大数据环境下个人信息利用之授权模式研究——重要性基础上的风险评估路径探索

目的/意义]我国现行的个人信息授权仍停留于最原始的"概括授权+例外"模式,该模式下的个人信息类型化不充分导致了再利用成本巨大、授权形式化和目的限制原则落空等问题。方法/过程]欧盟的GDPR模式通过充分保护原则使信息主体的控制权延展至大数据流转的各个环节,而美国的"场景风险"模式则通过场景下的风险自评授予企业更大的数据利用自主权。综合借鉴上述两种模式的优点对我国个人信息授权制度加以改造。结果/结论]在初始收集阶段以重要性理论为基础建立三维度四层次的类型化方案,不同类型个人信息采用不同授权要求以强化个人信息的安全保护;在信息再利用阶段则以提升利用效率为导向,开放"情景一致"前提下的个人信息再利用,在超越原始"情景"的利用中引入第三方风险评估机制以实现层次化的信息安全保护。

Research on Authorization Mode of the Utilization of Personal Information in the Environment of Big Data: An Exploration of Risk Assessment Paths Based on the Theory of Importance

Purpose/significance]The current authorization mode of personal information in China is still stuck in the most primitive "generalized authorization + exception" mode,which leads to such problems as huge reuse cost,formalization of authorization and the failure of purpose restriction principle.Method/process]The GDPR model of the EU strives to extend the rights of information subjects to every link of the big data flow through the principle of full protection,while the "context risk" model of US grants enterprises greater data autonomy through the self-assessment of context risk.Result/conclusion]Based on the theory of importance,a three dimensional and four level model is established in the stage of initial collection.Different types of personal information adopt different authorization requirements to strengthen the security protection of personal information.In the information reuse stage,it is oriented to improve the utilization efficiency.It will be helpful to open the reuse of personal information under the premise of "consistent context" and introduce a third-party risk assessment mechanism to achieve hierarchical information security protection in the utilization beyond the original "context".