Legal Protection Of Sensitive Personal Information:Theoretical Basis And Normative Structure

In recent years,under the background that the iterative development of information processing technology has continuously threatened and damaged the personal and property rights and interests of citizens,our country’s theoretical analysis and institutional responses to personal information protection are increasing.However,for the most important type of information,the sensitive personal information,the existing analysis and research are insufficient,and the legal provisions are not detailed.In practice,the problems brought about by the collection and processing of sensitive personal information have become more and more prominent.Such information has a large degree of vulnerability,and its vulnerability stems from the fact that after its collection and processing,it is not only easy to cause problems related to the privacy rights,personal dignity and personal dignity of specific subjects.Threats and harms to property rights,and it is easy to cause prejudice and discrimination against specific subjects,and may cause uneasiness to social individuals and even groups.Based on this,this thesis conducts research on the legal protection of sensitive personal information.In addition to the introduction and conclusion,the content of this thesis is mainly divided into four parts:The first part defines the basic categories of sensitive personal information.From the perspective of legal normative significance and social resource allocation,in the process of balancing information protection and information utilization,the protection methods and protection strengths of different types of personal information are different.There are two traditional classifications of personal information: direct personal information and indirect personal information based on identification,and private information and public information based on privacy status.The recent classification of personal information refers to the classification of sensitive personal information and general personal information based on sensitivity.The sensitive personal information,which is the object of this study,needs to be highly concerned and strictly protected at the legal level.This new classification is not only based on the objective differences in sensitivity of personal information,but also has an extraterritorial legal consensus to classify information based on sensitivity.After summarizing and analyzing the five standards of sensitive personal information,such as “discriminatory consequences”,“High risk of damage to basic rights”,“combination of intrinsic quality of information and calculated distance”,“Privacy right infringement” and “subjective assessment”.This thesis believes that the most important feature of sensitive personal information is that it is easy to infringe on personal rights and interests.Therefore,based on the standard of “vulnerability to rights and interests”,it is defined as personal information,including biometric information,medical and health information,religious belief information and other specific types,which may easily lead to infringement of personal dignity or harm to personal and property safety once disclosed or illegally used.This definition means that the sensitivity of personal information is positively correlated with the possibility of rights being violated.The higher the sensitivity,the more likely the personal information to cause legal consequences of rights infringement and thus trigger legal regulations.This is not only consistent with the normative purpose and spirit of the Personal Information Protection Law,but also meets the practical needs of the protection of sensitive personal information in the era of big data.On the basis of the legal status of the superior concept of personal information has been recognized in the civil basic law,and sensitive personal information itself has the attributes of objectivity,effectiveness and lawfulness,it should be considered as an important object of private law relations in nature.Although the Civil Code makes targeted provisions on the legal protection of private information in relevant chapters,private information and sensitive personal information are not the same.There are certain connections between the two and important differences in connotation,extension and protection system.The second part examines the theoretical basis of legal protection of sensitive personal information.The theoretical basis of legal protection of sensitive personal information can be examined from two dimensions.The first dimension is a general theoretical basis based on the nature of personal information.Firstly,from the perspective of personality rights theory,sensitive personal information not only comes from the daily life of the individual concerned and thus becomes its symbol and epitome to a large extent,but also the illegality of the information.Although treatment may cause property damage,it mainly carries the very important spiritual interests of the individual concerned,which is the protection object of personality rights.Secondly,from the perspective of the right to privacy theory,in the development of its more representative independent treatment theory and reasonable expectation theory,on the one hand,the judgment standards for privacy are more objective,and on the other hand,some countries have adopted the right to privacy system for personal information.Provides some protection,and so far there is a connection between sensitive personal information.Thirdly,from the perspective of the theory of personal information self-determination,this theory is of special importance to the protection of sensitive personal information.Not only does the judgment that gave birth to the right to information self-determination mention sensitive information,but the high-strength protection concept contained in this theory is not only related to the protection of sensitive personal information.The protection of sensitive information needs to be compatible and can provide strong support for the special protection of such information.Fourthly,from the perspective of the theory of personal information property rights,this theory advocates that property rights should be used to strengthen the control of specific subjects over their personal information,thereby meeting the individual needs of specific subjects for their personal information,which is instructive for the protection of sensitive personal information.The second dimension is the basis for special protection based on the sensitive nature of sensitive personal information: First,from the point of view of the necessary protection of human dignity,it is generally believed that human dignity is related to the fundamental value of the subject,focusing on the purpose of the human being and taking self-determination as the key,compared with other information,sensitive personal information is more closely related to human dignity.Second,from the modern demands of individual human rights,the modern information society is moving towards the “fourth generation of human rights” characterized by digital human rights.The collection and processing of sensitive personal information poses a real threat to human rights,and its