摘要
个人信息保护与个人信息利用之间的本源性冲突,在匿名化处理问题上转化为匿名化处理的有效性与匿名信息实用性之间的矛盾。匿名信息的实用性、匿名化处理的场景性暗含了匿名化处理的再识别风险。我国应在立法中正面承认匿名化处理再识别风险的存在,并明确禁止信息控制者及第三人对匿名信息进行再识别;信息控制者应将技术措施和管理措施相结合,在事前、事中、事后分阶段对匿名化处理的再识别风险予以防范,尤其注重通过匿名信息使用协议防范再识别风险;还可构建基于再识别风险的匿名信息分级披露制度。
As for the issue of anonymization,the original conflict between the protection of personal information and the use of personal information turns into the conflict between the effectiveness of anonymization and the utility of anonymous information.The utility of anonymous information and the context dependence of anonymization imply the re-identification risk of anonymization.China should directly recognize the existence of the re-identification risk of anonymization in legislation,and explicitly prohibit the re-identification by information controllers and the third party;the information controllers should combine the technical measures with management measures to prevent the re-identification risk in stages before,during and after the anonymization,and pay special attention to the prevention of the re-identification risk through anonymous information use protocol;at the same time,we can also construct a classified disclosure system of anonymous information based on the re-identification risk.
作者
张建文
程海玲
Zhang Jianwen;Cheng Hailing(School of Civil and Commercial Law,Southwest University of Political Science and Law,Chongqing 401120,China)
出处
《西北民族大学学报(哲学社会科学版)》
CSSCI
2020年第3期76-86,共11页
Journal of Northwest Minzu University(Philosophy and Social Sciences)
基金
西南政法大学2019年度学生科研创新项目“个人信息匿名化处理法律规范的反思与重构”(项目批准号:2019XZXS-026)。
关键词
个人信息
匿名化处理
再识别风险
禁止再识别
隐私承诺
personal information
anonymization
re-identification risk
prohibit re-identification
privacy promise
