Research On The Construction Of Chinese Personal Data Trust Legal System

In the era of big data with the rapid development of cloud computing,artificial intelligence and mobile Internet,how to mitigate the tension between personal data use and protection is an issue of endless debate.At present,China’s personal data protection adopts the traditional "informed-consent" model.Under this model,it is difficult for individuals as data subjects to protect the right to know in the face of lengthy and complicated format clauses and data controllers represented by Internet platforms,and it is also difficult to bear the burden of proof when their rights are violated.The reason for this phenomenon is the unbalanced rights structure between the data subject and the data controller.In order to solve this power imbalance problem,data trust,as a new type of data governance tool,has been proposed in recent years.Data trust theory is mainly divided into two institutional concepts,the information fiduciaries in the United States and the third-party data trust in the United Kingdom.The U.S.information fiduciaries model directly imposes fiduciary obligations on dominant data processors,requiring them to put the interests of data subjects in the first place and not conflict with the interests of data subjects.However,this model imposes excessive responsibility on data processors,thus posing a conflict of interest issue.Unlike the U.S.,the UK’s third-party data trust model tries to build an independent third-party subject as a trust agency to supervise the behavior of confronting data processors in order to protect the interests of data subjects.Considering the shortcomings of Barkin’s theory,the advantages of third-party governance and the development status of China’s digital economy,the UK’s third-party data trust model is more in line with China’s national conditions.Therefore,China can learn from the third-party data trust model in the UK and explore its own data trust legal system in data governance in order to balance the relationship between data utilization and protection.The introduction of a third-party data trust is conducive to reconstructing the distribution of the burden of proof,balancing the rights structure between data subjects and processors and maximizing the protection of personal data security while promoting data circulation.At the same time,the data trust conforms to the establishment conditions,operating mechanism and main characteristics of the trust.To explore and build a localized legal system for personal data trust,we must first solve the problems of data ownership definition and data classification,based on the separation of data ownership and data use rights.Secondly,we should adhere to the fiduciary duty of data processors as the logical core to maintain data integrity.Security is the fundamental purpose,with data subjects and data processors as common beneficiaries and data rights as the object of trust.Finally,a supervision mechanism for data trust institutions must be established,and the access conditions,operational rules and responsibility allocation issues of trust institutions must be clarified.Moreover,we should guarantee the relief path of data vulnerable groups and reconstruct the status quo of the system where the rights structure of both parties is unbalanced and the burden of proof is mismatched,so as to alleviate the contradiction between the value of data circulation and the value of privacy.