摘要: |
《个人信息保护法》旨在保护个人信息权益免受信息处理行为的侵害,而非重构个人信息处理与信息利用的法律秩序,为个人信息处理提出新规则。因此,个人信息权益是理解该法适用范围及具体规范目的的基础。在概念上,《个人信息保护法》的保护对象是电子个人信息处理行为中蕴含的典型风险所可能侵害的、传统救济手段保护不足的、事前防御手段之介入极为必要的个人信息权益,而非理论上无法成立的“个人信息权”和“个人信息自决权”,也并不局限于隐私权或人格权,更非与个人信息相关的所有权益。在具体类型上,《个人信息保护法》上的个人信息权益可分为如下三种: 一是新型隐私利益;二是信息正确和完整性利益;三是自动化决策中的新型人格发展自由利益。非以上三种利益的,不适用《个人信息保护法》,直接或者类推适用既有的《民法典》规则即可。在法律适用上,由于个人信息权益侵权属违反保护性规范型,而非绝对权侵害型,因此《个人信息保护法》众多个人信息保护规则中,只有保护目标直接对应以上三种利益的才属于保护性规范;《个人信息保护法》第四章中的个人信息主体权利,可携带权旨在打破捆绑并促进竞争,知情权、查阅权、复制权、更正补充权、删除权和解释权等在性质上类似于绝对权受侵害或侵害之虞的防御请求权,其发生条件和具体内容应在防御请求权性质框架内阐释。 |
关键词: 个人信息权益 新型隐私权 信息完整正确利益 自动化决策 |
DOI: |
分类号: |
基金项目: |
|
On the Doctrinal Development and Systematic Integration of the Tripartite Rights Theory in Personal Information Protection |
Yang Fang
|
|
Abstract: |
The Personal Information Protection Law (PIPL) aims to safeguard personal information rights and interests from infringement arising from information processing activities, rather than reconstructing the legal order governing personal information processing and utilization or establishing novel rules for such processing. Consequently, personal information rights and interests form the foundation for interpreting the scope of application and normative objectives of the PIPL. Conceptually, the PIPL protects personal information rights and interests that: (1) are threatened by typical risks inherent in electronic information processing; (2) are inadequately safeguarded by traditional remedies; and (3) necessitate ex ante preventive measures. It does not recognize the theoretically untenable “right to personal information” or a general right to informational self-determination, nor is it confined to privacy or personality rights, or all interests tangentially related to personal information. In terms of typology, the PIPL protects three categories of interests: (1) novel privacy interests; (2) interests in data accuracy and integrity; and (3) new interests in freedom of personality development within automated decision-making systems. Any interests falling outside these categories are excluded from the PIPL's application and shall be governed directly or analogously by existing Civil Code provisions. Regarding legal application, since infringements of personal information rights and interests constitute violations of protective norms rather than infringements of absolute rights, only those PIPL rules that directly safeguard the aforementioned three categories qualify as protective norms. The rights of data subjects under Chapter IV of the PIPL — including the data portability right (designed to dismantle lock-in effects and foster competition), and the rights to be informed, access, copy, correct/supplement, delete, and obtain explanations—resemble defensive claims triggered by actual or imminent infringements of absolute rights. Their triggering conditions and substantive content must therefore be interpreted within the doctrinal framework of defensive claims. |
Key words: Personal Information Rights and Interests, New-Type Privacy Rights, Interests in the Completeness and Accuracy of Information, Automated Decision-Making |