The Dilemma And Outlet For The Application Of The Informed Consent Principle In The Payment Context

Internet payment is an industry with strong development potential at present.The combination of online and offline will fully integrate offline personal information into online,and make full use of personal information to innovate business models.The subjects of personal information processing in payment context include information controllers and government agencies of market entities such as payment institutions.Before processing personal information,you need to obtain users’ consent through a privacy policy.This is the principle of informed consent.This principle has been universally applied to national and international personal information protection legislation.The reason why this principle is applicable in the payment context: First,to eliminate the information asymmetry between the payment institution and the users;Second,the users have the right to self-determination of personal information;Third,to ensure the legality of the use of personal information by payment controllers and other information controllers.In essence,the application of this principle is to prevent Payment institutions or third-party information controllers from mishandling personal information,so as to achieve the purpose of protecting users’ personal information interests.However,the scope of application of the principle of informed consent in payment scenarios in China is too broad.In principle,the users’ consent is required before personal information processing,with some exceptions.But the exception is only national standards,which have a small proportion,incomplete coverage,and poor flexibility.The broad application of the principle of informed consent makes the application of the principle of informed consent in a dilemma: on the one hand,consent is in a form that makes it difficult to effectively protect personal information;on the other hand,the cost and difficulty of obtaining consent is too large,which hinders the effective use of personal information.It is imperative to limit the scope of application of the principle of informed consent in payment context.This logic is that there are multiple conflicts of interest in payment contexts.The personal information of the payment context belongs to personal financial information and has dual attributes.It not only has the personal interests of users,but also has commercial interests and public interests.Users’ interests should be transferred to other interests: from the perspective of rights,the right to self-determination of personal information is not absolute;from the perspective of social contract theory and the theory of justice distribution,the transfer of personal information is the basis for the formation of the state and other consortiums,and also the requirement for the efficient allocation of social resources;from the perspective of the nature of personal information,different personal information has different degrees of personality and property attributes,and different degrees of protection;from the perspective of financial supervision objectives,appropriate and reasonable personal information processing is conducive to maintaining financial order and stability and security.he application consent of personal information type is one of the methods that many countries adopt to limit the application of informed consent,which is conducive to strengthening the protection of special personal information and the use of general personal information.Due to the large amount of financial sensitive information in the payment context,the impact of different financial sensitive information is still different.In addition,the personal information of payment context has strong propertyattributes,then the financial sensitive information can be refined according to the three-dimensional degree of recognition,association and mining,which can be divided into key personal information,important personal information,secondary personal information and general personal information.In addition,the types of consent can be diversified,such as the licensing model of intellectual property rights,and the staged consent,etc.In addition,Europe and the United States have also established a legal basis for consent exemption of personal information processing.The United States adopts the context and risk theory and takes “context reasonable” as the basis of legitimacy;while the European Union constructs the basis of legitimacy with the mode of“generalization + bottom seeking”,and the balance test as the condition of bottom seeking is measured from the principle of proportion,risk assessment and other aspects.The advantages of these two are that they establish dynamic and flexible standards,which can more fully cover the situations that are exempt from consent,reduce the size of consent,reduce the burden of both parties,and also provide users with a basis for judgment through risk assessment.But regrettably,the criteria for identification in the United States are too subjective,and it is more difficult to land in China,while the EU balance test content is too strict.What the two countries have in common is that the standard is identified as personal information risk,and both use a risk assessment mechanism.This risk assessment mechanism conforms to the standards for the reasonable use of personal information and has a mature mechanism.So it is more likely to land in China.In addition,based on the consideration of interest rank,the right to life and public interest are higher than the user’s personal interest as a whole,and the personal information risk is obviously lower can be directly listed as the agreed exemption situation,without risk assessment.Therefore,the outlet of the principle of informed consent in payment context lies in: first,establish a hierarchical consent mode for personal information based on the“sensitivity”standard,and implement a consent mode with decreasing severity for key personal information,important personal information,secondary personal information and general personal information;The second,build the legitimacy basisof consent exemption based on risk assessment,which is carried out by a third-party organization.The third-party organization agrees according to the level of risk,and clearly lists the legitimacy basis of exemption from risk assessment,so as to balance the protection of personal information and the use of personal information.At the same time,establish a special personal information protection organization,use privacy design to enhance transparency,and give users the right to withdraw to further improve this dynamic consent exemption mechanism.