摘要
我国现行个人信息保护法律规范存在体系化弊端。保护路径选择上具有强烈规制法、管理法色彩,缺乏对企业内部合规机制建构的关注,导致法律实施的内生性、持续自律机制运行不畅。德国《数据保护法》、欧盟《通用数据保护条例》的立法例和司法实践表明,个人信息保护的实现有赖于与公司内部治理机制的制度对接。对接的实现路径便是法定义务的内部化,即将法定个人信息的保护义务内化为公司董事(对公司)的勤勉义务(合法义务)。内化机制构建的逻辑起点是个人信息保护义务的法理定位。而内化机制构建的重点则是个人信息保护义务作为董事勤勉义务的具体化。诉讼主体资格、举证责任风险的分配以及损害赔偿额的惩罚性则是激活内化机制司法适用性的关键。
There are systematic defects in the current legal norms of personal information protection in China. The choice of protection approaches depends heavily on public and regula- tory instruments and lacks attention to the construction of internal compliance mechanism, re- sulting in poor operation of the endogenous and continuous self-discipline mechanism of law enforcement. The legislation and judicial practice of the German Data Protection Law and the EU General Data Protection Regulations show that the realization of the protection of personal information depends on the internal corporate governance mechanisms. The key instrument is the internalization of the legal obligation, which internalizes the protection obligation of the statutory personal information into the diligence obligation (legal obligation) of the company director (to the company). The logical starting point of the internalization mechanism is the legal characteristic of personal information protection obligations. The focus of the internalization mechanism is the specificity of the personal information protection obligation as directors' duty of care and diligence. The procedural qualifications, the distribution of the burden of proof and the punitive nature of the damages are crucial to activating the judicial applicability of the internalization mechanism.
出处
《财经法学》
2018年第5期21-33,共13页
Law and Economy
基金
西南财经大学中央高校基本科研资助项目"非上市公司治理中董事勤勉义务规则优化与实施研究"(项目编号:JBK1801074)
四川省社会科学研究"十三五规划"2017年度课题"四川自贸区内资企业合规风险及防范机制构建研究"(项目编号:SC17FZ020)
关键词
个人信息保护
公司治理
勤勉义务
合法义务
Protection of personal information
Corporate governance
Duty of diligence
Duty of legality
