被遗忘权之反思与建构

信息时代，与信息主体息息相关的大量信息长时间留存于网络，给个人信息的保护带来     

大数据时代的个人信息“被遗忘权”——评冈萨雷斯诉谷歌案

欧洲法院在近期的一项裁决中确认了网络信息领域的'被遗忘权',引发各国对于隐私权和表达自由之间的价值取舍、搜索引擎公司的地位和责任以及'被遗忘权'是否构成新型贸易壁垒等一系列问题的关注和思考。欧洲法院在该裁决中确认了搜索引擎的活动属于《欧盟数据保护指令》调整范围中的数据处理,设立于境外的谷歌公司及其在西班牙境内设立的分支...     

大数据时代下被遗忘权研究

在大数据时代背景下,个人数据的存储、获取和利用不再受时间和空间的限制,极为便捷和廉价。大数据时代下个人数据逐渐显现出无法被遗忘的特点,个人数据一旦被公开便很难消除,这对个人数据的保护提出了新挑战。在个人数据的保护变得越来越困难的背景下,欧盟率先提出了被遗忘权,使得数据主体有权要求数据控制者隐藏、删除对己不利的过往数据,使其不影响现在的学习、生活和工作,给人们一个重新开始的机会和可能。文章认为被遗忘权体现了重新开始的精神,是大数据时代公民追求人格尊严与自由的法律保障。     

被遗忘权立法的美国模式及其立法启示——以加州被遗忘权立法为研究背景

“被遗忘权”是大数据时代个人信息删除制度的立法新发展。美国并不赞同欧盟模式的被遗忘权。加利福尼亚州立足美国法制传统构建了一个体现美国利益需求的被遗忘权。加州立法从维护个人发展权意义上建构未成年人的被遗忘权,以数据最小化原则为基础,建构适用于消费者与企业之间数据处理的被遗忘权,赋予个人删除本人发布的个人信息的权利,同时规定了一系列删除信息的例外,较好地协调了被遗忘权与言论自由和信息经济发展的矛盾。加州立法已成为美国个人信息保护立法的典范。未来,美国可能以加州模式为模板构建媲美欧盟被遗忘权的个人信息删除制度。加州对被遗忘权制度的取舍对我国《个人信息保护法》第47条的理解与适用具有启示意义。     

被遗忘权的中国本土化及法律适用

欧盟法院通过对"谷歌诉冈萨雷斯被遗忘权案"的判决,正式确立了被遗忘权的概念。作为适用于网络信息领域保护个人信息的一项权利,被遗忘权为大数据时代个人信息的保护提供了法律途径。我国作为世界上网络用户最多的国家,应当借鉴欧美法的经验,将被遗忘权本土化,使之成为我国公民人格权的组成部分。被遗忘权是信息主体对已经发布在网络上,有关自身的不恰当的、过时的、继续保留会导致其社会评价降低的信息,请求信息控制者予以删除的权利。该权利的性质属于个人信息权,在当前对该权利的侵害可通过《侵权责任法》关于隐私权和侵权责任一般条款的规定予以救济。     

司法视域下“被遗忘权”的逻辑推演与论证建构——以我国首例“被遗忘权”案的分析为切入点

以我国首例被遗忘权案的分析为切入点,将被遗忘权置于司法的内部证成与外部证成的二阶结构中来进行阐述,不失为一条在司法视域下探讨被遗忘权的有益进路。在内部证成结构内,通过对首例被遗忘权案判决的逻辑梳理与检视,可发现其中概念与结构的逻辑缺陷,厘清被遗忘权案的逻辑推演。在外部证成结构内,判决应进行利益正当性法律保护必要性权衡被遗忘权与其免责事由三方面的论证建构。其中,利益正当性应作应然与实然的分析;法律保护必要性可通过公共利益矫正正义常识等后果主义论辩来证成;被遗忘权与其免责事由可通过重力公式来权衡。两级证成最终为被遗忘权案件的判决提供既具有规范性同时又保有可辩驳性的论证框架。     

Backups and the right to be forgotten in the GDPR: An uneasy relationship

The recent enforcement of the GDPR has put extra burdens to data controllers operating within the EU. Beyond other challenges, the exercise of the Right to be Forgotten by individuals who request erasure of their personal information has also become a thorny issue when applied to backups and archives. In this paper, we discuss the GDPR forgetting requirements in respect with their impact on the backup and archiving procedures stipulated by the modern security standards. We specifically examine the implications of erasure requests on current IT backup systems and we highlight a number of envisaged organizational, business and technical challenges pertained to the widely known backup standards, data retention policies, backup mediums, search services, and ERP systems.     

Humans forget,machines remember: Artificial intelligence and the Right to Be Forgotten

This article examines the problem of AI memory and the Right to Be Forgotten. First, this article analyzes the legal background behind the Right to Be Forgotten, in order to understand its potential applicability to AI, including a discussion on the antagonism between the values of privacy and transparency under current E.U. privacy law. Next, the authors explore whether the Right to Be Forgotten is practicable or beneficial in an AI/machine learning context, in order to understand whether and how the law should address the Right to Be Forgotten in a post-AI world. The authors discuss the technical problems faced when adhering to strict interpretation of data deletion requirements under the Right to Be Forgotten, ultimately concluding that it may be impossible to fulfill the legal aims of the Right to Be Forgotten in artificial intelligence environments. Finally, this article addresses the core issue at the heart of the AI and Right to Be Forgotten problem: the unfortunate dearth of interdisciplinary scholarship supporting privacy law and regulation.     

