关键词:个人信息保护与利用、理性预期、应用情境、数据共享、价值分析、风险评估、利益平衡
摘 要:在大数据时代,个人信息被广泛共享和使用,为个人生活、社会生产和公共管理提供了便利,但也带来了个人信息滥用的风险。个人信息具有人格尊严与自由、经济使用、公共管理等多重价值。与此同时,与个人信息相关的利益相关者越来越多样化,导致共享和使用个人信息的需求日益迫切。随着个人信息处理效率和传输速率的极大提高,个人信息的共享变得更加容易,这使得知情同意原则的应用更加困难。在这种情况下,“理性预期”规则成为大数据时代个人信息保护的新选择。本文通过应用矩阵法对应用环境下的个人信息共享风险进行评估,讨论了理性预期规则下的风险控制标准。如果评估的风险处于低风险水平,在这种情况下共享和使用个人信息符合理性预期规则;如果评估的风险处于中等风险水平,则需要及时、积极地采取措施降低风险,并重新评估风险;如果评估的风险处于高风险水平,则理性预期规则不适用,个人信息控制者应在分享个人信息之前告知信息主体并获得同意。如果应用程序中存在多个风险点,当且仅当判断的每个风险级别必须是低风险时,可以应用理性预期规则。基于理性预期规则,我们可以实现个人信息保护、数字经济发展和公共利益维护三者之间的利益平衡,从而协调推动数字创新、经济发展和社会进步,并实现个人信息的有效保护与合理利用的统一。
Abstract:In the era of big data, personal information has been widely shared and used, which facilitates personal life, social production and public management but also brings the risk of personal information abuse.Personal information has multiple values involving with personality dignity and freedom, economic use, and public management. Meanwhile, the stakeholders relevant to personal information have become more and more diverse, leading to increasingly urgent demand for sharing and using personal information. With the great improvements in the processing efficiency and transmission rate of personal information, it has become much easier to share personal information, which makes the application of the principle of informed consent more difficult. In this circumstance, "Rational Expectation"rule becomes a new option of personal information protection in the era of big data. By assessing the risk of personal information sharing with matrix method in application contexts, it discusses the criteria of risk control under rational expectation rule. If the risk assessed is at the level of low risk, the sharing and use of personal information in this context complies with the rational expectation rule; If the risk assessed is at the level of medium risk, it is necessary to take measures timely and actively to reduce the risk and reassess the risk; If the risk assessed is at the level of high risk, the rational expectation rule is not applicable, the personal information controller should significantly inform the information subject and obtain consent before sharing the personal information. If there are multiple risk points in the application context, when and only when each risk level judged must be low risk, the rational expectation rule can be applied. Based on the rational expectation rule, we can achieve the balance of interests among personal information protection, digital economic development and public interest maintenance, so as to coordinate the promotion of digital innovation, economic development and social progress, and realize the unity of effective protection and rational use of personal information.
Key:Personal Information Protection and Utilization, Rational Expectation, Application Context, Data Sharing, Value Analysis, Risk Assessment, Interest Balance
全文: DOI