely utilize personal information is becoming an important topic in the big data era. To protect personal information in this environment, data services and database providers have increased their focus on the implementation of de-identification, a technique that can protect personal information while maintaining the usefulness of the data. Moreover, many countries have introduced new policies and laws focusing on the de-identification of personal information. Accordingly, this paper compares and analyzes how the European Union, the United States, Japan, and South Korea have recently adopted the concept of de-identification in their own personal information protection laws, and presents common trends and implications. As a comparative framework, each country's conceptual classification system related to de-identification, legal treatment, data controller obligations, and de-identification procedures was included. This study identifies the shifts made in each country's regulatory system following the introduction of the concept of de-identification. These include a shift from a binary approach to an approach that considers the identifiability spectrum, from a belief in anonymization to regulation from a risk management perspective, and from a focus on de-identification methods, to responsibility for follow-up management. This study contributes to the establishment of specialized knowledge of de-identification practices by empirically examining the current status of de-identification information-related legal systems adopted by major countries/regions. Also, the study proved the actualization of theory by confirming that the de-identification policy approach from the perspective of risk management is actually applied to the laws of each country. In addition, the attempt to present a framework for systematic comparison of de-identification systems by country provides a new perspective that can trace the trend of future de-identification system changes on a consistent basis. In addition, this study brings the gradual expansion of data policy research by expanding the research on de-identified information, which has been studied mainly in Europe and the United States, to case studies in Japan and South Korea.

Original languageEnglish
Article number101805
JournalGovernment Information Quarterly
Issue number2
Publication statusPublished - 2023 Apr
Externally publishedYes


  • Anonymization
  • Personal information
  • Pseudonymization
  • de-identification
  • personal information protection act

ASJC Scopus subject areas

  • Sociology and Political Science
  • Library and Information Sciences
  • Law


Dive into the research topics of 'Comparison of personal information de-identification policies and laws within the EU, the US, Japan, and South Korea'. Together they form a unique fingerprint.

Cite this