摘要
我国目前缺乏个人数据流通规则,立法和理论研究更集中在数据权利、数据归属等方面,对数据流通关注不足。为了促进数据更好的流通以发挥其价值,有必要通过匿名化技术来解决数据流通中的隐私保护问题。但是,匿名化技术的不完美性,使得基于结果的匿名化标准无法发挥其作用,因此需要建立一种基于过程的匿名化规则。这种规则更接近于数据安全规则,注重于匿名化处理过程中不同环境下的风险评估,通过一系列考量因素确定一种动态的匿名化标准。满足这一标准的个人数据被视为不具有可识别性,可以不经用户同意而流通,但数据控制者必须在流通过程中持续监督匿名化效果,一旦发生隐私泄露危险将依据过错承担责任。
There is a lack of rules for the circulation of personal data in China.The legislation and theoretical research are more focused on the aspects of data rights and data ownership,and insufficient attention is paid to the circulation of data.In order to promote the better circulation of data and give full play to its value,it is necessary to solve the privacy protection problem in data circulation through anonymization technology.However,due to the imperfection of anonymization technology,the resultbased standard of anonymity cannot play its role,so it is necessary to establish a process-based rule of anonymity.This kind of rule is more similar to the data security rule,which focuses on the risk assessment in different environments during the anonymization process,and determines a kind of dynamic anonymization standard through a series of factors.Personal data that meets this standard is deemed not identifiable and can be circulated without the consent of the user.However,the data controller must continue to monitor the effect of anonymization during the circulation process,and will be liable for any risk of privacy disclosure based on fault.
作者
陈子朝
Chen Zizhao(East China University of Political Science and Law,Shanghai 200042)
出处
《网络空间安全》
2020年第7期48-54,共7页
Cyberspace Security
