Research on Residents’Willingness to Protect Privacy in the Context of the Personal Information Protection Law:A Survey Based on Foshan Residents’Data

The Personal Information Protection Law,as the first law on personal information protection in China,hits the people’s most concerned,realistic and direct privacy and information security issues,and plays an extremely important role in promoting the development of the digital economy,the legalization of socialism with Chinese characteristics and social public security,and marks a new historical development stage in the protection of personal information in China.However,the awareness of privacy protection and privacy protection behavior of the public in personal information privacy protection is weak.Based on the literature review and in-depth understanding of current legal regulations,this study integrates the relevant literature and theoretical knowledge of the Personal Protection Law to construct a conceptual model of“privacy information protection willingness-privacy information protection behavior”.Taking the residents of Foshan City as an example,this paper conducts a questionnaire survey on their attitudes toward the Personal Protection Law,analyzes the factors influencing their willingness to protect their privacy and their behaviors,and explores the mechanisms of their influencing variables,to provide advice and suggestions for promoting the protection of privacy information and building a security barrier for the high-quality development of public information security.

The Model Selection of Personal Information Protection in Criminal Procedures

In criminal procedures,the right to personal information does not conform to the human rights characteristics of criminal procedures centered on due process right,in which the right to be forgotten and the right to access data possess no attributes of independent litigation right.The theory of the independent right to personal information lacks a legitimate basis and should not be used as the protection model for personal information in criminal proceedings.Given the particularity of interest measurement and the individuality and negativity of human rights in criminal procedures,the protection of personal information in the criminal procedure should be aimed at the risk of transformation from collective general information to private sensitive information.Specifically,it is the right of personal information not to be excessively collected.Accordingly,the personal information protection should be included in the scope of criminal procedures by the conceptual interpretation of the informational privacy,i.e.,the dependency protection model.In this regard,the criminal proceeding should appropriately introduce the basic principles of personal information protection and the limited general forensic to deal with the impact and challenge of emerging right claim on the criminal justice system.

Decentralized Mobile SNS Architecture and Its Personal Information Management Mechanism

Mobile SNS is one of the most popular topics of mobile Internet.In order to fulfill the user demand for self-maintained independent social network and ensure the privacy of their personal information and resources,the paper proposes system architecture of decentralized mobile SNS.In the temporary scenarios,the system makes use of the existent specification of FOAF(Friendof-a-Friend) to describe users' personal information and act as a certificate to be identified by SNS sites.Ticket-based Access Authorization System(TAAS) is provided to grant permission to acquire resources on personal portal.Meanwhile,the mechanism and algorithm are devised for user profile complete deletion when users are going to quit the service for the temporary scenarios.

Interpretation of Information Security and Data Privacy Protection According to the Data Use During the Epidemic

COVID-19 has swept the whole our country and the world in the beginning of 2020.31 provinces and municipalities across the country have launched the first-level response to major public health emergencies since January 24,and China has carried out intensive epidemic control.It is critical for effectively responding to COVID-19 to collect,collate and analyze people’s personal data.What’s more,obtaining identity information,travel records and health information of confirmed cases,suspected cases and close contacts has become a crucial step in epidemic investigation.All regions have made full use of big data to carry out personnel screening,travel records analysis and other related work in epidemic prevention and control,effectively improving the efficiency of epidemic prevention and control.However,data leakage,personnel privacy data exposure,and personal attack frequently occurred in the process of personnel travel records analysis and epidemic prevention and control.It even happened in the WeChat group to forward a person’s name,phone number,address,ID number and other sensitive information.It brought discrimination,telephone and SMS harassment to the parties,which caused great harm to individuals.Based on these,lack of information security and data security awareness and other issues were exposed.Therefore,while big data has been widely concerned and applied,attention should be paid to protecting personal privacy.It is urgent to pay more attention to data privacy and information security in order to effectively protect the legitimate rights of the people.Therefore,measures can be taken to achieve this goal,such as improving the relevant legal system,strengthening technical means to enhance the supervision and management of information security and data protection.

