基于OECD个人数据分类的“通知—同意”原则的有效性困境与出路

Validity Dilemma and Solutions of“Notice-Consent”Principle Based on a New Personal Data Taxonomy Proposed By OECD

[目的/意义]大数据环境下,“通知—同意”原则作为个人数据处理正当性基础之地位受到质疑,期望找到一种可以使其继续发挥效用并能充分保护个人数据的出路。[方法/过程]利用文献法介绍了OECD个人数据分类和“通知—同意”原则的独特价值及其在若干国家数据隐私法中的界定、适用条件。基于OECD个人数据分类分析了“通知—同意”原则的有效性困境,包括通知的获取成本上升、通知不能充分保障数据主体的知情权、二元同意不利于个人数据保护、同意不能有效实现数据主体的控制权。[结果/结论]提出围绕降低通知的获取成本、创新性提供隐私通知、推行分等级同意和撤回同意、实施“情境合理+拟制同意”模式、增设合理推断权以强化数据隐私保护等策略进行解困。

[Purpose/Significance]In the context of big data,the status of the“notice-consent”principle as the basis of the legitimacy of personal data processing is questioned,hoping to find a way to make it continue to play a role and fully protect personal data.[Method/Process]This study used the documents method to introduce a new data taxonomy proposed by OECD and the distinctive values of privacy“notice-consent”principle,its stipulations in data privacy laws of some countries and international organizations were introduced and the application conditions of“notice-consent”principle were analyzed.Then,validity dilemma for“notice-consent”principle based on a new data taxonomy proposed by OECD was analyzed,including the rising acquisition cost of the notice,the notice can not fully guarantee the data subject's right to know,binary consent is not conducive to personal data protection,and consent cannot effectively realize the control right of the data subject.[Result/Conclusion]At last,some solutions were proposed,like reducing the acquisition cost of notices,innovatively providing privacy notices,practicing graduated consent and the withdrawal of consent,implementing the mode of“situational rationality+pseudo-consent”and adding right to reasonable inferences to strengthen data privacy protection.It is expected that they can not only promote the full protection of personal data,but also promote the development of big data application.