The Singapore Personal Data Protection Act and an assessment of future trends in data privacy reform

In the first part of this paper, I will present and explain the Singapore Personal Data Protection Act (“PDPA”) in the context of legislative developments in the Asian region and against the well-established international baseline privacy standards. In the course of the above evaluation, reference will be made to the national laws and policy on data privacy prior to the enactment of the PDPA as well as current social and market practices in relation to personal data. In the second part of this paper, I will decipher and assess the future trends in data privacy reform and the future development of the privacy regime in Singapore and beyond. In the course of this analysis, international standards, technological trends and recent legal developments in other jurisdictions will be considered.     

The EU Proposal for a General Data Protection Regulation and the roots of the ‘right to be forgotten’

The EU Proposal for a General Data Protection Regulation has caused a wide debate between lawyers and legal scholars and many opinions have been voiced on the issue of the right to be forgotten. In order to analyse the relevance of the new rule provided by Article 17 of the Proposal, this paper considers the original idea of the right to be forgotten, pre-existing in both European and U.S. legal frameworks. This article focuses on the new provisions of Article 17 of the EU Proposal for a General Data Protection Regulation and evaluates its effects on court decisions. The author assumes that the new provisions do not seem to represent a revolutionary change to the existing rules with regard to the right granted to the individual, but instead have an impact on the extension of the protection of the information disseminated on-line.     

论人肉搜索的合法界限

狭义的人内搜索指通过网络上现有资料将人肉搜索对象的资料乃至个人和家人的隐私暴露出来.其结果可能附带引发对当事人的骚扰甚至侮辱和伤害,侵犯当事人的隐私权、名誉权甚至身体健康权.合法的人肉搜索要区分个人隐私权和公众知情权的界限、言论自由和公众评论正当性的界限.普通公民和公职人员的个人隐私与私人行为应该受到保护,网民对国家公职人员的违法、违纪现象进行披露则应属于公众行使知情权的行为.在人内搜索中,如果搜索者在主观臆断的基础上对被搜索对象的信息进行复制、改变和传播,可能会侵害当事人的隐私权、名誉权甚至健康权,不属于行使言论自由;如果因此造成当事人的损失,言论者和网站管理者都应承担相应的法律责任.     

Libel: Its Purpose and Reform

Discussion of libel often fails to define defamation law's purpose and thus properly to assess its value. This article argues that defamation's purpose relates to fundamental human interests in sociality, directly linked to important aspects of human health and well‐being. Protecting such interests is arguably required by the right to private life under ECHR article 8 and should not count as a violation of the right to freedom of speech. Some current reform proposals are criticised as failing to appreciate the importance of protecting sociality. ‘Business’ libel, however, often protects not sociality but purely economic interests. The article therefore argues that the protection of libel law, as opposed to that offered by malicious falsehood and the economic torts, should be withdrawn from purely economic reputation, starting with removing the rights of corporations to sue in defamation, a position compatible with the ECtHR's decision in Karako v Hungary.     

保护作品完整权的侵权判断标准

保护作品完整权的侵权判断标准分为有违作品的思想和有损作者的声誉两种。我国著作权法移植作者权体系的二元论模式,但司法实践突破立法引入了版权体系的声誉标准,争议的实质是如何平衡作者和作品利用方的利益。伯尔尼公约就两大法系的差异没有实质性作为,但在原则性的框架下提供有限度的保护已经成为比较法上的共识。建议否弃声誉标准,确立作品思想标准加合理限度内的改动作为侵权例外的模式。通过作品符号的结构化解析划分核心表达要素和非核心表达要素,作品的思想可以简化为对核心表达要素及其相互关系的判断,为侵权判定提供参考。     

The ‘right to be forgotten’ or the ‘principle that has been remembered’

The Court of Justice of the European Union (CJEU) has ruled on questions referred by a Spanish court relating to interpretation of the Data Protection Directive and its application to search engine activities. In a controversial judgment, the CJEU found that search engines are data controllers in respect of their search results; that European data protection law applies to their processing of the data of EU citizens, even where they process the relevant data outside the EU; and that a ‘right to be forgotten’ online applies to outdated and irrelevant data in search results unless there is a public interest in the data remaining available and even where the search results link to lawfully published content.     

论网络时代隐私权及其法律保护

随着网络规模的爆炸性扩张,计算机网络技术已经改变了人们传统的生存和生活方式,这也使得个人隐私权的保护受到前所未有的严峻挑战。个人数据被非法收集、储存、使用和传播的现象层出不穷,网络隐私权受到多方面的侵犯。我们应综合考虑目前的立法状况和网络时代侵犯隐私权的特征,借鉴他国的先进经验并结合我国具体国情,以国家立法与行业自律相结合的方式,全面保护公民的网络隐私权。     

Privacy and the regulation of 2012

This paper explores the European Commission’s proposal for a new Regulation to update and reform data protection law in Europe. As regards the Regulation itself, without presenting an exhaustive analysis of all the provisions, this paper aims to highlight some significant changes proposed to the data protection regime by comparison between Directive 95/46 and the proposed Regulation. It takes particularly into account legislative innovation concerning data protection principles, data subjects’ rights, data controllers and data processors obligations, and the regulation of technologies. Before analyzing these innovations, it introduces some considerations about the Commission’s choice to use a Regulation instead of a Directive to harmonize national data protection regime.