风险治理视角下的个人信息保护路径  被引量：11

作　　者：刘权[1] Liu Quan

机构地区：[1]中央财经大学法学院

出　　处：《比较法研究》2024年第2期62-76,共15页Journal of Comparative Law

摘　　要：数字时代应有效回应信息科技引发的新型信息风险。日益广泛的个人信息处理行为不仅可能会给个人带来多种风险,影响个人人格的全面自由发展,而且可能会对社会与国家造成重大安全隐患。有效保护个人信息,既需要公私主体消极不侵犯个人信息,又需要国家通过不断完善体制机制积极治理信息风险。在风险治理组织上,宜吸收大部制机构改革的历史经验,设立统一的个人信息保护专门机构实施“一站式监管”。在风险预防措施上,应对个人信息进行科学的分类分级以进行不同安全等级的信息风险预防,并以安全与效率的平衡为理念设计个人信息保护影响评估、个人信息出境安全评估等制度。由于个人信息保护执法裁量空间巨大,有必要努力制定个人信息保护处罚裁量基准,并探索执法和解机制以促进企业合规。为了更全面有效地进行信息风险治理,应逐步放宽个人信息保护民事公益诉讼,强化个人信息保护行政公益诉讼。In the digital era,it is crucial to address the emerging risks brought about by the development of information technology.The widespread processing of personal information poses various risks to individuals,potentially hindering the full and free development of personality.Moreover,it poses significant security threats to society and the nation as a whole.To effectively protect personal information,both public and private entities must not only refrain from infringing on personal information,but also proactively implement necessary measures to mitigate information risks.The current decentralized law enforcement system for personal information protection,which relies on cybersecurity and informatization departments for"overall planning and coordination,"has many drawbacks.Drawing from past institutional reforms,it is essential to establish a unified agency dedicated to personal information protection to streamline supervision under a"one-stop"approach.To enhance risk prevention measures,personal information should be systematically classified and graded based on varying security levels.Mechanisms such as protection impact assessments and security evaluation of the outbound transfer of personal information should achieve a balance between security and efficiency.There is considerable discretion in enforcing personal information protection laws,necessitating the establishment of penalty benchmarks and the exploration of reconciliation mechanisms to promote corporate compliance.In order to bolster information risk governance comprehensively and effectively,the scope of civil public interest litigation for personal information protection should be expanded gradually,while administrative public interest litigation should be strengthened.

关 键 词：信息风险 个人信息保护影响评估 个人信息出境安全评估 风险治理 

分 类 号：D923[政治法律—民商法学] D922.16[政治法律—法学]