论欧盟GDPR中个人数据保护与“同意”细分

Personal Data Protection and "Consent" Segmentationin EU GDPR

欧盟新颁的《一般数据保护条例》(GDPR)将区分“无争议同意”与“明示同意”作为保护个人数据的重要条款提出,但“同意”细分是否必要则是一个值得商榷的话题。GDPR通过将同意进行细分增加了对个人数据保护的门槛,这种繁琐的程序究竟在多大程度上有助于提升个人数据的保护程度引发了理论界和实务界的讨论。同意规则的制定与实施是保护数据主体的个人数据安全的重要环节,表明了对数据主体信息自决权的尊重,但严格说来,“同意”程序的繁琐性在可能会让数据主体无所适从的同时,还会给在线服务商增加额外的困难与成本,最终可能导致同意条款非但不能起到保护数据主体的作用,反而成为在线服务商收集与处理数据的责任转移工具。欧盟GDPR在个人数据保护问题上,除了具有强化了“知情同意”规则的积极意义的同时,也具有需要人们关注其在权利与责任问题上没有厘清的局限性,因此需要对其在个人数据保护中的意义与局限性做具体的分析与理解。

Although EU newly promulgated General Data Protection Regulation(GDPR)will differentiate unambiguous consent from explicit consent as an important means of protecting personal data,it is a controversial topic whether this cumbersome procedure can help to enhance the protection of personal data or not.The formulation and implementation of consent rules is a key process to protect the personal data security of data subject,which shows respect for self-determination rights of information in data subject.But strictly speaking,the cumbersome nature of the consent procedure will not only make the data subject at a loss,but also add additional difficulties and costs to online service providers,which may eventually lead to consent clauses not only failing to protect the data subject,but also becoming the responsibility transfer tool for online service providers to collect and process data.On the issue of personal data protection,GDPR not only strengthens the positive significance of the principle of informed consent,but also has the limitation that people need to pay attention to its unclear rights and responsibilities.Therefore,we need to make a specific analysis and understanding of its significance and limitation in personal data protection.