level of protection reflects the protection of human rights in the digital age.Third,from the perspective of the objective needs of anti-discrimination,on the one hand,anti-discrimination has become a worldwide legal consensus,and on the other hand,with the widespread use of automated information decision-making,anomie of sensitive personal information will easily lead to discriminatory consequences such as unfair treatment.Fourth,from the perspective of information classification based on sensitivity,information types with different sensitivities correspond to different levels of protection and methods.Information classification provides methodological support for the protection of sensitive personal information and helps to achieve a balance between information protection and information utilization.Fifth,from the perspective of the legal response to the risk society,there is an inherent logic for the law to develop and reform in the face of social risks in the transition from industrial society to the information society.For sensitive personal information that contains high risk factors of infringement of rights and interests should be provided with strict matching protection at the institutional level.The third part,taking the protection of facial feature information as a sample,analyzes the specific form of legal protection of sensitive personal information.In practice,the legal protection of sensitive personal information has aroused great attention at home and abroad.Taking the widely concerned facial feature information as an example,due to the naturalness,imperceptibility and multi-scene applicability of face recognition,a biometric recognition technology,it is often possible to use augmented reality to lock and analyze specific natural persons,thus giving birth to the strong demand for facial feature information protection.As a kind of important sensitive personal information,the collection and processing of facial feature information is not only related to the protection of personal dignity,but also endangers the personal and property rights of the subject,and urgently needs special legal protection.The recent legal practice in representative countries and regions such as the United States,the United Kingdom,and the European Union shows that in order to effectively address the risks and challenges brought by face recognition technology,facial feature information should be included in biometric information for strict protection in legislation,and this position should be implemented throughout.The whole process of judicial adjudication and application of law.In the face of social awareness of personal information protection and increased risk of facial feature information processing,China has gradually formed a multi-level protection system involving laws,judicial interpretations and other normative documents in the field of facial feature information protection in recent years,which is worthy of recognition.At the same time,however,there is currently no systematic norm for the protection of biometric information or sensitive personal information in my country.Relevant regulations are scattered in texts at different levels,and some regulations need to be refined due to relatively principles.In terms of judicial practice,the “First Case of Face recognition in China” clearly emphasized the judgment position that sensitive personal information should be “carefully handled” and “strictly protected”,which provided useful guidance for the limits of information processing in the future.However,it is a little regretful that the trial,which mainly focuses on contract disputes,failed to fully focus on personal information,especially sensitive personal information,for in-depth analysis.It can be said that the specific analysis of facial feature information protection is helpful to the overall understanding of the legal protection of sensitive personal information to a certain extent.The fourth part explains and improves the institutional norm structure of legal protection of sensitive personal information in my country.Based on the above investigation,China should pay attention to at least the following five aspects in the process of improving the system norms of legal protection of sensitive personal information.Firstly,the legal definition of sensitive personal information should adopt both legal listing mode and comprehensive consideration mode.On the one hand,on the basis of recognizing the relevant provisions of the Personal Information Protection Law,article 1034 of the Civil Code should be scientifically adjusted.While considering deleting paragraph 3 of this article,paragraph 2 of this article should be amended to read: “Personal information refers to all kinds of information recorded electronically or in other ways that can identify a specific natural person individually or in combination with other information,including general personal information and sensitive personal information.Sensitive personal information includes biometrics,religious beliefs,specific identities,medical and health care,financial accounts,whereabouts,etc.”;On the other hand,the connotation of sensitive personal information in article 28(1)of the Personal Information Protection Law should be reasonably explained to reserve space for the development of new types of sensitive personal information.Secondly,the establishment of the basic principles of legal protection of sensitive personal information should consider the balance between information protection and information utilization as well as the rule of law experience outside the region.In the context of the current law adopting the position of“processable + specific restrictions”,The basic principles of legal protection of sensitive personal information should include the principle of legality,legitimacy,specific purpose and sufficient necessity of information processing.Thirdly,under the legal framework of personal information protection,compared with general personal information,there are four rights enjoyed by sensitive personal information subjects that need special attention and extended interpretation,including the right to know,the right to consent,the right to correct and supplement,and the right to delete.Fourthly,in the process of sensitive personal information collection processing,sensitive personal information processing is more strictly five legal obligation,including careful handling,safety protection obligation,the obligation of the personal information protection impact assessment and recording information and inform obligation,and personal information protection,head of the specified duty.Fifthly,the remedy for infringement of sensitive personal information rights and interests should be strengthened.On the one hand,the principle of no-fault attribution should be clearly stipulated in the law.On the other hand,it is clear that its constituent elements include the information processor’s illegal collection and processing of sensitive personal information,the subject of sensitive personal information suffering damage,and the causal relationship between the illegal collection and processing of sensitive personal information and the damage,so as to provide strong legal protection for the subject of sensitive personal information.