小型个人信息处理者豁免义务研究
Research on the Exemption Obligations of Small Personal Information Processors
摘要: 在数字经济蓬勃发展的背景下,小型个人信息处理者的活动日益频繁,其豁免义务研究成为平衡企业发展与个人信息保护的关键。本文梳理国内外法规及研究,明确其收集、存储、使用共享、删除销毁及跨境规则,从合法利益、风险差异、成本效益、比例原则和优位利益豁免等理论,剖析义务豁免依据,并列举数据提供、记录、非敏感数据处理及信息处理义务豁免情形。同时,针对监管与处罚,提出运用数字化工具、监管沙盒及协同监管等优化策略,细化经济与非经济处罚措施,力求构建合理制度,促进小型个人信息处理者合规发展,保障信息权益,且随技术与环境演变持续完善该制度。
Abstract: In the context of the booming digital economy, the activities of small personal information processors have become increasingly frequent, and the research on their exemption obligations has become crucial for balancing enterprise development and personal information protection. This article sorts out domestic and foreign laws, regulations, and research, clarifying their rules regarding collection, storage, use and sharing, deletion and destruction, and cross-border transfer of personal information. It analyzes the theoretical basis for exemption obligations from the perspectives of legitimate interests, risk differences, cost-benefit, the principle of proportionality, and the theory of overriding interests exemption. It also lists the exemption situations such as data provision, record-keeping, non-sensitive data processing, and information processing obligations. Meanwhile, for supervision and punishment, this article proposes optimization strategies such as using digital tools, regulatory sandboxes, and collaborative supervision, and details economic and non-economic punishment measures. It strives to construct a reasonable system to promote the compliant development of small personal information processors, protect information rights and interests, and continuously improve this system with the evolution of technology and the environment.
参考文献
|
[1]
|
王勇旗. 数字时代个人信息处理的法律制度研究[D]: [博士学位论文]. 重庆: 西南政法大学, 2021.
|
|
[2]
|
Burri, M. (2023) Trade Law 4.0: Are We There Yet? Journal of International Economic Law, 26, 90-100. [Google Scholar] [CrossRef]
|
|
[3]
|
Gulyamov, S. and Raimberdiyev, S. (2023) Personal Data Protection as a Tool to Fight Cyber Corruption. International Journal of Law and Policy, 1, 1-32. [Google Scholar] [CrossRef]
|
|
[4]
|
程啸. 个人信息保护法理解与适用[M]. 北京: 中国法制出版社, 2021.
|
|
[5]
|
程啸. 论数据安全保护义务[J]. 比较法研究, 2023(2): 60-73.
|
|
[6]
|
周汉华. 探索激励相容的个人数据治理之道——中国个人信息保护法的立法方向[J]. 法学研究, 2018, 40(2): 3-23.
|
|
[7]
|
张新宝. 互联网生态“守门人”个人信息保护特别义务设置研究[J]. 比较法研究, 2021(3): 11-24.
|
|
[8]
|
Voigt, P. and von dem Bussche, A. (2017) The EU General Data Protection Regulation (GDPR): A Practical Guide. Springer International Publishing AG, 38.
|
|
[9]
|
Corning, G.P. (2024) The Diffusion of Data Privacy Laws in Southeast Asia: Learning and the Extraterritorial Reach of the EU’s GDPR. Contemporary Politics, 30, 1-22.
|
|
[10]
|
陈旭琳. 个人信息协同保护的法经济学研究[D]: [博士学位论文]. 长春: 吉林大学, 2021.
|
|
[11]
|
王丽洁. 个人信息处理中比例原则审查基准体系的建构[J]. 法学, 2022(4): 49-63.
|
|
[12]
|
王雅蓉. 小型个人信息处理者保护制度的域外立法经验[EB/OL]. 互联网法律评论, 2023.
https://www.secrss.com/articles/42845, 2024-12-15.
|
|
[13]
|
Freiherr von dem Bussche, A. and Zeiter, A. (2016) Practitioner’s Corner Implementing the EU General Data Protection Regulation: A Business Perspective. European Data Protection Law Review, 2, 576-581. [Google Scholar] [CrossRef]
|
|
[14]
|
贺文奕. 信息存档中的个人信息保护义务豁免——基于欧盟实践的评析与借鉴[J]. 档案学通讯, 2022(4): 58-66.
|
|
[15]
|
Hofmann, S.C. and Pawlak, P. (2023) Governing Cyberspace: Policy Boundary Politics across Organizations. Review of International Political Economy, 30, 2122-2149. [Google Scholar] [CrossRef]
|
|
[16]
|
程啸. 论公开的个人信息处理的法律规制[J]. 中国法学, 2022(3): 82-101.
|
|
[17]
|
高富平. 个人信息保护: 从个人控制到社会控制[J]. 法学研究, 2018, 40(3): 84-101.
|
|
[18]
|
程啸. 论个人信息共同处理者的民事责任[J]. 法学家, 2021(6): 17-29.
|
|
[19]
|
蒋红珍. 《个人信息保护法》中的行政监管[J]. 中国法律评论, 2021(5): 48-58.
|
|
[20]
|
程啸. 论大数据时代的个人数据权利[J]. 中国社会科学, 2018(3): 102-122+207-208.
|