摘要: 当下信息数据技术发展迅速，大数据与算法的应用早已深入民用领域。在此背景下，个人信息保护面临着新的挑战。在信息处理过程中，信息处理者处于支配地位，而个人信息又具有商业价值，致使近年来侵害个人信息权益的案件呈上升趋势。个信法出台前主要在私益诉讼中以侵害隐私权、一般人格权的方式进行诉讼。在其出台后，因保护个人信息而发生争议的案件有所增长，以公益诉讼进行维权的案件数量也开始增加。但由于诉讼成本高，举证难度大等问题也随之浮现出来。对此，应适当借鉴欧盟《GDPR》举证责任分配与美国的《CPRA》的CPF制度，用来健全保护个人信息权益的机制，使得个人信息权益的保护与个人信息的流通与高效利用并驾齐驱。

Abstract: With the rapid development of information and data, the application of big data and algorithms has been deep in the civil field. In this context, the protection of personal information is facing new challenges. In the process of information processing, information processors are in a dominant position, and personal information has commercial value, resulting in an increasing trend of cases of infringement of personal information rights and interests in recent years. Before the enactment of the private letter law, litigation was mainly carried out in the way of infringing the right to privacy and general personality rights in private interest litigation. After its introduction, the number of disputes arising from the protection of personal information increased, and the number of cases for the protection of rights through public interest litigation also began to increase. However, due to the high cost of litigation, the difficulty of proof and other problems have also emerged. In this regard, appropriate reference should be made to the EU GDPR burden of proof allocation and the CPF system of the US CPRA to improve the mechanism for protecting personal information rights and interests, so that the protection of personal information rights and interests and the circulation and efficient use of personal information can go hand in hand.