The purpose of this study is to suggest principles to protect personal information processing in order to prevent personal information infringement accidents such as misuse and misuse of personal information that are occurring, and to implement a safe service environment. For this purpose, the study conducted a literature review and case analysis focusing on AI compliance principles presented by the US, EU, Australia, and so on. In addition, principles are presented through the US presidential executive order, EU GDPR and guidelines, and Australia's reports and guidelines. Of course, South Korea is also presenting standards through separate ethical standards and guidelines by amending the Data 3 Acts and the Framework Act on Intelligent Informatization. However, overall, domestic and international standards do not specify details regarding personal information protection. Therefore, in this study, personal information protection principles are established according to the OECD and the Personal Information Protection Act. In addition to the processing of personal information, the AI service process, data collection, pre-processing and purification, and AL development and utilization principles for information protection were derived. In particular, it is necessary to comply with the law at the data collection stage, clarify the purpose and basis of data collection, and correct the accumulated data. In the pre-processing and refining stage of data, personal information protection measures and safe management, AL development and De-identification measures, measures to ensure safety, and implementation of the destruction procedure are necessary at the utilization stage.As AI services expand in the future, it is prepared to personal information protection measures and plans.