| In the era of big data,the balance between the use of information resources and the protection of personal information has become a difficult problem.The emergence of the anonymization system has alleviated this tension.The processed anonymous information can not only play the role of data circulation,but also prevent the risk of personal identification.But the key point is,when will the anonymization process be completed?What are the requirements for effective anonymization?This involves the specific identification standard of anonymization.The solution of this problem is a prerequisite for the application of the anonymization system.In order to solve this problem,this article separately demonstrate from four parts:the current situation of anonymization standards,the loopholes of anonymization standard,the practical experience of foreign countries and the reconstruction of anonymization standards.The first part expounds the concept and standard of anonymization in our country’s existing legislation.Because this article takes the anonymization system as the research goal,it is the prerequisite to make clear the concept of anonymization.In our country’s legislative process,since pseudonymization and de-identification have been similar to anonymization,the differences between these concepts should be clarified.In addition,there are mainly four types of standards for anonymization in our country’s legislation,all of which regard the "unable to identify a specific individual" and "irrecoverable" under the "Cyber Security Law"as the core requirements.The difference is that some regulations have added restrictive factors such as "reasonable" and "relevant" to make up for the loopholes in this standard.After combing the relevant anonymization rules in our country’s current laws and regulations,it is not difficult to find that there are still some problems in my country’s anonymization standards.Small differences in expression will lead to huge differences in the results of anonymization.Therefore,it is necessary to sort out the existing standards of anonymization in our country.The second part analyzes the legislative and theoretical problems of our country’s anonymization standards.At the legislative level,there is no"Personal Information Protection Law" as a top-level design in the field of personal information protection.The fragmentation of legislation has led to the characteristics of vacancy,non-mandatory,and inconsistent identification of anonymization standards.At the theoretical level,with regard to the requirement of "unable to identify a specific individual",there are some deficiencies in the identification subject and identification method elements,and it is difficult to decide whether the identity or the individual is the identification object.Due to the existence of re-identification risks,there is almost no anonymous information that cannot be recovered.The difficulty of satisfying the requirement of"irrecoverable" has also led to controversies between the theory of anonymization failure and the theory of anonymization retention in academic circles.Finally,not only the standards for anonymization and personal information inconsistent in legislation,but also the boundaries between anonymous information and personal information are more and more blurred in practice.Anonymous information can easily identify a specific individual and turn it into personal information.The third part discusses the legislative experience of foreign countries on the anonymization standard.This article uses comparative analysis methods to analyze the anonymization standards adopted by the European Union,the United Kingdom,and Japan.In comparison,the EU has established a strict "all reasonable possibilities" standard out of consideration of individual personality interests.The UK basically continued the standards established by the EU in the GDPR and innovatively proposed the "intentional intruder review." Japan’s identification standard is similar to China’s in expression,but its official documents clarify that anonymization uses personal information processing businesses as the main body of judgment,and the knowledge and technical capabilities that ordinary people and ordinary businesses should have as the basis for judgment.The standards of these countries and regions have their own characteristics,especially on the issues of identifying subjects,identifying methods,identifying objects,and whether or not to retain original data.Their exploration of the criteria for anonymization has provided lessons for our country’s legislation.The fourth part reshapes this standard based on the practical problems existing in the anonymization standard.Under the background of the frequent data circulation in China and abroad,our country’s anonymization standard needs to be further improved.In terms of legislative form,the "Personal Information Protection Law" should be promulgated as soon as possible to improve the top-level design of the legislation and provide guidance for the anonymization criteria.In terms of substantive content,anonymization standard system should be established from the static and dynamic levels.At the static level,the core and bottom line of anonymization should still be "unable to identify a specific individual" and "irrecoverable",but the missing elements of the former standard should be filled and the latter standard should be reinterpreted.The identification subject should be determined according to the scope of disclosure,the reasonable possibility of the identification method should be established,and the identity and behavior should be identified as the object;the Japanese model should be used for reference to propose a relativistic irreversible standard under the premise of affirming the risk of re-identification.At the dynamic level,the identification of anonymization effectiveness should get rid of the fixed thinking of dichotomy,introduce the "Context Theory "into the identification standard of anonymization,and make it clear that the identification of anonymization effectiveness should be considered in the specific context. |
PDF Full Text Request