摘要
《个人信息保护法》第55条明确提出了个人信息处理者在开展个人信息处理活动前进行个人信息保护影响评估的要求。国际上在个人信息处理领域存在隐私影响评估、数据保护影响评估、算法影响评估三种典型样态。隐私影响评估与数据保护影响评估的保护范围大致相同;数据保护影响评估主要关注个人权利的保护,算法影响评估具有更广泛的社会公共利益价值导向。我国个人信息保护影响评估在制度定位上与数据保护影响评估一脉相承,应更多纳入对社会群体造成影响的公共利益方面的考量。个人信息保护影响评估制度缺乏向公众强制披露的机制,同时带来了监督与问责的障碍,需要充分整合政府机构、社会公众、行业组织等多元力量建立协同监督的客观机制,以弥补现有个人信息保护影响评估制度透明度、正当程序、公众审查空间不足的问题。
Article 55 of the Personal Information Protection Law clearly stipulates personal information protection impact assessment by personal information processors before personal information processing activities.There are three typical modes in the international field of personal information processing:privacy impact assessment,data protection impact assessment,and algorithmic impact assessment.Privacy impact assessment and data protection impact assessment roughly cover the same protection scope;data protection impact assessment mainly focuses on the protection of individual rights,and algorithmic impact assessment is more broadly oriented towards social and public interest values.China’s impact assessment of personal information protection is in the same line with data protection impact assessment in terms of institutional positioning,and should include more considerations of public interest that influences social communities.The system of personal information protection impact assessment lacks the mechanism of mandatory disclosure to the public,which brings supervision and accountability obstacles.Full integration of government agencies,the public,industry representatives,and external experts is required to establish a plural and objective mechanism of collaborative supervision,so as to complement the deficiencies in the transparency,due procedures,and public review space of the existing personal information protection impact assessment system.
作者
石佳友
曾佳
SHI Jiayou;ZENG Jia
出处
《西北工业大学学报(社会科学版)》
2022年第4期90-102,共13页
Journal of Northwestern Polytechnical University(Social Sciences)
基金
国家社会科学基金重大项目“健全以公平为原则的产权保护制度研究”(20ZDA049)。
关键词
个人信息保护影响评估
隐私影响评估
数据保护影响评估
算法影响评估
协同治理
personal information protection impact assessment
privacy impact assessment
data protection impact assessment
algorithmic impact assessment
collaborative governance