| Personal information is generally defined as "information relating to identified or identifiable natural persons".It is limited by the two elements of "identification" and "relevance".In the era of big data,with the development of image analysis and other technologies,the boundary between "identification" and "relevance" is expanding,and the "identification" standard itself is difficult to judge,which leads to the gradual generalization of the concept of personal information until everything is included.The combination of the all-inclusive concept of personal information and the "high-density compliance obligation" of information enterprises in the personal information protection system makes the personal information protection law unable to be implemented effectively.With regard to this,it is suggested to introduce "the concept of Context and Damage Risk" in the definition of personal information and "Context" refers to various factors that affect the acceptability or sensitivity of the information subject to its personal information processing."Damage Risk" is the core evaluation criterion of the acceptance of personal information processing by an information subject.Take "Context" as the starting point and "risk management" as the means of implementation,and take "prevention of risk and damage" as the normative purpose and legislative orientation of personal information.As far as the application of the concept of "Context and Damage Risk" in the definition of personal information is concerned,the spirit of case analysis should be adhered to.Whether the disputed information is personal information is not an abstract question,but can only be judged according to the specific circumstances of the case.It is recommended that damage risk be assessed for different information context,the abstract risk of information processing can be divided into "subjective damage risk" and "objective damage risk".The former mostly occurs in the context of information disclosure,the latter occurs in the context of utilization of information.In so far as the standards for defining personal information at risk of subjective harm are concerned,the“identification” element remains the central judgment,but determinations as to“identification” should depend on “Information Sensitivity” and “Information Accessibility”;For the purposes of the criteria for determining personal information at the risk of objective harm,the phrase “whether information is identifiable” shall be replaced by the phrase “whether the use of information causes personal harm to an objective person.”... |
PDF Full Text Request