Compensatory Damages in Personal Information Public Interest Litigation in China: Challenges and Prospects

In contrast to private interest litigation,public interest litigation provides a more potent solution to personal information infringements marked by extensive scope,unspecified victims,and limited individual loss.However,com⁃pensatory damages remain a contentious issue,both in theory and in practice,within the legal framework of personal in⁃formation public interest litigation.Through an empirical study conducted within China's judicial practice,this paper reveals that the pending issue concerning the nature and function of compensatory damages has caused highly contra⁃dictory verdicts regarding their calculation and allocation,as well as their relationship with other forms of pecuniary li⁃abilities.Only by acknowledging the role of compensatory damages imposed in personal information public interest liti⁃gation as"Skimming off Excess Profits",and affirming their function as deterrence rather than compensation can they truly achieve the broader objective of safeguarding personal information security and promoting public welfare,as well as avoid disrupting the harmony of the existing legal landscape.

Research on Residents’Willingness to Protect Privacy in the Context of the Personal Information Protection Law:A Survey Based on Foshan Residents’Data

The Personal Information Protection Law,as the first law on personal information protection in China,hits the people’s most concerned,realistic and direct privacy and information security issues,and plays an extremely important role in promoting the development of the digital economy,the legalization of socialism with Chinese characteristics and social public security,and marks a new historical development stage in the protection of personal information in China.However,the awareness of privacy protection and privacy protection behavior of the public in personal information privacy protection is weak.Based on the literature review and in-depth understanding of current legal regulations,this study integrates the relevant literature and theoretical knowledge of the Personal Protection Law to construct a conceptual model of“privacy information protection willingness-privacy information protection behavior”.Taking the residents of Foshan City as an example,this paper conducts a questionnaire survey on their attitudes toward the Personal Protection Law,analyzes the factors influencing their willingness to protect their privacy and their behaviors,and explores the mechanisms of their influencing variables,to provide advice and suggestions for promoting the protection of privacy information and building a security barrier for the high-quality development of public information security.

On the “Reasonable” Handling of Personal Information Disclosed According to the Law

The model for protection of personal information dis-closed according to the law has changed from indirect protection to direct protection.The indirect protection model for traditional repu-tation rights and privacy rights was not enough to meet the practical needs of governance.However;due to the ambiguity in the application of the“reasonable”processing requirements,the direct protection model centered on Article 27 of the Personal Information Protection Law also is not enough to effectively respond to practical disputes.The essence of the problem is to resolve the tension between informa-tion circulation and risk control and reshape the legal order for the protection of personal information disclosed according to the law.The determination of“reasonable”should be centered on the scenario theory and holism interpretation and carried out by using the interpre-tation technique of the dynamic system under Article 998 of the Civil Code.With the support of scenario-based discussions and comparative propositions,the crawling and tag extraction of personal information.disclosed according to the law should be considered as reasonable processing;profiling and automated decision-making should not be covered in the scope of reasonable processing,in principle;for behav-iors such as correlation analysis,elements like information subject,identifiability and sensitivity should be comprehensively considered to draw open and inclusive conclusions in individual cases.

Developing a Comprehensive Regime for Personal Information Protection in Networked Chinese Public Sectors

With the increasing sharing and reuse of personal information resources for better public services, the effective protection and management of personal information as organizational and individual assets as well as social resources are becoming more and more important in networked Chinese public sectors. Existing studies of personal information protection in China is mainly conducted from the legal perspective with a focus on the development of appropriate legislation and policies at the national level. There is little research on how specific legislation and polices can actually be implemented in an effective manner and what impacts such legislation and policies have on individuals, organizations, and the society. To adequately address this issue, this study investigates the legal requirements for personal information protection based on the relevant laws, regulations, and standards in China. It proposes a comprehensive regime for personal information protection in the networked public sectors in China. Such a regime takes the advantages of existing discipline-based approaches, legal requirements, and control mechanisms for personal information protection. It can be used to facilitate the provision of public services in the networked Chinese public sectors through the adequate protection of personal information and the effective management of personal information.

