Research On The Legal Standard Of Personal Information Anonymization

In the context of the era of big data,the protection and utilization of personal information has always been the two main themes of personal data legislation.The anonymization of personal information has become the mediator between the protection of personality interests and the use of information.The anonymization has promoted the development of digital economy while protecting the rights and interests of personal information.At present,our legal standard of anonymity is based on the concept of identifiability of personal information.Anonymous information and personal information are placed in the complete opposite of one or the other,and anonymous information becomes an absolute safety zone in law.However,there is no clear distinction between anonymous information and personal information.They are in a state of flux.Anonymization is not permanent,anonymous information has the risk of being re-identified.The rigid and general classification standard of "identifiability" protection should not become an obstacle to restrict the use of data and data protection.It is wise to establish a legal standard to control the risk of re-identification of anonymized information within a reasonable range.Based on the problems existing in personal information anonymization processing,this paper explores the path to improve the legal standards of personal information anonymization,in order to provide theoretical reference for the effective use of personal information anonymization processing.The first part asks questions.Starting from the provisions of the definition of anonymity in the Protection Law of Personal Information,through the methods of textual interpretation and system interpretation,it explains that the existing legal standard of anonymity in our country is too absolute and idealized.There is no perfect anonymization technology in the reality,and the existing norm of anonymity is almost become an oath clause.It is urgent to refine the scientific legal standards for the anonymity of personal information.The second part introduces the traditional path of anonymous information relying on the concept of personal information.By clarifying the connotation and characteristics of personal information and anonymous information,it can be found that anonymous information and personal information are defined by the same set of standards and repeated synonyms in Chinese legislation.However,personal information and anonymous information on the basis of recognizability have scene and dynamic similarities.There can be no clear-cut boundary between the two dynamic concepts.It is in a state of change,so the definition of the legal standard of anonymous information should go beyond the traditional path of relying on the concept of personal information.The third part introduces the legal risks of anonymous processing and the current situation of the anonymous system in our country.The existing anonymization standard of "unrecognizable and unrecoverable" is too idealized.By observing the regulations on the risk assessment of de-labeling and re-identification,it is not difficult to find that the risk of re-identification of anonymous information is inevitable.Therefore,we should not dwell on the technical details,but return to the fundamental issue of the legal standard of "anonymization".However,by combing through the current legal norms of anonymity,it can be found that the existing legal standards of anonymity are fragmented and ambiguous,which has caused certain obstacles to the judicial practice and the application of the anonymity system on network platforms.The fourth part analyzes our country’s current legal standard of anonymous information.The leakage and path selection.Our current rules of non-recognisable and irreversible anonymity are general and vague.The absolute standard of anonymity lacks feasibility and necessity,and the remaining risk prevention mechanism of anonymous information is not perfect.The European Union adopts "all reasonable possibilities" as the legal standard for anonymous information,the United States determines whether the anonymization complies with the legal provisions through the "expert standard" and "Safe Harbor standard",and the United Kingdom proposes the "active intruder test" to determine the effectiveness of the anonymization processing.Different countries have different legislative tendencies.On the basis of analyzing and learning from the legislative experience of foreign countries’ anonymization system,our country should take the essence and take the processing process of personal information as guidance,so as to control the re-identification risk in the reasonable threshold range.Part five reshapes the legal standard of anonymous information in our country.First,we should get rid of the traditional definition model of anonymous information highly dependent on the concept of personal information,the characteristics of anonymous information determines that it contains re-identification risk,the definition of anonymous information should not be based on the absolute established standards.The second is to use the concept of scene for data classification and classification protection and data risk assessment.Third,on the basis of learning from foreign experience,establish operational legal standards for anonymity,and keep the operating bottom line of anonymity.Fourth,establish anonymised governance mechanism based on risk prevention and control,strengthen the identification,prevention and treatment of anonymised risks at each stage,and shift from result-oriented to risk control.Fifth,according to the current legislative situation of our country,we can improve the supporting system to regulate the re-identification risk of the anonymous information,so as to form the closed loop of the risk regulation,and provide escort for the anonymous system to play the real effect.