敏感个人信息的多维认定与严格保护

Multidimensional Identification and Strict Protection of Sensitive Personal Information

为平衡数据保护与数据流通之间的内在张力,个人信息基于类型区分而呈现强弱有别的保护格局成为必要。域内外实证法依循风险进路对个人信息进行了一般与特殊(敏感)的二元内部区分。作为一种规范性描述,特殊与敏感可作同义替代。对敏感信息的客观认定是多种利益风险的交合和多元风险参数的耦合,包括法律直接规定、体系性风险评估、个人信息二元内涵架构透视和信息处理契约的场景化判断。敏感信息可能给信息主体带来更大的损害风险,故适用不同于一般信息的处理规则、受到更强力度的保护。敏感信息的强保护集中体现在更严格的同意标准、更严苛的责任原则和更严密的救济方式三方面。

In order to balance the internal tension between data protection and data flow,it is necessary to make personal information present different protection patterns based on type differen-tiation.Based on the risk approach,The Outside-Domain Empirical Method makes a binary inter-nal distinction between general and special(sensitive)personal information.As a normative de-scription,specificity and sensitivity can be used as synonymous substitutes.The objective identifi-cation of sensitive information is the combination of multiple benefits and risks and the coupling of multiple risk parameters,including direct legal provisions,systematic risk assessment,dual con-notation framework perspective of personal information and situational judgment of information pro-cessing contract.Sensitive information may bring greater risk of damage to the information sub-ject,so different processing rules are applied to general information,and it is subject to stronger protection.The strong protection of sensitive information is mainly embodied in three aspects:more strict consent standard,more strict responsibility principle and more strict relief method.