摘要
疫情防控过程中,中国政府与互联网企业或通过健康认证方式收集数据,或运用“接触追踪”的大数据分析手段确定确诊患者或疑似患者的行踪轨迹。当下,我国疫情防控面临着数据收集处理的合法性不足、个人敏感信息的界定不明、个人信息强制收集及改变信息使用目的过程中的告知程序缺位、个人信息收集存储使用权限与数据安全保护责任不匹配等问题。观之域外欧盟GDPR在抗疫过程中对个人信息收集与处理所规定的数据最小化原则与目的限定原则,未来中国在重大公共卫生领域中应首先对数据收集处理主体的权责划分作出清晰的界定,其次对个人信息收集采“目的明确”“最小够用”标准,并在数据存储、数据对外公开方面加以严格限制,最后应建立“接触追踪”技术的算法审计与算法解释制度。
In the process of epidemic prevention and control,the Chinese government and Internet companies collect data through health certification or use big data analysis methods of“contact tracking”to determine the trajectory of diagnosed or suspected patients.At present,the collection and processing of personal information in the field of public health in China is faced with such problems as follows:the insufficient legitimacy of data collection and processing,the unclear definition of personal sensitive information,the absence of informing procedures in the process of compulsory collection of personal information and change of the purpose of information use,the mismatch between the use rights of personal information collection and storage as well as the responsibility of data security protection.In view of the principle of data minimization and purpose limitation stipulated by the EU GDPR on personal information collection and processing in the process of anti-epidemic,China should first clearly define the division of powers and responsibilities of data collection and processing subjects in the key areas concerning public health in the future.Secondly,China should adopt the standards of“clear purpose”and“minimum sufficiency”for personal information collection,and impose strict restrictions on data storage and data publicity.Finally,algorithm audits and interpretation systems of“contact tracking”technology should be established.
出处
《地方立法研究》
CSSCI
2022年第4期49-59,共11页
Local Legislation Journal
基金
四川省社会科学重点基地“纠纷解决与司法改革研究中心”资助课题(2021DJKTb1)阶段性成果。
关键词
接触追踪
个人信息
健康码
算法审计
算法解释
contact tracking
personal information
health code
audits of algorithms
explanation of algorithms
