摘要: 在数字经济快速发展的背景下，电子商务的普及使消费者个人信息保护面临严峻挑战。本文以我国《个人信息保护法》的实施为切入点，系统分析了电子商务领域消费者个人信息保护的立法现状与实践困境。研究发现，现行法律框架虽初步构建了统一规范，但仍存在规则分散化、操作性不足等问题，具体表现为：告知同意机制中“充分告知”标准缺失，用户知情权难以保障；大数据杀熟行为因算法技术隐蔽性与法律模糊性导致监管失效；个人信息保护类型化缺失加剧了司法认定难度。通过比较美国行业自律模式与欧盟统一立法模式的域外经验，本文提出针对性建议：完善告知同意规则，细化“充分性”告知标准与明示同意机制；提高大数据杀熟违法成本，构建“规则基础 + 个案裁量”的双重处罚逻辑；强化电子商务平台法律监管，设立专职岗位以应对算法滥用等新兴问题。研究强调，需通过立法细化、行政协同、司法救济及消费者意识提升等多维度协作，构建适应数字经济特性的个人信息保护体系，以实现消费者权益保障与电子商务可持续发展的平衡。

Abstract: In the context of the rapid development of the digital economy, the popularization of e-commerce has brought severe challenges to the protection of consumers’ personal information. Taking the implementation of China’s Personal Information Protection Law as the starting point, this paper systematically analyzes the legislative status and practical dilemma of consumer personal information protection in the field of e-commerce. The results show that although the current legal framework has initially constructed unified norms, there are still problems such as decentralized rules and insufficient operability, which are manifested in the following aspects: the lack of “full notification” standard in the notification and consent mechanism, and the difficulty in guaranteeing users’ right to know; big data killing behavior leads to regulatory failure due to the concealment of algorithm technology and legal ambiguity; the lack of typology of personal information protection has exacerbated the difficulty of judicial determination. By comparing the extraterritorial experience of the U.S. industry self-regulatory model and the EU’s unified legislative model, this paper puts forward targeted suggestions: improve the notification and consent rules, refine the “adequacy” notification standard and express consent mechanism; increase the cost of big data to kill mature violations, and build a dual punishment logic of “rule basis + case discretion”; strengthen legal regulation of e-commerce platforms, and set up full-time positions to address emerging issues such as the abuse of algorithms. The study emphasizes the need to build a personal information protection system that adapts to the characteristics of the digital economy through multi-dimensional collaboration such as legislative refinement, administrative coordination, judicial remedies, and consumer awareness improvement, so as to achieve a balance between the protection of consumer rights and interests and the sustainable development of e-commerce.