摘要
《个人信息保护法》的规范目的在于达致个人权益保护与个人信息利用的平衡,实现这一规范目的的关键在于:允许利用个人信息分析评估个性特征,但规制识别个人身份之行为。在这一规范目的指引下,个人信息治理规则应当根据信息识别性的不同,对含直接标识符、仅含间接标识符或者不含标识符的个人信息分别治理。含直接标识符之个人信息的治理规则,强调处理前必须经过个人同意或具备其他合法性基础,处理过程宜删除直接标识符。仅含间接标识符之个人信息的治理规则,强调处理前不需要经过个人同意,但处理过程应禁止识别身份。不含标识符之个人信息的治理规则,强调对该类信息从宽认定,既不需要事前取得个人同意,个人也没有必要进行事后拒绝。
The regulatory purpose of Personal Information Protection Law is to achieve the balance between the protection of personal rights and interests and the use of personal information.The key to achieving this regulatory purpose is to allow the use of personal information to profile personality characteristics,but to regulate the behavior of identifying personal identity.Under the guidance of this regulatory purpose,personal information governance rules should govern personal information containing direct identifi ers,only indirect identifi ers or no identifi ers respectively according to the diff erent identifi cations of information.The governance rules for personal information containing direct identifi ers emphasize that personal consent or other legitimacy basis must be obtained before processing,and the direct identifi er should be deleted during processing.The governance rules for personal information containing only indirect identifiers emphasize that personal consent is not required before processing,but identifi cation shall be prohibited during processing.The governance rules for personal information without identifiers emphasize leniency in identifying such information,which requires neither prior consent nor subsequent rejection.
出处
《中国应用法学》
CSSCI
2022年第6期111-127,共17页
China Journal of Applied Jurisprudence
关键词
个人信息利用
个人信息权益
识别分析
直接标识符
间接标识符
personal information utilization
personal information rights and interests
profi ling
direct identifi er
indirect identifi er
