论公共摄像监视——以隐私权为中心

目前，在公共空间实施摄像监视已日益普遍。如何看待公共空间中摄像头“注视”之下的个人隐私权并予以相应保护，我国现有的立法尚未予以足够关注，司法上亦采取较为保守的态度。事实上，个人身处公共空间，亦有其隐私利益存在。因为隐私并不仅仅是他人头脑中关于人们自身信息的某种缺失，而更多的是，人们对于自身信息的控制。摄像头长时间地有计划地有目的地注视，不同于路人偶然无意识的一瞥，它将使人们因此而丧失对自身信息的选择暴露权和控制权，从而导致个人在公共空间的某些隐私利益的丧失。鉴于此，我们认为有必要从立法上和司法上规范公共摄像监视行为，捍卫人们在公共空间中的必要的隐私利益，维护人们在公共空间中的个性正义。     

公共空间运用大规模监控的法理逻辑及限度——基于个人信息有序共享之视角

为应对现代化进程中的社会风险,安抚公众对风险的恐慌情绪,公共空间大规模监控随之诞生,并迅速在现实社会和网络空间中全面运用。公共治理不能取安全保障而舍隐私保护,公共空间大规模监控的运用并非以牺牲隐私权为代价,而是在保障安全法益的同时兼顾隐私法益的保护。在此"既保障安全,又保护隐私"的法理念下,公共空间大规模监控的运用体现了风险治理从个人本位走向社会本位的转变趋势,并促进了个人信息保护从自主支配到有序共享的逻辑转换。为寻求安全保障与隐私保护之间的平衡路径,在公共空间合理运用大规模监控措施,就必须加强信息收集、存储、使用的阶段性控制,建立个人信息合理使用制度,实现个人信息的有序共享。     

The evolution of computer/privacy concerns: Access to government information held in the balance∗

Computers are a mainstay of most record systems at virtually all levels of government. The vast accumulation of personal information by governments has raised concerns about the erosion of personal privacy caused by the speed and efficiency of computers. For more than 30 years, realistic and sometimes exaggerated concerns about the proper role of computers in society have driven the public policy debate, resulting in a raft of legislation designed to protect the privacy of individuals about whom government keeps records.

But these computer /privacy concerns threaten legitimate public and media access to government records. The dangers to access were underscored by the Supreme Court in a holding that publicly available records regained privacy interests when drawn together in a centralized government computer. In other words, the form in which records were kept rather than their content could control access.

This article suggests that understanding the origin and context of the computer /privacy conflict will better prepare access proponents to deal with attempts to curtail legitimate access to government information because of privacy concerns.     

网络隐私法律保护简论

隐私一般是指与公共利益、群体利益无关的、当事人不愿让他人知道或他人不便知道的个人信息,而个人数据是所有用来标识个人基本情况的数据。文章针对互联网技术的发展为个人数据处理带来的隐私权问题,在分析西方国家保护模式、梳理我国隐私权保护现状基础上,提出了在我国加强网络空间的隐私权保护的必要性和紧迫性。     

美国信息隐私立法透析

美国法以隐私权作为个人信息保护的权利基础,在公领域,实行分散立法模式;在私领域,美国选择了行业自律模式,在全球个人信息保护立法中产生了巨大的影响。美国制定信息隐私保护政策和法律的基本思路是力求在信息流通和隐私保护之间寻求平衡。信息隐私权是美国信息隐私法上的一个核心概念,它是随着社会对个人信息的保护而产生的,指个人针对其信息所享有决定权、支配权和控制权。     

Pondering personal privacy: a pragmatic approach to the Fourth Amendment protection of privacy in the information age

As technology with surveillance capacities has advanced, the debate over the rights of the citizenry to be free from governmental breaches of personal privacy has intensified. Within the United States, government actions legally challenged as intrusions into personal privacy have been analyzed under the Fourth Amendment, but Supreme Court rulings in such cases lack a clear and consistent rationale. Additionally, while more than a dozen federal privacy statutes have been enacted, each piece of legislation pertains to a specific type of information (e.g. driver’s license information, education records, and financial records). There is no overarching federal legislation which protects the individual’s private affairs from warrantless government inspection. A key issue underlying the scope of the debate and the variation in court decisions and public policies pertinent to invasions of privacy by government agencies is the lack of a clear and cogent definition of ‘privacy.’ By means of a review of the evolution of legal protections of privacy under the Fourth Amendment and a review of the evolution of technology with surveillance applications, it is suggested that there is a need for a sound operational definition of privacy. As a starting point for an informed and pragmatic dialogue on this matter, an operational definition of privacy built upon extant case and statutory law is provided.     