The Public Law Construction of Government Agencies’Obligations to Disclose When Handling Personal Information in the Digital Age

The protection of personal information plays an extremely important role in the construction of digital government.The duty to inform is a prerequisite core obligation that the government should fulfill in processing personal information,a concrete expression of the right to self-determination of personal information,and a prerequisite for the right to protection of personal information that works as a fundamental right to defense the intrusion from the government,as well as a procedural regulatory tool to restrain the government’s information power and prevent the risk of infringement.As the rules on the processing of personal information and the duty to inform have both the nature of public law,the government’s processing of personal information is also public law in nature,especially because of the constitutional value and power control function of the duty to inform,the construction of a system for the duty to inform cannot be copied from the rules applicable to private subjects,but should be tailored to the public law characteristics of the government’s processing of personal information,overcoming the shortcomings of the current rough and fragmented legislation,and set up a systematic regulation based on the public law in term of the legal subject,procedure,content,consequences of obligation violations and legal protection.

《民法典》背景下个人信息保护的司法考察与制度完善

大数据时代,为充分保障个人的信息安全,我国相继施行的《民法典》《个人信息保护法》对此作出了较为全面的规定。考察相关规则的司法适用,发现我国个人信息保护存在个人信息与隐私权界定不清、损害赔偿威慑作用不足、公益诉讼制度效用未充分发挥、“知情—同意”标准不一且流于形式等问题。为解决上述问题,可通过构建可识别的场景化模式界定个人信息,引入情境脉络完整性理论判定隐私,审慎引入惩罚性赔偿,明晰个人信息保护公益诉讼的适用条件,构建“国家—行业—平台”三层规则体系实现实质同意,全面保护个人信息。

《个人信息保护法》视角下的隐私保护方法设计研究:隐私告知及其对隐私不确定性的影响

要确保社会稳定和数字经济高质量发展,加强移动应用(App)的个人信息保护至关重要。本文以2021年11月施行的《中华人民共和国个人信息保护法》作为缓解用户对个人信息被收集、使用与保护的不确定性的突破口,展开隐私保护方法设计研究。总结归纳《个人信息保护法》中App服务商需要告知用户的隐私相关信息,理解用户对这些隐私相关信息的偏好,据此提出并设计App下载阶段面向用户的隐私告知方法,并通过基于插图的实验方法展开三项研究,系统探究用户在App下载阶段感知的隐私不确定性,以及隐私告知对用户隐私不确定性和App下载意愿的影响机理。研究发现,在中国App应用中,用户普遍存在隐私不确定性,且用户感知的隐私不确定性具有情境依赖性,即在信息敏感度更高的移动应用环境下,用户感知的隐私不确定性更高。本文提出的隐私告知能够有效缓解用户感知的隐私不确定性,并且显著缓解隐私不确定性对App下载意愿的负向影响。

民事在线诉讼当事人权益保障的检视与路径探索

当事人权益保障体现了以当事人为中心的诉讼理念,确保了实现诉讼效益与程序公正的统一。在线诉讼中单一的程序选择权类型难以满足双方当事人需求、证人远程作证提高了质证难度、异步审理稀释了直接言词原则、个人信息保护与庭审公开之间存在张力。应当根据被选择事项性质合理确定选择权类型、加强证人远程作证技术保障、肯定异步审理的价值并明确边界、具体衡量审判公开与个人信息保护价值利益。

个人健康信息收集的法律与伦理规制研究——基于可穿戴设备专利信息分析

近年来,公众对健康管理的重视程度不断提高,可穿戴设备专利应用前景广阔。然而,可穿戴设备在收集和使用个人健康信息时缺少规制,存在伦理和法律上的风险。通过专利信息分析,表明可穿戴设备专利当前处于研发热点,相关专利技术实施存在对用户个人健康信息的隐私侵害风险、管理漏洞风险和永久监视风险。本研究基于不同责任主体提出了具体的完善建议,以期促进可穿戴设备专利技术发展的同时确保其中所涉个人健康信息获得合理保护,实现技术创新与个人信息保护的双重目标。

