数据权力视野下个人信息保护的趋向——以个人信息保护与隐私权的分立为中心
Personal Information Protection from Perspective of Data Power: Based on the Separation of Personal Information Protection and Privacy Protection
-
摘要: 隐私权与个人信息保护在保护机理方面存在根本性不同: 交往行为为隐私划定边界, 而信息处理行为是个人信息保护法的规制对象。前者建立在文明规则基础之上, 要求行为参与者平等、自愿; 而后者依赖公平信息实践, 针对的是处理者与信息主体的权力差。但因为二者内容上存在交叉重叠, 长期以来存在保护上的耦合。个人信息保护沿用了从隐私权保护过渡而来的权利保护模式, 这一模式默认信息处理行为只要符合公平实践准则即具有合法性和正当性, 规避了对处理行为本身的善恶之辨; 同时, 这一模式沿袭知情同意框架, 对弥合大数据时代显著增大的数据权力差距收效甚微。为实现实质正义, 应摒弃以隐私权保护为代表的侧重赋予信息主体更多权利的权利保护机制, 代之以制约信息处理者之数据权力、算法权力为中心的保护机制。通过权力约束权力、权利对抗权力和诚信引导权力三方面的机制来达到权力制约的效果。Abstract: The right to privacy and the right to personal information protection are totally different kind of rights: communicative action draws the boundary of private and public, while information processing behavior is the core of regulating personal information. The former is based on civility rules and requires participants to be equal and voluntary, while the latter relies on fair information practice principles, which aims at the power imbalance between the processors and the information subjects. However, there is a long-term interconnection between these two concepts. That is why the first version of fair information practice principles follows the right protection mode. The right protection path defaults that information processing behavior is legal and legitimate as long as it meets the fair practice standards, which avoids the debate on the good and evil of information processing itself. In order to achieve substantive justice, we should abandon the right-based protection mechanism such as privacy protection, which focuses on giving more rights to information subjects, and replace it with the protection mechanism centered on restricting the data power and algorithm power of information processors. The effect of power constraints can be achieved through three mechanisms: power restriction, power confrontation and integrity guidance.