个人信息知情同意规则的反思及其解释路径  

作　　者：钟邓鹏 郭嘉林 ZHONG Dengpeng;GUO Jialin(School of Administrative Law,Northwest University of Political Science and Law,Xi’an 710061,China;School of Politics,Law and Public Administration,Yan’an University,Yan’an 716000,China)

机构地区：[1]西北政法大学行政法学院,陕西西安710063 [2]延安大学政法与公共管理学院,陕西延安716000

出　　处：《北京邮电大学学报(社会科学版)》2024年第6期60-68,共9页Journal of Beijing University of Posts and Telecommunications(Social Sciences Edition)

基　　金：陕西省社科基金专项项目(2024FS05-03)。

摘　　要：知情同意规则是《个人信息保护法》中合法处理个人信息的重要原则,其本质是个人信息处理者通过与信息主体签署合同得到处理个人信息的权利让渡。但知情同意在个人信息处理的实践场景中呈现出形式化的现实困境,即信息主体其实对权利让渡的法律后果并不实质知悉。这种困境的本质在于,知情同意规则本身就无法实现。学界对知情同意的形式化困境提出了诸多解决方案。这些解决方案大多指向修复知情同意而不是摒弃,并存在一些缺陷。无论是选择修复还是放弃知情同意规则都不是最佳进路。最佳进路是保留知情同意规则的同时,引入风险规制理论,控制个人信息处理时的风险至一个阈值。这种进路的着眼点在于,知情同意规则的存在有利于“权利的潜在主张者”通过私法路径主张个人信息相关的权利,这种权利不可被完全否定。基于风险理论,个人信息保护应注重去风险化的治理进路。基于去除个人信息中的社会风险以及个人信息的公共属性,公法可以通过兜底保护的方式对知情同意规则进行补强。公法既应保证个人信息处理者不损害信息主体的人格尊严,还应监管个人信息处理者,保证个人信息处理风险不至于过高,规制个人信息利用的风险。The informed consent rule is an important principle for legal processing of personal information in the Personal Information Protection Law.Its essence is that the personal information processor obtains the transfer of rights to process personal information through a contract signed with the information subject.However,informed consent presents a formalized dilemma in the practical scenario of personal information processing.In other words,the information subject is actually not aware of the legal consequences of the transfer of rights.The essence of this dilemma is that the informed consent rule is inherently unrealizable.The academic circles have proposed many solutions to the formalized dilemma of informed consent.Most of these solutions tend to repair informed consent rather than abandon it,and this direction has some defects.Whether to repair or abandon the informed consent rule is not the best approach.The best approach is to introduce the risk regulation theory to control the risk of personal information processing to a threshold while retaining the informed consent rule.The focus of this approach is that the existence of the informed consent rule is conducive to“potential claimants of rights”to claim personal information-related rights through private law,and the rights cannot be completely denied.Based on the risk theory,personal information protection should focus on the governance approach of de-risking.Based on the removal of social risks in personal information and considering its public nature,public law can strengthen the informed consent rule by providing a bottom-line protection.First,public law should ensure that personal information processors do not harm the information subject’s personal dignity,which is an important legal interest in personal information protection.Second,public law should supervise personal information processors and regulate the risks of personal information use to ensure that the risks of personal information processing are not too high.

关 键 词：个人信息 知情同意 风险理论 公法补强 知情同意规则 

分 类 号：D923[政治法律—民商法学] D922.16[政治法律—法学]