摘要: 在《民法典》和《个人信息保护法》出台之前，我国个人信息保护的法律框架较为分散，缺乏专门的立法体系。虽然《宪法》《民法通则》《合同法》《网络安全法》等法律中有关于隐私和个人信息的基本规定，但这些规定较为笼统，缺乏详细的操作标准和赔偿机制，且在跨境数据流动和精神损害赔偿等方面存在明显空白。整体上，个人信息保护更多依赖行业规范和司法实践，未形成系统的法律保障体系。虽然随着民法典将个人信息作为一项人格权加以保护以及后来颁布的《个人信息保护法》正式将个人信息保护纳入立法保护的范畴。尽管两部法律为个人信息保护提供了较为全面的法律框架，但两法在立法层面针对责任分配以及损害认定存在着明显的缺陷，无法有效规制个人信息侵权行为和救济个人遭受的权益损失。

Abstract: Prior to the enactment of the Civil Code and the Personal Information Protection Law, China’s legal framework for personal information protection was fragmented and lacked a dedicated legislative system. Although basic provisions on privacy and personal information were included in laws such as the Constitution, the General Principles of the Civil Law, the Contract Law and the Cybersecurity Law, these provisions were relatively general, without detailed operational criteria and compensation mechanisms. There were also obvious gaps in areas such as cross-border data flow and compensation for mental damage. On the whole, the protection of personal information relied more on industry norms and judicial practice, and a systematic legal protection system had not been formed. With the Civil Code protecting personal information as a personality right and the subsequent promulgation of the Personal Information Protection Law, personal information protection was officially incorporated into the scope of legislative protection in China. Notwithstanding that the two laws have provided a relatively comprehensive legal framework for personal information protection, they have obvious flaws in terms of liability allocation and damage determination at the legislative level, failing to effectively regulate acts of personal information infringement and remedy the rights and interests losses suffered by individuals.