个人信息范围的界定与要件判断

个人信息是个人信息保护法中最核心的概念,也是个人信息保护法律规范的适用前提。我国法律对个人信息采取了统一定义的模式。从《中华人民共和国网络安全法》(下文简称《网络安全法》)到《中华人民共和国个人信息保护法》(下文简称《个人信息保护法》),个人信息的概念经历了一个从窄到宽的发展演变过程。《个人信息保护法》第4条第1款将个人信息的判断要件分为积极要件与消极要件,前者是通过关联性与识别性去界定个人信息的概念范围,后者则将匿名化处理后的信息排除在个人信息之外。为了防止个人信息的范围过于宽泛,以至于个人信息保护法成为无所不包的法律,应明确个人信息积极要件中关联性要件与识别性要件之间为“且”的关系而非“或”的关系,以此来相应地控制个人信息的范围。认定关联性要件时,不仅应考虑信息的内容、目的和结果,还要考虑信息与个人权益是否存在一定的因果关联。在判断识别性时,应当限定识别主体的范围及所使用的手段与方式。作为消极要件的匿名化虽然并非可以绝对消除信息的可识别性,但是其对于保护个人信息权益也有重要的意义。

个人金融账户信息的法律界定

《个人信息保护法》将金融账户信息纳入敏感个人信息的范围,但未作出明确的界定。界定标准的不明确将导致权利主体权益易损、义务主体责任不明、司法裁判依据不清。考察域外立法例,同时结合我国有关立法现状和实践,宜采取“定义+列举+排除”的界定模式,以“信息主体”“信息性质”和“信息处理”为定义的考量因素,从立法、实践的综合角度进行列举,并排除通过间接识别才能确认的金融账户信息。基于此,我国出台“金融账户信息”的司法解释可侧重四个方面,以实现个人信息的保护和社会信息利用的动态平衡。

人工智能时代个人数据保护的困境与出路

人工智能的发展离不开对大量个人数据的处理。只有妥当适用《个人信息保护法》中的目的限制原则和有关个人知情权、决定权的规则,才能有效保障人工智能安全发展。目的限制原则包括“两肢”,一是处理目的自身的限制,二是处理目的对处理方式的限制。目的限制原则与人工智能发展之间有紧张关系,面临适用困境。该原则丧失实效,既会造成最小必要原则等多项原则难以适用,又不利于个人知情权、决定权的行使,还易致使个人数据交易欠缺自愿性、公平性。我国目的限制原则采用“宽进严出”模式,个人数据处理者不必将人工智能发展和应用中对个人数据的每一步处理活动加以披露,而是应分别披露训练机器学习模型、制作用户标签和画像、提供个性化服务等不同处理目的、处理方式,并揭示其各自风险。经由人工智能制作用户标签和画像的,属于个人数据处理活动。该处理活动只有同时包含体现公平价值的设计,才具有充分的合理性。此外,还应构建程序性规则以保障个人能够以集体的方式行使个人对标签、画像享有的有限决定权。

数字经济时代个人信息法律保护的困境与思考

随着数字经济的不断发展,公民个人信息遭到泄露等不法侵害屡有发生。我国立法在个人信息保护领域有所欠缺,相关部门对其监管不到位,公民维权困难。此外,由于个人信息权属界定不明,个人信息热点问题在立法上回应较为模糊,以及现行相关法律的救济手段尚不足以完全解决纠纷,影响了实践中个人信息的保护效果。为此我国迫切需要细化并完善个人信息保护法律,并加强对个人信息处理全过程的监管,进而构建具有多样化的救济渠道,为保护公众的个人信息合法权益提供法律保障。

征信体系建设下个人信息保护的进路研究

目前,我国征信体系在社会多个领域实现了覆盖且仍在深入。为弥补“结果保护”理念引发的个人信息收集与共享泛化、个人信息处理规则透明度较低等缺陷,应引入“过程保护”理念,明晰个人征信信息收集、共享的范围,加强有关征信规则的有效应用。同时,要统筹个人征信与失信惩戒的体系建设,明晰个人征信信息侵权赔偿的认定标准,进而实现对个人信息的有效保护。

