区块链与个人信息保护法律规范的内生冲突及其调和

Reconciliation of the Internal Conflict between Blockchain and Legal Norms of Personal Information Protection

尽管区块链在个人信息保护领域有重大应用前景,但其技术架构与个人信息保护规范存在内生冲突。这体现在区块链不可篡改性与个人信息删除、更正的冲突,区块链信息透明与个人信息保密规范的冲突,区块链完整性与个人信息目的限制、数据最小化的冲突,区块链分布式架构与个人信息中心化责任体系的冲突。考虑到个人信息法益的特殊属性,需要采用“利益平衡”的立场来选择区块链与个人信息保护规范衔接的路径。这就要求依据“相对删除论”判断个人信息删除、依据“去标识化”评价个人信息保密、采用“场景化解释”分析数据收集的目的、采用“实质控制论”划定责任主体范围。依据上述路径,在制度上明确个人信息区块链应用必须遵循的脱链存储与密钥删除、非明文存储与承诺模式、许可区块链与轻量级节点、区块链修剪与零知识证明的技术架构,由此实现区块链与个人信息保护法律规范的有效衔接。

Although blockchain has great application prospects in the field of personal information protection,there are many conflicts between its technical architecture and the existing legal norms.This is embodied in the conflict between the immutability of the blockchain and the deletion and correction of personal information,the conflict between the transparency of blockchain and the confidentiality of personal information,the conflict between the decentralization of blockchain and the centralized responsibility system of personal information,the conflict between the integrity of blockchain and the purpose limitation,the data minimization of personal information.Considering the special attributes of personal information,it is necessary to choose the solution path of the blockchain legitimacy dilemma from the perspective of balance of interest,so as to balance the interests of network operators and personal information subjects.This requires proceeding the deletion of personal information according to the “relative deletion theory”,evaluating the confidentiality of personal information according to the “de-identification theory”,delimiting the scope of the subjects’ responsibility through the “substantive possession theory”,and analyzing the purpose of data collection through the “contextual interpretation”.Under the guidance of the above theories,the customized technology schemes of off-chain storage and deletion of decryption keys,storage without cleartext and the commitment form,permissioned blockchain and lightweight nodes,pruning of blockchain and zero-knowledge proof were selected respectively to resolve the legal dilemma of the application of blockchain in the field of personal information.