The Model Selection of Personal Information Protection in Criminal Procedures

In criminal procedures,the right to personal information does not conform to the human rights characteristics of criminal procedures centered on due process right,in which the right to be forgotten and the right to access data possess no attributes of independent litigation right.The theory of the independent right to personal information lacks a legitimate basis and should not be used as the protection model for personal information in criminal proceedings.Given the particularity of interest measurement and the individuality and negativity of human rights in criminal procedures,the protection of personal information in the criminal procedure should be aimed at the risk of transformation from collective general information to private sensitive information.Specifically,it is the right of personal information not to be excessively collected.Accordingly,the personal information protection should be included in the scope of criminal procedures by the conceptual interpretation of the informational privacy,i.e.,the dependency protection model.In this regard,the criminal proceeding should appropriately introduce the basic principles of personal information protection and the limited general forensic to deal with the impact and challenge of emerging right claim on the criminal justice system.

Decentralized Mobile SNS Architecture and Its Personal Information Management Mechanism

Mobile SNS popular topics of mobile is one of the most Internet. In order to fulfill the user demand for self-maintained independent social network and ensure the privacy of their personal information and resources, the paper proposes system architecture of decentralized mobile SNS.In the temporary scenarios, the system makes use of the existent specification of FOAF （Friend- of-a-Friend） to describe users＇ personal information and act as a certificate to be identified by SNS sites. Ticket-based Access Authorization System （TAAS） is provided to grant permission to acquire resources on personal portal. Meanwhile, the mechanism and algorithm are devised for user profile complete deletion when users are going to quit the service for the temporary scenarios.

Research on the Legality of Information Utilization in Epidemic Prevention and Control

Big data is playing an important role in preventing,control and monitoring COVID-19,but during the process,the legality of the use of personal information shall be paid attention to.Personal information should be divided into general information and sensitive information,and the use of sensitive information should take"Consent"as its legality basis.In the process of personal information collection,the subject qualification of the collection organization or personnel should be clearly defined,and the starting conditions and process specifications of the collection work should be determined.The use of personal information should be in accordance with legal provisions or agreed ways and purposes and should not violate individual privacy rights and other personality rights,and should not improperly display the"digital image"of individuals.

Interpretation of Information Security and Data Privacy Protection According to the Data Use During the Epidemic

COVID-19 has swept the whole our country and the world in the beginning of 2020.31 provinces and municipalities across the country have launched the first-level response to major public health emergencies since January 24,and China has carried out intensive epidemic control.It is critical for effectively responding to COVID-19 to collect,collate and analyze people’s personal data.What’s more,obtaining identity information,travel records and health information of confirmed cases,suspected cases and close contacts has become a crucial step in epidemic investigation.All regions have made full use of big data to carry out personnel screening,travel records analysis and other related work in epidemic prevention and control,effectively improving the efficiency of epidemic prevention and control.However,data leakage,personnel privacy data exposure,and personal attack frequently occurred in the process of personnel travel records analysis and epidemic prevention and control.It even happened in the WeChat group to forward a person’s name,phone number,address,ID number and other sensitive information.It brought discrimination,telephone and SMS harassment to the parties,which caused great harm to individuals.Based on these,lack of information security and data security awareness and other issues were exposed.Therefore,while big data has been widely concerned and applied,attention should be paid to protecting personal privacy.It is urgent to pay more attention to data privacy and information security in order to effectively protect the legitimate rights of the people.Therefore,measures can be taken to achieve this goal,such as improving the relevant legal system,strengthening technical means to enhance the supervision and management of information security and data protection.

The Public Law Construction of Government Agencies’Obligations to Disclose When Handling Personal Information in the Digital Age

The protection of personal information plays an extremely important role in the construction of digital government.The duty to inform is a prerequisite core obligation that the government should fulfill in processing personal information,a concrete expression of the right to self-determination of personal information,and a prerequisite for the right to protection of personal information that works as a fundamental right to defense the intrusion from the government,as well as a procedural regulatory tool to restrain the government’s information power and prevent the risk of infringement.As the rules on the processing of personal information and the duty to inform have both the nature of public law,the government’s processing of personal information is also public law in nature,especially because of the constitutional value and power control function of the duty to inform,the construction of a system for the duty to inform cannot be copied from the rules applicable to private subjects,but should be tailored to the public law characteristics of the government’s processing of personal information,overcoming the shortcomings of the current rough and fragmented legislation,and set up a systematic regulation based on the public law in term of the legal subject,procedure,content,consequences of obligation violations and legal protection.

