大数据时代个人信息保护行业自律的困境与出路

Dilemma and Method on the Self-regulation of Personal Data Protection in the Era of Big Data

随着信息产业的迅猛发展,行业自律作为个人信息保护的方式之一愈来愈受到关注。早在20世纪90年代,美国政府就鼓励以自律规范保护个人隐私。然而,实践表明自律管理机制本身存在参与度低、执行力差、缺乏有效的监督与处罚机制等问题。面对大数据、云计算等新兴技术带来的冲击,自律机制仅仅是个人信息保护的必要条件而非充分条件,政府适度介入与行业自律的有机结合才是破解当前困局的有效路径。欧盟《一般数据保护条例》即采用了行业主导、政府适度干预的理念,政府在宏观层面调控和制定个人信息保护的基本框架及原则,而市场则从微观层面发挥自我管理之基础性功能。我国目前个人信息保护领域的行业自律管理尚处于初创阶段,理应在立法先行基础上进一步扩展行业协会发挥自律作用的空间。

With the rapid development of the information industry,self-regulation has become more and more concerned as one of th.e ways to protect personal data.As early as the 1990s,the US government encouraged self-regulation to protect personal privacy.However, practice shows that the self-regulation mechanism has problems such as low participation, poor execution,and lack of effective supervision and punishment mechanisms.Faced with the impact of emerging technologies such as big data and cloud computing,self-regulation is only a necessary condition for personal data protection,but not a sufficient condition.The combination of appropriate government intervention and industry Self-discipline is the effective way tO solve the current dilemma.The EU General Data Protection Regulations adopts the concept of industry-led and government-appropriate :intervention.The government regulates and formulates the basic framework and principles of personal data protection at the macro level, while the market plays a fundamental role in self-regulation from the micro level.China's current self-regulation in the field of personal data protection is still in its infancy.We should further expand the space for industry associations to play a self-discipline role on the basis of legislation.