摘要
个人信息概念是个人信息保护制度的基础。但个人信息概念面临范围不确定、去标识化信息性质不明、匿名化信息是否受保护等难题。个人信息概念之所以不确定,是因为个人信息高度依赖场景,因个人信息识别目标、识别主体、识别概率、识别风险的不同而不同。在技术与产品飞速发展的今天,更难找到确定不变的个人信息界定规则。应放弃个人信息与非个人信息的绝对化区分,将个人信息视为规制信息关系的制度工具,根据具体场景与制度功能确定个人信息的范围及其规制方式。在监管层面,可以采取个人信息、可识别个人信息、非个人信息的三分法而进行功能性的分类规制;在司法层面,可以进一步进行场景化规制,利用自下而上的案例确定个人信息的范围和保护制度。通过规制三分法与司法案例法,可以建立模块化的个人信息分类保护制度。
Though the concept of personal information is the basis for its protection,its scope can hardly be determined,faced with challenges such as the unclear nature of de-identified information and the unanswered question whether anonymous information need to be protected or not.As the personal information is highly dependent on the context,varying with the different objectives,subjects,probabilities and risks in its identification,that is why it is hard to be well-defined according to a fixed criterion,especially in an era of rapid development of technology and products.Therefore,its distinction from non-personal information shall be abandoned,and it should be regarded as an institutional tool for regulating information relations.Its scope and ways of regulation should be determined according to particular context and institutional function.In its regulation,a tripart system of personal information,identifiable personal information and non-personal information can be adopted according to the functions to be fulfilled.In judicial practice,further contextual regulations can be carried out,using the bottom-up cases to determine the scope and ways for personal information protection.In this way,a modularized personal information protection system is established.
出处
《比较法研究》
CSSCI
北大核心
2022年第5期46-60,共15页
Journal of Comparative Law
基金
最高人民法院2022年度司法研究重大课题“算法技术的法律规制研究”(项目编号:ZGFYZDKT202211-01)的研究成果。
关键词
个人信息
识别
去标识
匿名化
场景化
personal information
identification
de-identification
anonymization
context
