GDPR的制度缺陷及其对我国《个人信息保护法》实施的警示

aInstitutional Defects of GDPR and Its Warning to the Implementation of Personal Information Protection Law in China

《统一数据保护条例》(GDPR)是披着基本权利保护法外衣的经济立法,服务于欧洲统一数据市场需要。为实现这一目标,GDPR采取提高保护水平从而增强民众对个人信息流通利用信心的路径。然而,GDPR不仅背离其制度设计初衷,而且宽泛个人信息,模糊个人识别,泛在个人信息处理,正使其实施陷入无解的困境。缓解我国《个人信息保护法》与数字经济发展冲突的出路在于:第一,清晰认知技术变迁对于个人信息保护的挑战;第二,深刻把握个人信息的社会资源属性;第三,准确理解个人信息及处理等核心概念;第四,明确主张去标识化信息可以利用规则。

GDPR is an economic legislation under the cloak of fundamental right protection,which serves the shaping of European unified data market.In order to achieve this goal,GDPR takes the path of improving the level of protection so as to enhance people’s confidence in the sharing and utilization of personal information.However,GDPR deviates from its original intention,and its implementation goes into an unsolved dilemma because of its broad personal data,fuzzy personal identification and ubiquitous data processing.The way to alleviate the conflict between China’s personal information protection law and the development of digital economy lies in:first,clearly understand the challenge of technological change to personal information protection law;second,deeply acknowledge the social resource attribute of personal information;third,accurately understand the concepts like personal information and processing;fourth,clearly advocate that pseudonymous information is available.