摘要
对于合法公开个人信息衍生利用是否需要告知信息主体并征得其同意这一命题,法律规范呈现三种态度,司法实践亦呈各异形态。完全告知同意论未能正视合法公开个人信息的“非典型个人信息”特性,不具有逻辑自洽性与现实可行性,有违信息主体的意思自治。告知同意豁免论未能关注合法公开个人信息的“非典型公共物品”特性,忽视了对人格尊严和自由的尊重,并会加剧对信息主体的侵害。有限告知同意论能准确契合双重特性,协调交易成本与安全保护的利益冲突,兼顾合法公开个人信息的社会公共面向和个人识别面向。有限告知同意论的具体展开应对合法公开个人信息衍生利用情形进行类型化构造,分别适用择入式和择出式同意,同时通过安全影响评估制度进行全周期风险调控。
For the proposition of whether the derivative utilization of legally disclosed personal information needs the informed consent of the information agent,we find three attitudes in the legal norms,and different forms in judicial practice.The theory of fully informed consent fails to face up to the “atypical personal information”characteristic of legally disclosed personal information. Besides,it has no logical self-consistency and realistic feasibility,and violates the will autonomy of the information agent. The theory of informed consent exemption fails to pay attention to the“atypical public goods”characteristic of legally disclosed personal information. It ignores the respect for personal dignity and freedom,and will aggravate the infringement on the information agent. The theory of limited informed consent is capable of accurately fitting the dual characteristics,coordinating the conflict of interest between transaction costs and security protection,and taking into account the social public aspect and personal identification aspect of legally disclosed personal information. To concretely develop the theory of limited informed consent,typed construction should be carried out on the derivative use of legally disclosed personal information,select-in consent and select-out consent should be applied respectively,and the whole cycle risk should be regulated through the safety impact assessment system.
作者
王爽
WANG Shuang(School of Law,Southeast University,Nanjing 211189,China)
出处
《浙江工商大学学报》
CSSCI
北大核心
2022年第2期158-168,共11页
Journal of Zhejiang Gongshang University
基金
国家社会科学基金重点项目“大数据与刑事司法的内生冲突及其双向调和研究”(21AFX013)。
关键词
个人信息
公共物品
有限告知同意
安全影响评估
personal information
public goods
the theory of restrictive informed content
the security impact assessment system