侵犯公民个人信息罪中敏感个人信息的特殊保护研究

大数据时代,敏感个人信息与公民人身、财产安全直接相关且易受侵犯,故需作特殊保护。近年来,侵犯公民个人信息罪中敏感个人信息特殊保护的规范,经历了从无到有、从有到优、从粗到细的过程,并由此形成了比较完善的敏感个人信息分类保护规则、从严保护规则、弹性保护规则。侵犯公民个人信息罪中敏感个人信息的范围和分类,可基于刑法保护法益的独立性原则,作适当有别于《个人信息保护法》的评判。侵犯公民个人信息罪中高度敏感个人信息与低度敏感个人信息的区别保护模式应继续坚持,高度敏感个人信息和低度敏感个人信息的既有数量标准不宜调整,高度敏感个人信息的既有种类不宜增加,高度敏感个人信息的司法认定应坚持实质标准从严慎重判断。《个人信息保护法》施行后,应在坚持刑法保护敏感个人信息的模式不变、力度不减的基础上,着力通过《个人信息保护法》等前置法的严格实施,增强敏感个人信息法律保护的整体效能。

论个人信息保护民事公益诉讼起诉主体的范围与顺位

自个人信息保护民事公益诉讼在我国开展以来,理论界与实务界就对该类诉讼的起诉主体存在较大争议,分歧主要集中在范围界定与诉权顺位两个方面。《个人信息保护法》第70条虽然对该类诉讼的起诉主体作了规定,但主体范围不明以及诉权顺位不清的问题仍未得到彻底解决。要正确实施该制度,应否定“履行个人信息保护职责的部门”的起诉资格,扩张“法律规定的消费者组织”的范围,明确“由国家网信部门确定的组织”的条件,并以《民事诉讼法》第58条及不同类型民事公益诉讼之间的关系为依据,厘清不同起诉主体的诉权顺位。当受侵害对象为普通公民时,应尊重检察机关民事公益诉权的补充性,将“国家网信部门确定的组织”的起诉顺位置于检察机关之前;当受侵害对象为众多消费者时,应考虑到受侵害对象的特殊身份,依次由“法律规定的消费者组织”“由网信部门确定的组织”和检察机关行使起诉权。

个人信息安全影响评估标准在支付业务领域的应用实践

围绕《中华人民共和国个人信息保护法》提出的个人信息保护影响评估要求,遵循GB/T 39335—2020《信息安全技术个人信息安全影响评估指南》,构建符合企业业务实际的个人信息保护影响评估体系,通过评估业务或产品对个人的自主选择权、财产权、公平权等权益的影响程度以及个人信息全生命周期安全保护措施的适应性,并配套管理制度和平台工具,提前识别并降低业务可能存在的个人信息安全风险,主要应用在转接清算、二维码支付、无卡支付等各种支付业务场景且取得良好效果。

个人信息保护公益诉讼的问题反思与完善路径

随着科技发展、社会进步,人们正在步入信息社会。信息时代在给我们的工作生活带来方便快捷的同时也带来了相关问题,其中对个人信息权利的侵害就是当下人们所关注的话题。尽管我国在2021年出台了《个人信息保护法》,但关于个人信息保护公益诉讼的规定却比较粗略,实践中关于个人信息保护公益诉讼也存在一定的问题与争议。基于此,在对个人信息保护公益诉讼做出理论概述的基础上,对我国个人信息保护公益诉讼的问题进行了必要的反思,提出了通过确立个人信息权、完善个人信息保护公益诉讼程序制度、设立公益诉讼惩罚性赔偿制度以及建立个人信息保护专项资金账户等路径完善我国个人信息保护公益诉讼,保护公民个人信息,维护社会稳定,促进经济社会的健康有序发展。

未成年人个人信息保护的现实困境与路径优化

大数据时代,个人信息保护越来越为人们所关注。未成年人作为特殊主体,对其个人信息及隐私的保护具有重要现实价值。虽然我国已有了初步的立法规则构建,但是在实践中仍然存在对未成年人敏感信息的年龄划分界定不清、监护人同意规则不足、未成年人被遗忘权本土化的现实困境。结合域外国家最新立法及我国相关司法实践,以坚持最有利于未成年人原则为基础,需要对未成年人年龄标准进行三阶段界分、提出监护人同意规则的未来出路、完善我国未成年人被遗忘权保护制度,以此优化我国未成年人个人信息的法律保护。