摘要
作为平衡医疗大数据应用与患者隐私保护二者价值之关键,匿名化技术愈来愈成为人们关注和研究的对象,数据匿名化处理行为的合法性也成为大数据发展在法律层面所亟需解决的问题。在欧盟和美国匿名化立法的基础之上,引入数据生命周期模型,可实现对匿名化处理行为合法性问题的全面而系统的分析研判。在生命周期模型下,合法性问题应从三个阶段进行考量:事前行为合法是数据匿名化处理行为合法性之前提条件,匿名化处理行为合法是其合法性之核心要件,事后行为的风险管控是保持其合法性之必然要求。数据匿名化处理行为合法与否必须立足数据生命周期的整体,综合考虑三阶段的合法性,作出最终判断。
In order to balance the utility of medical big data and protection of privacy,anonymization technologies are becoming a hot issue.The legitimacy of data anonymization turns to an urgent problem to be solved in the development of big data.Based on the legislation of anonymization in EU and USA,the data life-cycle model is introduced to analyze its legitimacy comprehensively and systematically.The legitimacy analysis is divided into three stages:Firstly,the legality of prior-behavior is the precondition of the legitimacy of data anonymization;Secondly,the legality of anonymization behavior is the core element;Thirdly,the residual risks controlment of post-behavior is the inevitable requirement.Depending on the data life-cycle model,the legitimacy judgement of data anonymization should be made after considering the legality of these three stages.
作者
刘业
LIU Ye(Xiamen University,Xiamen Fujian 361005,China)
出处
《信息安全与通信保密》
2020年第9期54-68,共15页
Information Security and Communications Privacy