Abstract: The development of new technology has posed new challenges to the traditional framework of data protection. In the context of big data, artificial intelligence, internet of things, cloud technology and so on, authorization of personal information based on user consent often falls into invalid or hinders technological progress, and meanwhile, cannot really provide data privacy protection. Besides, there are also problems with some principles of restricting data users. The reason is that the current personal information protection law adopts the individualism and static protection approach, and there is tension with data utilization under the background of new science and technology. In the future, the protection of personal information should shift from individualistic permission to risk-oriented public law control, from static protection to dynamic protection.