摘要
在大数据时代,个人信息保护面临新的威胁和挑战。当前的个人信息保护主要依赖“基于权利的方法”,假定信息主体具有完全理性,赋予信息主体一系列权利,并以“告知—同意”和侵权损害赔偿作为主要的保障机制。实践证明,基于权利的个人信息保护法律制度在大数据时代面临认知和结构困境,个人信息保护需要进行路径重构。“基于风险的方法”承认信息主体的有限理性,将关注点从个体权利的建构转移到信息安全风险的合理分配,已经广泛嵌入新近的个人信息保护法制中。为了在个人信息保护中实施“基于风险的方法”,在自我规制层面,信息处理者应当将“基于风险的方法”融入个人信息保护合规制度体系中,形成“基于风险的合规”;在行政规制层面,个人信息保护专责机关应当通过标准设定、信息收集和行为调节三个方面完善风险规制体系,形成“基于风险的规制”;在司法救济层面,法院可以通过建立风险性损害的识别和评估机制,革新侵权“损害”概念,形成“基于风险的损害”。
In the era of big data,personal information protection faces new threats and challenges.The current personal information protection mainly relies on the“rights-based approach”,which assumes that the information subject is fully rational,grants a series of rights to information subjects,and uses“informconsent”and harms for infringement as the main guaranteed mechanism.Practice shows that the rightsbased legal system for personal information protection faces cognitive and structural dilemmas in the era of big data,and a methodological shift is needed for personal information protection.The“risk-based approach”,which recognizes the limited rationality of information subjects and shifts the focus from the construction of individual rights to the reasonable allocation of information security risks,has been widely embedded in the recent legal system of personal information protection.To implement the“risk-based approach”in personal information protection,at the level of self-regulation,information processors should integrate the“risk-based approach”into the compliance system of personal information protection to form the“risk-based compliance”;the agency responsible for personal information protection should improve the risk regulation system through three aspects:standard setting,information collection and behavior adjustment,and form a“risk-based regulation”;at the level of judicial regulation,the court can establish risky harms identification and the evaluation mechanism,innovate the concept of“harms”in infringement,and form“risk-based harms”.
出处
《法学》
CSSCI
北大核心
2022年第6期57-71,共15页
Law Science
基金
2019年国家社科基金重大项目“大数据、人工智能背景下的公安法治建设研究”(19ZDA165)的阶段性研究成果
关键词
个人信息保护
基于权利的方法
基于风险的方法
风险规制
personal information protection
rights-based approach
risk-based approach
risk regulation
