Research On Legal Regulation Of The Failure Of Informed Consent Rule In Cross-app Personal Information Sharing

In this day and age,APPs have become an integral part of people’s working lives,and personal information of users,which is closely related to APP applications,has become an important resource.The collection,integration and mining of personal information is becoming more and more common,and the sharing of personal information across APPs has become the new norm.At the same time,the problem of illegal sharing of personal information by APPs is beginning to come to the fore,and the security of personal information needs to be addressed.The paradox of sharing personal information across APPs is that if information sharing is overly encouraged,it may pose a risk to personal information security;however,if personal information is overly protected,the extent of information sharing will be severely limited and the economic utility will be greatly reduced.The question of how to legally regulate the sharing of personal information has been of great concern to academics and practitioners.To better address this situation,China has further strengthened the centrality of the informed consent rule through legislation such as the Personal Information Protection Law,which has resulted in the emergence of a framework for a personal information sharing regime that is gradually becoming more orderly and transparent.Although the rules on informed consent have been affirmed by the will of the state,in practice there are still problems such as form over substance and obvious negative externalities,making the right of informed consent of information subjects an "empty shell" of rights,contrary to the original legislative intent.At present,most studies on informed consent rules for personal information sharing are based on legal doctrine,and few empirical studies have been conducted in conjunction with APP privacy agreements,and the existing empirical literature has not adequately considered the influence of factors such as the purpose of sharing,the type of personal information and the type of recipients of personal information.Research on the sharing of personal information should be analysed specifically in the context of China’s actual situation,responding to theory with practice.This paper first composes the basic theory of informed consent rules,and then selects 74 APPs ranked first in their segments based on the "2021 App Classification Ranking" jointly published by the Internet Weekly of the Chinese Academy of Sciences,e Net Research Institute and Debenhams Consulting,and conducts empirical evidence on their privacy agreements in two dimensions: general text and specific clauses,to examine how effectively the informed consent rules are applied in practice.In terms of overall text content,APP privacy agreements are generally long and obscure,and the headings of the personal information sharing chapter are confusing.In terms of the specific sharing provisions,the informed consent rule fails to work,mainly in the following ways:(1)the effect of notification is limited,the concept of "affiliated companies" is confused,the timing of notification is unclear and does not meet the reasonable expectations of users;(2)the consent mechanism is not effective,as personal information can be shared directly between linked apps without the need to obtain consent,and the way in which consent is obtained is hidden,with continued use being regarded as implied consent across the board.Reflecting on the above issues,the main reasons are the lack of uniformity in legal provisions,the lack of incentives for app operators to comply and the fragmentation of state regulatory powers.To better facilitate the implementation of the informed consent rule,this paper reinterprets the informed consent rule: it clarifies the meanings of "sharing" and "other personal information processors",and proposes that the specific provisions of the Personal Information Protection Law corresponding to the sharing behavior will be different when the type of the recipient of personal information is different.Based on the opt-in consent of the European Union and the opt-out consent of the United States,this paper subdivides the purpose of sharing,the type of shared personal information and the type of the recipient of personal information,and puts forward the typing path of informed consent rules,with a view to endowing informed consent rules with more specific connotations at the micro level.At the same time,in order to optimize the overall environment of personal information sharing,this paper also puts forward the following three suggestions: first,to unify the content of legal documents of different ranks;Second,innovate the expression form of APP privacy agreement;Third,set up "paid disagree" mechanism,endow users with the right to dissent;Fourth,the introduction of data trust,the establishment of independent third-party institutions to strengthen supervision.This paper will effectively connect theory with practice,in order to solve the practical dilemma of informed consent rules in the above ways,and realize the dual purpose of protecting personal information security and promoting personal information circulation.