个人信息作为企业资产——企业并购中的个人信息保护与经营者权益平衡

Personal Information as Enterprise Assets——A Balance Between the Protection of Personal Information and the Legitimate Interests of the Business Owner in Merger and Acquisition

企业并购是厘定个人信息权利与经营者权益边界的重要场景之一。在单纯的股权收购、企业的合并、分立与形式变更等情形下,原则上不产生个人信息保护的问题。在资产收购的情形下,则涉及个人数据的转让,但此时应考虑收购双方及目标公司债权人的合理利益。在美国法与欧盟法上,对于资产收购均存在数据传输无需用户同意的例外处理机制。这些机制的核心是数据主体与企业之间的利益衡量,一方面从数据主体的利益出发,考虑在资产收购后数据原本的使用目的是否能够实现;另一方面则从企业的利益出发,考虑其对于数据交易是否具有合理利益。在并购双方对于用户数据转让存在合理利益的基础上,应允许企业在并购中转移个人数据,但应给予用户事先或事后作出相反选择的权利。

Merger and acquisition is one of the important situations in which the right to personal data and the interests of business owners are defined.In principle,the personal information protection issue would not arise in cases of share acquisition and the merger,division,or the change of organizational form of enterprises.Cases of asset deal,however,involve the transfer of personal data.Yet the legitimate interests of both sides of the purchase and the creditor of the target company should also be taken into consideration in such cases.Both US law and EU law have established exceptional mechanisms for asset deal that allow the transfer of personal data without the consent of data subjects.The core of these mechanisms is the balance between the interests of data subjects and those of the company.On the one hand,from the benefit of the data subject,it is necessary to examine whether the original purpose of the use of the data can still be realized after the purchase.On the other hand,rom the benefit of company,it is necessary to consider whether the purchasing parties have legitimate interests in the transaction.If both parties to the merger have reasonable legal interests in the transfer of the personal data,the company should be allowed to transfer the personal data,on condition that the users be provided with the right to opt in or out before or after the merger.