摘要
[目的/意义]我国现行的个人信息授权仍停留于最原始的"概括授权+例外"模式,该模式下的个人信息类型化不充分导致了再利用成本巨大、授权形式化和目的限制原则落空等问题。[方法/过程]欧盟的GDPR模式通过充分保护原则使信息主体的控制权延展至大数据流转的各个环节,而美国的"场景风险"模式则通过场景下的风险自评授予企业更大的数据利用自主权。综合借鉴上述两种模式的优点对我国个人信息授权制度加以改造。[结果/结论]在初始收集阶段以重要性理论为基础建立三维度四层次的类型化方案,不同类型个人信息采用不同授权要求以强化个人信息的安全保护;在信息再利用阶段则以提升利用效率为导向,开放"情景一致"前提下的个人信息再利用,在超越原始"情景"的利用中引入第三方风险评估机制以实现层次化的信息安全保护。
[Purpose/significance]The current authorization mode of personal information in China is still stuck in the most primitive "generalized authorization + exception" mode,which leads to such problems as huge reuse cost,formalization of authorization and the failure of purpose restriction principle.[Method/process]The GDPR model of the EU strives to extend the rights of information subjects to every link of the big data flow through the principle of full protection,while the "context risk" model of US grants enterprises greater data autonomy through the self-assessment of context risk.[Result/conclusion]Based on the theory of importance,a three dimensional and four level model is established in the stage of initial collection.Different types of personal information adopt different authorization requirements to strengthen the security protection of personal information.In the information reuse stage,it is oriented to improve the utilization efficiency.It will be helpful to open the reuse of personal information under the premise of "consistent context" and introduce a third-party risk assessment mechanism to achieve hierarchical information security protection in the utilization beyond the original "context".
出处
《情报理论与实践》
CSSCI
北大核心
2020年第3期37-43,共7页
Information Studies:Theory & Application
基金
国家社会科学基金项目“网络服务提供商法律责任体系研究”(项目编号:13CFX082)
天津市高校“中青年骨干创新人才培养计划”
天津商业大学“青年英才百人计划”的研究成果。
关键词
个人信息
授权模式
数据安全
数据风险评估
personal information
authorization mode
data security
data risk assessment
