| 摘要: |
| 我国现行立法规定了自然人有请求信息处理者删除个人信息的权利,但这并不等于承认数据生命周期的最后环节是“删除”,因为“删除权”是“信息处理的合法性与必要性基础丧失”的必然结果,而“数据销毁”才是“数据归于消灭”的处理流程末端。数据销毁义务的理论基础在于信息保密方式的扩张,即从维持信息保密状态转向维持数据安全风险的可控性。在数据安全风险评估过程中,倘若义务主体无法保障暂时不使用的重要数据和个人信息处于安全状态,则应当采取适当的数据销毁范式降低数据泄露或非法复原的安全风险。在未来立法活动中,我国应当明确数据销毁义务的义务主体、销毁方式和销毁范围等具体制度内容,完成数据安全立法的“最后闭环”。 |
| 关键词: 数据销毁义务 删除权 保密方式 数据安全 风险评估 风险控制 |
| DOI: |
| 分类号: |
| 基金项目:国家广播电视总局部级社会科学研究项目“广电行业法治和治理体系建设研究”(项目编号: GDT2120)及中国科学技术协会2021年“高端科技创新智库项目——智能算法在社会治理中的挑战、机遇与发展对策研究”(项目编号: 2021ZZZLFZB1207065) |
|
| From Confidentiality to Security: Theoretical Logic and Institutional Construction of Duty of Data Destruction |
|
Zhao Jingwu
|
|
|
| Abstract: |
| China’s current legislation stipulates that a natural person has the right to request information processors to delete personal information, but this does not mean that the last link of the data life cycle is “deletion”, because “the right to delete” is the inevitable result of “the loss of the legitimacy and necessity foundation of information processing”, and “data destruction” is the end of the processing process of “data elimination”. The theoretical basis of data destruction obligation lies in the expansion of information confidentiality, that is, from maintaining information confidentiality to maintaining the controllability of data security risk. In the process of data security risk assessment, if the obligatory subject cannot ensure that the important data and personal information not used temporarily are in a safe state, an appropriate data destruction paradigm should be adopted to reduce the security risk of data disclosure or illegal recovery. In future legislative activities, China should clarify the specific system contents such as the obligation subject, destruction mode and destruction scope, and complete the “final closed loop” of data security legislation. |
| Key words: Duty of Data Destruction, The Right to Delete, Confidentiality Methods, Data Security Risk Assessment, Risk Management |
