生成式人工智能个人信息安全挑战及敏捷治理

On the Challenge and Agile Governance of Generative Artificial Intelligence to Personal Information Security in China

生成式人工智能秘密收集个人敏感数据,冲破“知情同意”原则和“最小必要”原则的限制,或将使信息关联违法高发。生成式人工智能信息收集行为主动、收集内容全面、泛化能力强劲,对“知情同意”原则和“最小必要”原则带来严重挑战。宏观层面,我国现有民事法律无力于数据安全治理,刑事法律缺乏明确的违法计量标准,由行政法规挑起数据法治大梁。微观层面,我国现有法律规范体系对被侵权人加以不合理的举证义务,司法救济路径单一,不利于权利救济。选择风险控制路径,从算法协议透明化、治理场景化和多方位协同化应对信息关联违法等方面展开制度构建,引入个人敏感数据单独监管制度和预防性公益诉讼制度破解该困局。

Generative artificial intelligence secretly collects sensitive personal data,breaking through the limitation of the principle of“informed consent”and the principle of“minimum necessity”,which may lead to high incidence of illegal information disclosure.The information collection behavior of generative artificial intelligence is active,the collection content is comprehensive,and the generalization ability is strong,which brings serious challenges to the principles of“informed consent”and“minimum necessity”.At the macro level,China’s existing civil laws are incapable of data security governance,criminal laws lack clear measurement standards for violations,and administrative regulations are the backbone of data rule of law.At the micro level,the existing legal standard system of our country imposes unreasonable duty of proof on the infringed,and the judicial relief path is single,which is not conducive to the right relief.This paper chooses the risk control path,builds the system from the aspects of algorithm protocol transparency,governance scenario and multi-directional collaborative response to information association violations,and introduces a separate supervision system of sensitive personal data and a preventive public interest litigation system to solve the dilemma.