| Personal information crime is on the rise,the subjects mostly involve platforms and units,the criminal methods show the characteristics of low-cost,industrial chain-based and intelligent,and the criminal results have the characteristics of wide scope and high dispersibility.What’s worse,there are several institutional flaws of criminal legislation in protecting personal information,such as lacking of normative interpretation of the criminal constituent elements,the disconnected relationship between administrative and criminal legislation,and the strength of protection in practice could not cater to the institutional requirements.The governance of personal information crimes is confronted with practical difficulties.For example,the large amount of infringed personal information and technical identification problems,judicial determination disputes of the attribution of criminal subjects and criminal liability investigation,and industry self-discipline does not match the information security needs.The main reasons are technical barriers and anonymity of the network environment,the limitations of a single criminal governance subject in the crime governance model,the lack of crime prevention concepts,the ambiguity of the identification standards for unit crimes,and the lack of criminal law evaluation of the unit management system.Therefore,empowering network service providers and other relevant owners with data compliance obligations and strengthening the criminal significance of such obligations is of great value to break this dilemma.Data compliance obligations should include privacy policies,compliance information processing processes,and the establishment of data compliance officers,and at the same time,a crime governance model that prioritizes value selection,strengthens crime prevention,and realizes pluralism and co-governance,the service provider plays the role of guarantor,and delineates the scope of responsibility for oversight and management negligence accurately. |