摘要
个人信息泄露已成全球公害,且防不胜防,严重侵害个人信息安全,制约着信息技术的进步与运用。我国相关立法存在着起步晚、效力低、内容过于原则和笼统、权利义务较粗糙易落空等问题。对此,从泄漏原因的可控性角度进行分析,围绕个人信息控制者、管理者与信息主体的关系,可针对性寻求法律对策。对GDPR的经验,可予以本土化改善和借鉴,同时调整立法思路,尽快出台个人信息专门法和确立统一的数据监管机构,构建系统化、专门化和立体化的全方位行政监管体系;对个人信息泄露关系中义务和责任,应在个人信息产品与服务中对信息安全进行嵌入式、全流程系统化设计,界定个人信息泄露行为,完善个人信息保护影响评估制度,强调和细化预防性措施、合规性自证和泄露通知义务及责任体系等。
Personal information leakage has become a global public hazard and is not easy to be prevented,seriously infringing personal information security and restricting the progress and application of information technology.There are some legislative problems,such as late start,low effectiveness,too general principle and content,rough and easy failure of rights and obligations.In this regard,this paper analyzes the causes of leakage from the perspective of controllability,and focuses on the relationshipamong personal information controller,manager and information subject,so as to explore targeted legal countermeasures.The experience of GDPR can be localized for improvement and reference.Meanwhile,the legislative thinking should be adjusted to promulgate the special law on personal information and establish a unified data supervision institution as soon as possible,and build a systematic,specialized and three-dimensional all-round administrative supervision system.Regarding the obligations and responsibilities in personal information leakage,information security governance should be systematically embedded in personal information products and services with a whole process,systematic design.Moreover,the behavior of personal information leakage should be defined,the impact assessment system of personal information protection should be improved,the system of preventive measures,compliance self-certification and obligation and responsibility system of disclosure notice should be emphasized and refined.
作者
刁胜先
何琪
DIAO Sheng-xian;HE Qi(School of Cyber Security and Information Law,Chongqing University of Posts and Telecommunications,Chongqing 400060,China)
出处
《科技与法律》
CSSCI
2019年第3期49-57,共9页
Science Technology and Law
基金
重庆市研究生科研创新项目资助,重庆市研究生创新教育计划(项目编号CYS18256):个人信息泄漏的法律规制
中国国家社科基金一般项目(项目编号17BFX193)
重庆市教育委员会人文社会科学研究规划重点项目(项目编号17SKG046):大数据战略视野下的个人信息权利义务体系构建
关键词
个人信息泄露
法律对策
控制者
GDPR
personal information leakage
legal countermeasures
controller
GDPR