| The "Exclusion Clause" of Article 4 of the Personal Information Protection Law of the People’s Republic of China further clarifies that the information after anonymization no longer falls within the scope of protection of personal information,that is,it promotes the circulation and use of data by exempting personal information processors from the burden of recirculation after the specific processing of personal information.However,the current results-oriented treatment principle lacks operability,and the privacy infringement problems caused by unclear legal standards and residual risks are repeatedly prohibited.China’s anonymization rules require that information "cannot identify a specific natural person and cannot be recovered",this absolute technical standard has obstacles in both theoretical and judicial application,and the development of the anonymization system has institutional difficulties such as incomplete normative coverage,unclear identification standards,and lack of regulatory means,which makes the legitimate rights and interests of personal information subjects face potential infringement risks.The application of technology is inseparable from the guidance and norms of the legal system,China’s current personal information anonymization norms are extremely simple,the processing standards embodied in the concept of anonymization are not clear,the ambiguity of the standards for personal information processors to strategically use this rule to reduce and exempt their own information protection obligations.In the face of the urgent demand for data in the era of big data,anonymization rules should pay more attention to the implementability of norms,and whether the information is identifiable should be divided according to the degree of identification,not a simple definition of right or wrong,even if the information after anonymization still has residual risks.The current legislation seeks to formulate unified technical effect standards is not of practical significance,and the focus should shift to combining procedural standards and legal recognition standards that restrict anonymization technical means,build "prevention and control" regulatory means,and clarify the identification elements,the degree of identification,and the effect evaluation after anonymization.Based on the analysis of the legal standards and regulatory principles on the anonymization of personal information in EU and UK law,this paper provides two "identification standards" with different value tendencies for the construction of China’s anonymization system for reference,and discusses anonymization norms suitable for China’s national conditions in combination with the problems existing in China’s personal information anonymization regulations,and carries out institutional construction of China’s personal information anonymization.On the basis of paying attention to social order and public interests,strengthen the guiding role of basic principles and specific principles,build a regulatory method that combines technical standards and legal standards,conduct all-round risk assessment of relevant processing behaviors that may violate the criteria of the anonymization process and cause infringement risks,reduce the nonindependence of opinions issued by the internal risk management departments of information processing enterprises,and make up for the lack of professional skills of public power subjects,so as to provide a basis for administrative departments to adopt relevant regulatory measures to regulate the infringement behavior of processors. |
PDF Full Text Request