| 中文题名: | 敏感个人信息之界定与保护研究 |
| 姓名: | |
| 保密级别: | 公开 |
| 论文语种: | 中文 |
| 学科代码: | 035101 |
| 学科专业: | |
| 学生类型: | 硕士 |
| 学位: | 法律硕士 |
| 学位类型: | |
| 学位年度: | 2022 |
| 校区: | |
| 学院: | |
| 研究方向: | 民商法学 |
| 第一导师姓名: | |
| 第一导师单位: | |
| 提交日期: | 2022-06-23 |
| 答辩日期: | 2022-05-29 |
| 外文题名: | STUDY ON THE DEFINITION AND PROTECTION OF SENSITIVE PERSONAL INFORMATION |
| 中文关键词: | |
| 外文关键词: | Sensitive Personal Information ; Private Information ; Personal Information Protection Law ; Civil Code ; Legal Application |
| 中文摘要: |
《民法典》与《个人信息保护法》(以下简称《个保法》)不同的立法价值取向决定了二者采用不同的分类标准划分个人信息,敏感个人信息显然不同于私密信息,二者在客体范围、集合特性等权利内涵方面存在诸多差异,立法或司法解释未明确二者之间的关系,导致二者概念界定、判断标准存在争议,司法实践中陷入二者规则适用的困境。因此有必要解决敏感个人信息与私密信息之间关系与界定问题,明晰敏感个人信息的判断标准。
﹀
敏感个人信息保护的关键是明确法律适用和法律关系内容。《个保法》与《民法典》之间个人信息保护规则的差异,引发敏感个人信息与私密信息交叉重合情形的规范冲突、敏感个人信息能否适用人格权禁令和请求权实现救济等法律适用问题。界定两部法律的关系,可使敏感个人信息保护的法律适用问题迎刃而解。敏感个人信息保护法律关系的内容包括权利义务规则和侵权认定,信息主体基于信息自决理论享有知情权、决定权等权利,信息处理者负担更严格的处理义务,这些权利义务规则成为了敏感个人信息权益侵权责任构成具体化的依据。因此,本文在理清两部法律的关系定位的基础上,明确敏感个人信息保护的法律适用、权利义务的具体内容,力图对敏感个人信息的侵权认定形成统一共识提供参考。 本文分为四部分。第一部分提出敏感个人信息界定和保护方面存在的问题。本文通过阐述我国规范文件对敏感个人信息的规定现状,分析制度存在的不足,并在此基础上提出敏感个人信息与私密信息的关系与界定争议、敏感个人信息保护的法律适用衔接问题。 第二部分以《个保法》与《民法典》对个人信息的分类角度考察敏感个人信息的界定与定性,研究内容主要包括敏感个人信息与私密信息的概念界定、两者的联系与权利内涵区别,并提出二者是交叉重合关系并予以引证,最后明晰敏感个人信息的判断标准,应当从基本权利面临高风险损害结合特定处理场景进行判断。 第三部分探讨敏感个人信息保护的法律适用。本部分以《个保法》的功能预设与体系地位为切入点,确认其个人信息保护领域基本法定位,否认该法是《民法典》特别法的论断。最后本部分探讨与《民法典》联动时,交叉情形下与已公开的敏感个人信息规则的适用。 第四部分明确敏感个人信息保护的权利构造与路径选择。本部分讨论信息主体权利的理论来源为信息自决理论,并阐述信息主体享有的知情权、决定权和删除权等具体权利内容,以及信息主体可适用人格权请求权实现救济。敏感个人信息处理者负有更严格的处理义务,需要履行非例外情形禁止处理义务、征求单独同意义务和影响评估告知义务。敏感个人信息权益侵权认定的归责原则决定侵权责任构成要件的内容,过错推定原则适用背景下,敏感个人信息处理者负担无过错举证责任,侵权责任构成要件即侵害样态和损害认定。 |
| 外文摘要: |
The different legislative values of Civil Code and Personal Information Protection Law determine that they adopt different classification standards to classify personal information. Obviously, sensitive personal information is different from private information, and there are many differences in the scope of object, aggregation and other rights connotation between the two. Legislation or judicial interpretation does not clarify the relationship between the two, resulting in the two concept definition, judgment standards are controversial, judicial practice into a difficult situation. Therefore, it is necessary to resolve the relationship between sensitive personal information and private information and to clarify the judgment standards of sensitive personal information.
﹀
Specifying the application of law and legal relationship is the key to protecting sensitive personal information. The difference in the rules on protection of personal information between the Personal Information Protection Law and the Civil Code gives rise to issues concerning the application of law such as conflicts of standards when sensitive personal information and private information overlap, whether the injunctions of personality right and the remedies for the realization of the right of claim can apply to sensitive personal information. Defining the relationship between the two laws will resolve the issue of law application for the protection of sensitive personal information. The content of the legal relationship for the protection of sensitive personal information includes the rules on rights and obligations and infringement identification. Information subjects have the right to know, the right to make decisions and other rights based on the theory of information self-determination, while information processors bear stricter processing obligations. Such rules on rights and obligations have become the specific basis for the constitution of infringement liabilities for sensitive personal information rights and interests. Therefore, based on a clear understanding of the relationship between the two laws, this dissertation clarifies the application of the laws as well as the specific contents of rights and obligations in respect of the protection of sensitive personal information in an effort to provide reference for the formation of a unified consensus on the determination of infringement of sensitive personal information. This dissertation is divided into four chapters. The first chapter presents the problems in the definition and protection of sensitive personal information. This dissertation expounds the current situation of the regulation of sensitive personal information in normative documents, and analyzes the deficiency of the regulation, and on this basis raises the controversy over the definition and relationship between sensitive personal information and private information, and issues on joint application of law to the protection of sensitive personal information. The second chapter examines the definition and nature of sensitive personal information from the perspective of the classification of personal information in the Personal Information Protection Law and the Civil Code, including the conceptual definition of sensitive personal information and private information, the connection between the two and the difference in right connotation, and points out that the relationship between sensitive personal information and private information is overlapped and cited. Finally, this dissertation clarifies the criteria for judging sensitive personal information, which should be judged from the basic rights facing high-risk damage combined with specific processing scenarios. The third chapter discusses the application of laws to protect sensitive personal information. Based on the function and system status of the Personal Information Protection Law, this chapter confirms its position as the basic law in the field of personal information protection, and denies the argument that the Act is a special law in Civil Code. Finally, this chapter discusses the application of publicly disclosed sensitive personal information rules in interconnection with the Civil Code and the application of personality right claims and personality right injunctions to achieve relief. The fourth chapter clarifies the content of the legal relationship for the protection of sensitive personal information. This chapter points out that the theoretical source of the information subject's rights is the information self-determination theory, and expounds the information subject's rights, such as the right to know, the right to decide, the right to correct and the right to delete. And the subject of sensitive personal information may apply the right to claim personality rights to achieve relief. Processors of sensitive personal information shall have stricter handling obligations and shall perform obligations of prohibiting handling in non-exceptional cases, obligations of seeking individual separate consent and obligations of informing of impact evaluation. The principle of imputation for the determination of infringement of sensitive personal information rights and interests determines the content of the elements of infringement liability. In the context of the application of the presumption of fault principle, the burden of proof is on the processor of sensitive personal information to prove no fault, and the elements of tort liability are the infringement pattern and the determination of damage. |
| 参考文献总数: | 70 |
| 馆藏号: | 硕035101/22055 |
| 开放日期: | 2023-06-23 |
谷歌