《个人信息保护法》视角下的隐私保护方法设计研究:隐私告知及其对隐私不确定性的影响

要确保社会稳定和数字经济高质量发展,加强移动应用(App)的个人信息保护至关重要。本文以2021年11月施行的《中华人民共和国个人信息保护法》作为缓解用户对个人信息被收集、使用与保护的不确定性的突破口,展开隐私保护方法设计研究。总结归纳《个人信息保护法》中App服务商需要告知用户的隐私相关信息,理解用户对这些隐私相关信息的偏好,据此提出并设计App下载阶段面向用户的隐私告知方法,并通过基于插图的实验方法展开三项研究,系统探究用户在App下载阶段感知的隐私不确定性,以及隐私告知对用户隐私不确定性和App下载意愿的影响机理。研究发现,在中国App应用中,用户普遍存在隐私不确定性,且用户感知的隐私不确定性具有情境依赖性,即在信息敏感度更高的移动应用环境下,用户感知的隐私不确定性更高。本文提出的隐私告知能够有效缓解用户感知的隐私不确定性,并且显著缓解隐私不确定性对App下载意愿的负向影响。

AI人机交互用户个性化推荐中隐私信息披露影响因素研究

[目的/意义]以ChatGPT为代表的生成式人工智能的发展为人机交互带来颠覆性影响,也为数据安全与个人信息保护带来更大的冲击与挑战。对AI人机交互用户个性化推荐中隐私信息披露及个人信息保护问题的研究将具有重要的实践价值与意义。[方法/过程]文章通过对15名AI人机交互平台用户进行深度访谈,运用扎根理论研究方法进行编码分析,识别AI人机交互用户个性化推荐中隐私信息披露所涉及的个人信息类型和敏感信息类型,并对用户的隐私意识和影响用户隐私信息披露意愿的客观因素进行分析,进而提出加强隐私信息披露风险规制及个人信息安全保障的对策建议。[结果/结论]基于编码结果,将AI人机交互用户个性化推荐中隐私信息披露的影响因素归纳为用户因素、平台因素、社会环境因素、隐私权衡因素4个维度,以此建构理论分析模型,并作为强化AI人机交互用户个性化推荐中隐私信息披露风险规制及个人信息保护的重要指引。

论个人信息保护民事公益诉讼起诉主体的范围与顺位

自个人信息保护民事公益诉讼在我国开展以来,理论界与实务界就对该类诉讼的起诉主体存在较大争议,分歧主要集中在范围界定与诉权顺位两个方面。《个人信息保护法》第70条虽然对该类诉讼的起诉主体作了规定,但主体范围不明以及诉权顺位不清的问题仍未得到彻底解决。要正确实施该制度,应否定“履行个人信息保护职责的部门”的起诉资格,扩张“法律规定的消费者组织”的范围,明确“由国家网信部门确定的组织”的条件,并以《民事诉讼法》第58条及不同类型民事公益诉讼之间的关系为依据,厘清不同起诉主体的诉权顺位。当受侵害对象为普通公民时,应尊重检察机关民事公益诉权的补充性,将“国家网信部门确定的组织”的起诉顺位置于检察机关之前;当受侵害对象为众多消费者时,应考虑到受侵害对象的特殊身份,依次由“法律规定的消费者组织”“由网信部门确定的组织”和检察机关行使起诉权。

《民法典》背景下个人信息保护的司法考察与制度完善

大数据时代,为充分保障个人的信息安全,我国相继施行的《民法典》《个人信息保护法》对此作出了较为全面的规定。考察相关规则的司法适用,发现我国个人信息保护存在个人信息与隐私权界定不清、损害赔偿威慑作用不足、公益诉讼制度效用未充分发挥、“知情—同意”标准不一且流于形式等问题。为解决上述问题,可通过构建可识别的场景化模式界定个人信息,引入情境脉络完整性理论判定隐私,审慎引入惩罚性赔偿,明晰个人信息保护公益诉讼的适用条件,构建“国家—行业—平台”三层规则体系实现实质同意,全面保护个人信息。

数字经济时代个人信息法律保护的困境与思考

随着数字经济的不断发展,公民个人信息遭到泄露等不法侵害屡有发生。我国立法在个人信息保护领域有所欠缺,相关部门对其监管不到位,公民维权困难。此外,由于个人信息权属界定不明,个人信息热点问题在立法上回应较为模糊,以及现行相关法律的救济手段尚不足以完全解决纠纷,影响了实践中个人信息的保护效果。为此我国迫切需要细化并完善个人信息保护法律,并加强对个人信息处理全过程的监管,进而构建具有多样化的救济渠道,为保护公众的个人信息合法权益提供法律保障。

