The features of IoT(Internet of Things), Blockchain and AI(Artificial Intelligence), such as continuous processing of vast amounts of data, flexibility and variability in the scope and purpose of use, distributed processing by multiple actors, automated processing without human intervention, and complexity of data analysis, -inevitably lead to conflict with personal information protection laws. In particular, it is not easy to obtain prior consent, as informed consent, of data subjects in such a technology environment. Some solutions for this problem have been proposed, but there is a further fundamental issue that the practice of personal information protection laws have heavily relied on the prior consent mechanism. It causes that other mechanism for personal information protection is treated lightly and all the responsibility for personal information protection is shifted to the data subject. The data subject who can’t understand or is unconcerned with the effect of consent is making reckless consent or reject categorically without any consideration of implication of sharing information. The processor of personal information who use a consent of the data subject as a means of exemption is trying to obtain the consent by the irregular and evasional way. On the other hand, the processor who really tries to obtain the informed consent of the data subject is confronting the unreasonable cost of regulation and increasing legal risks in the IoT and AI environment. In this situation, the new introduced pseudonymized information system replacing consent with de-identification processing is criticized by both the data subject and the processor due to legal uncertainty and insufficient protection of data subject. While the consent of the data subject is just a passive expression of permission and one of the various legal basis for lawful processing of personal information, the right to informational self-determination as a constitutional fundamental right and moral right is an active right which can control autonomously the flow of personal information in the modern informational society. Therefore, it is wrong understanding to recognize the right of the consent of the data subject as the right to information self-determination, or an essential content of the right to information self-determination. The right to information self-determination can be realized by active protection of data subject interest and expansion of the use of data, not by passive consent. The data subject and the processor should be cooperative through a fair agreement to obtain a mutual benefit when utilizing personal information. We should focus on guaranteeing the rights of data subject for active involvement in the entire process of personal information and the post-control through the enhancement of transparency and auditability. It is very important in the interoperability model of IoT, blockchain and AI which can create social and economic values by using data flow. Also, the data subject should not bear all the burden of the protection of the right to information self-determination, but the public and the private sectors as well as the data subject need to share the burden. Therefore, the key is how to build a governance system based on ethical legitimacy and mutual trust. We can realize the fair agreement model upgraded from the consent model by using data platforms often mentioned in the era of artificial intelligence and big data. The data subject can keep control of his/her personal information and make use of it effectively with a MyData model that has technical support such as data management and storage systems such as PIMS and PDS and legal support of right to data portability. But It is not sufficient for the fair agreement model.