比较视角看CCPA的立法导向和借鉴意义  被引量：6

作　　者：陈慧慧 CHEN Hui-hui(Tencent Technology(Beijing)Co.,Ltd.,Beijing 100080,China)

机构地区：[1]腾讯科技(北京)有限公司

出　　处：《信息安全与通信保密》2019年第12期26-36,共11页Information Security and Communications Privacy

摘　　要：此前美国加州《消费者隐私法案》实施细则公开征求意见,为法案发布实施奠定基础;我国网信办制定的《数据安全管理办法》《儿童个人信息网络保护规定》《个人信息出境安全评估办法》密集公开征求意见,结合国标《信息安全技术个人信息安全规范》发布近一年即修订、四部委APP隐私保护治理专项行动引发学界、实务关注讨论,个人信息保护在我国进入制度建构和实践双轨加速时代。从口号宣传、旗帜高举到规则细化、约谈指导,再到评估评测、权限收拢,个人信息保护从隐私协议文本层面下沉具象到核心功能必要信息收集、接口调用审计、加密传输、脱敏处理的业务操作层面。数据价值挖掘利用和隐私保护的张力需要在隐私设计理念下持续做利益权衡和尺度把握。对比欧盟GDPR,美国加州2018年公布的《消费者隐私法案》更侧重考虑个人信息去标识化、匿名化的共享开放和价值利用,着眼于自由选择权退出、披露权、公平交易权规定了更具操作性、边界性、独创性的行为准则和豁免情形;结合其务实谦抑的立法风格和制度生发环境,对我国个人信息保护规则走向和落地有很好的借鉴意义。Recently, the California Consumer Privacy Act implementation rules were publicly solicited, laying the foundation for the implementation of the bill three months later;" Data Security Management Measures" and " Children’s Personal Information Protection Regulations" formulated by CAC have been publicly consulted. In combination with the recent revision of the National Standard " Personal Information Security Regulations", the special action of the four ministries’ APP privacy protection governance has triggered the academy and practice attention, personal information protection has entered the era of system construction and practical development in China. From slogan propaganda, banner exaggeration to rule refinement, interview guidance, and then privilege collection, personal information protection involved from the privacy agreement text level to the steps of the core function necessary information collection, interface call audit, encrypted transmission, desensitization. The tension between data value exploitation and privacy protection needs to continue to make trade-offs and scales under the privacy design concept. Compared with the EU GDPR, CCPA focuses on personal information sharing and opening up and value utilization, highlights freely withdrawing rights, disclosure rights, and fair trading rights, and guides operational, borderline, and original behavioral norms and exemptions;combined with the pragmatic and modest legislative style and institutional environment, have a good reference for the direction and implementation of personal information protection rules in China.

关 键 词：个人信息保护 数据价值利用 主体权益 制度环境 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]