民事在线诉讼当事人权益保障的检视与路径探索

当事人权益保障体现了以当事人为中心的诉讼理念,确保了实现诉讼效益与程序公正的统一。在线诉讼中单一的程序选择权类型难以满足双方当事人需求、证人远程作证提高了质证难度、异步审理稀释了直接言词原则、个人信息保护与庭审公开之间存在张力。应当根据被选择事项性质合理确定选择权类型、加强证人远程作证技术保障、肯定异步审理的价值并明确边界、具体衡量审判公开与个人信息保护价值利益。

个人健康信息收集的法律与伦理规制研究——基于可穿戴设备专利信息分析

近年来,公众对健康管理的重视程度不断提高,可穿戴设备专利应用前景广阔。然而,可穿戴设备在收集和使用个人健康信息时缺少规制,存在伦理和法律上的风险。通过专利信息分析,表明可穿戴设备专利当前处于研发热点,相关专利技术实施存在对用户个人健康信息的隐私侵害风险、管理漏洞风险和永久监视风险。本研究基于不同责任主体提出了具体的完善建议,以期促进可穿戴设备专利技术发展的同时确保其中所涉个人健康信息获得合理保护,实现技术创新与个人信息保护的双重目标。

个人信息范围的界定与要件判断

个人信息是个人信息保护法中最核心的概念,也是个人信息保护法律规范的适用前提。我国法律对个人信息采取了统一定义的模式。从《中华人民共和国网络安全法》(下文简称《网络安全法》)到《中华人民共和国个人信息保护法》(下文简称《个人信息保护法》),个人信息的概念经历了一个从窄到宽的发展演变过程。《个人信息保护法》第4条第1款将个人信息的判断要件分为积极要件与消极要件,前者是通过关联性与识别性去界定个人信息的概念范围,后者则将匿名化处理后的信息排除在个人信息之外。为了防止个人信息的范围过于宽泛,以至于个人信息保护法成为无所不包的法律,应明确个人信息积极要件中关联性要件与识别性要件之间为“且”的关系而非“或”的关系,以此来相应地控制个人信息的范围。认定关联性要件时,不仅应考虑信息的内容、目的和结果,还要考虑信息与个人权益是否存在一定的因果关联。在判断识别性时,应当限定识别主体的范围及所使用的手段与方式。作为消极要件的匿名化虽然并非可以绝对消除信息的可识别性,但是其对于保护个人信息权益也有重要的意义。

个人金融账户信息的法律界定

《个人信息保护法》将金融账户信息纳入敏感个人信息的范围,但未作出明确的界定。界定标准的不明确将导致权利主体权益易损、义务主体责任不明、司法裁判依据不清。考察域外立法例,同时结合我国有关立法现状和实践,宜采取“定义+列举+排除”的界定模式,以“信息主体”“信息性质”和“信息处理”为定义的考量因素,从立法、实践的综合角度进行列举,并排除通过间接识别才能确认的金融账户信息。基于此,我国出台“金融账户信息”的司法解释可侧重四个方面,以实现个人信息的保护和社会信息利用的动态平衡。

人工智能时代个人数据保护的困境与出路

人工智能的发展离不开对大量个人数据的处理。只有妥当适用《个人信息保护法》中的目的限制原则和有关个人知情权、决定权的规则,才能有效保障人工智能安全发展。目的限制原则包括“两肢”,一是处理目的自身的限制,二是处理目的对处理方式的限制。目的限制原则与人工智能发展之间有紧张关系,面临适用困境。该原则丧失实效,既会造成最小必要原则等多项原则难以适用,又不利于个人知情权、决定权的行使,还易致使个人数据交易欠缺自愿性、公平性。我国目的限制原则采用“宽进严出”模式,个人数据处理者不必将人工智能发展和应用中对个人数据的每一步处理活动加以披露,而是应分别披露训练机器学习模型、制作用户标签和画像、提供个性化服务等不同处理目的、处理方式,并揭示其各自风险。经由人工智能制作用户标签和画像的,属于个人数据处理活动。该处理活动只有同时包含体现公平价值的设计,才具有充分的合理性。此外,还应构建程序性规则以保障个人能够以集体的方式行使个人对标签、画像享有的有限决定权。

征信体系建设下个人信息保护的进路研究

目前,我国征信体系在社会多个领域实现了覆盖且仍在深入。为弥补“结果保护”理念引发的个人信息收集与共享泛化、个人信息处理规则透明度较低等缺陷,应引入“过程保护”理念,明晰个人征信信息收集、共享的范围,加强有关征信规则的有效应用。同时,要统筹个人征信与失信惩戒的体系建设,明晰个人征信信息侵权赔偿的认定标准,进而实现对个人信息的有效保护。