| 摘要: |
| 人工智能研发需要大规模、高质量的个人数据供给。我国人工智能治理应充分借助权利保护与风险治理双重手段,建立个人数据供给二元框架。借助有效的行权机制,个人信息权利可以自下而上地推动数据供给。以数据可携权为基础的个人数据账户制度,能够实现个人与企业之间直接的数据传输,可为人工智能训练提供高质量的个人数据资源。法秩序应借助风险治理理念,适当柔化《个人信息保护法》中的刚性规则,推动人工智能借助海量个人信息进行训练。如果在特定场景下可合理期待个人给出有效同意或同意处理目的变更,使用个人信息进行人工智能训练的行为即为合法。人工智能原则上可使用已公开个人信息进行训练,但应通过提供可机读标识的方式,便利个人在公开个人信息时同步选择是否行使拒绝权。我国未来的人工智能立法应创设科研例外条款。科研活动具有公益性且已获伦理委员会批准,研发人员也采取有效措施保障个人信息安全的,人工智能系统可以在不征得个人同意的情况下大规模处理个人信息。 |
| 关键词: 人工智能 人工智能治理 数据可携权 个人数据账户 风险治理 科研例外 |
| DOI: |
| 分类号: |
| 基金项目:国家社会科学基金重大项目“新一代生成式人工智能发展的法治问题研究”(项目批准号: 24&ZD135) |
|
| On the Personal Data Supply System in the Era of Artificial Intelligence |
|
Lin Huanmin
|
|
|
| Abstract: |
| The development of artificial intelligence (AI) requires large-scale, high-quality personal data supply. China's AI governance should fully utilize the dual approaches of rights protection and risk governance to establish a binary framework for personal data supply. Through effective rights exercise mechanisms, personal information rights can promote data supply from the bottom up. The personal data account system based on the right to data portability can achieve direct data transfer between individuals and enterprises, which helps to provide high-quality personal data resources for AI training. The legal order should appropriately soften the rigid rules in the Personal Information Protection Law by adopting risk governance concepts, thereby facilitating AI training with massive personal information. If it can be reasonably expected in specific contexts that individuals will provide valid consent or agree to changes in processing purposes, the use of personal information for AI training shall be deemed lawful. In principle, AI systems may use publicly available personal information for training, but machine-readable identifiers should be provided to facilitate individuals' simultaneous choice of whether to exercise their right to opt-out when disclosing personal information. AI legislation in China should create a research exception clause. Where scientific research activities serve public interests and have been approved by the committee of ethics, and researchers have taken effective measures to ensure personal information security, AI systems may process personal information on a large scale without obtaining individual consent. |
| Key words: Artificial Intelligence, Artificial Intelligence Regulation, Right to Data Portability, Personal Data Account, Risk Governance, Research Exception |
