摘要: 随着电子商务的发展，电商平台在运营过程中收集了海量用户个人信息，其在带来商业效率的同时，也引发了过度收集、违规使用等个人信息安全风险。尽管我国已构建起以《个人信息保护法》为核心的个人信息保护法律体系，但该体系在应对电商平台复杂多变的实践时仍面临挑战。通过分析电商平台个人信息收集呈现出的范围广泛性、方式隐蔽性与行为持续性等实践样态，剖析当前法律规制面临的四大核心困境，“告知–同意”规则流于形式、“最小必要”原则适用模糊、平台“守门人”责任落实难以及用户救济途径不畅。针对这些困境，提出相应的系统性规制路径，以期为平衡数据利用与权益保护、促进数字经济健康发展提供理论参考与实践指引。

Abstract: With the development of e-commerce, e-commerce platforms have collected massive amounts of users’ personal information during their operations. While this has enhanced business efficiency, it has also given rise to risks related to the excessive collection and improper use of personal information. Although China has established a legal framework for personal information protection centered on the Personal Information Protection Law, this system still faces challenges in addressing the complex and ever-changing practices of e-commerce platforms. By analyzing the practical patterns of personal information collection by e-commerce platforms—characterized by broad scope, covert methods, and continuous behavior—this study examines the four core dilemmas currently confronting legal regulation: the “informed-consent” rule becoming a mere formality, the vague application of the “minimum necessity” principle, difficulties in enforcing the platform’s “gatekeeper” responsibilities, and inadequate user redress mechanisms. In response to these challenges, the study proposes a systematic regulatory approach aimed at balancing data utilization with the protection of individual rights and providing theoretical insights and practical guidance to foster the healthy development of the digital economy.