Privacy,National Security,and Internet Economy: An Explanation of China's Personal Information Protection Legislation

With the development of the internet and the increasing role played by information technology in the economy, personal information protection has become one of the most significant legal and public policy problems. Since 2013, China has accelerated its legislation efforts towards protecting personal information. The Cybersecurity Law of the People’s Republic of China took effect on June 1, 2017. Legal scholars focus on the nature of personal information, discuss the necessity of enacting specific laws on protecting personal information, and attempt to propose relevant draft laws regarding personal information protection. Personal information protection, however, is not only a legal issue but also a political one. We need to look at the decision-making process about legislation on personal information protection in China. Why has China sped up its legislation on personal information protection since 2013? Is privacy, civil rights, or legal interest the main reason behind the legislation? Only after placing personal information protection legislation in a broader context, can we have a better understanding of the underlying logic and dynamics of personal information protection in China, and can perceive the potential content and possible future of these legislation. This paper argues that Internet industry development, the social consequences of personal information infringement, and national security are the main drivers of China’s personal information protection legislation.     

基因隐私权的民法保护

以传统隐私权保护为基点的现行立法与司法,无法完成现代隐私权,特别是个人信息隐私权所强调和要求的保护架构.在权利配置上,无法实现对传统隐私权按照个人信息处理程序的不同阶段进行权利增设与重置.在保护机制上,无法通过司法能动主义建立个人信息隐私权,特别是基因隐私权所要求的公共监督框架.因此,在后基因组时代,应当坚持以个人信息法作为个人信息(包括基因信息)保护的基本制度框架,在个人信息法的范围内,对作为高度敏感个人信息的基因信息予以特别处理.     

大数据背景下个人生物识别信息安全的法律规制

个人生物识别信息具有个人数据的唯一性、程序识别性、可复制性、损害的不可逆性及信息的关联性等特征。在大数据背景下,个人生物识别信息的广泛应用会带来严重的生物信息安全风险,其滥用可造成隐私权、平等权和财产权等权益受到侵犯,需要立法进行全方位规制。我国目前个人生物信息的相关立法存在总体位阶较低且内容分散、保护范围狭窄、权利义务边界不清、法律责任不明晰等缺陷,应当采取渐进式专门立法的思路,完善现有相关部门法关于个人生物信息的规制内容,构建层次分明、内外协调的个人生物识别信息安全保护的法律体系。     

自媒体时代隐私权的法律回应理路

自媒体时代的隐私游走于公共空间与私人空间之间，自媒体技术的发展挑战了传统隐私权的保护规则。基于隐私权所具有的人格尊严与个人自由的法理底蕴，反观自媒体易于侵犯隐私权的社会现实，必须通过立法划定隐私权边界，通过司法裁判隐私权纠纷，通过成立专门机构监管侵犯隐私权行为。通过自媒体技术自身的完善规范来预防侵犯隐私权行为。     

捍卫权利模式——个人信息保护中的公共性与权利

个人信息权和个人信息受保护权是两种相对立的模式,学界通常认为个人信息权赋予个人排他性的支配权,这与个人信息的公共性相矛盾。个人信息的公共性并不必然反对权利模式。一种广义的公共性包含着个人信息所负载的公共利益,个人信息的公开化也是网络时代个人和商业交往的必要前提,但这并不意味着要否定个人信息保护的权利模式。公共利益具有多样性,正是某些公共利益支持了权利。权利所蕴涵的主张权确保了人的尊严和自由,这也是个人信息保护法的立法宗旨;个人信息受保护权做不到这一点,它不具有义务指向性。但在立法模式上,个人信息保护法要以义务性规范或禁止性规范为主,这是由网络空间个人信息的性质决定的。     

论个人信息保护限制的立法范式与体系逻辑——以应对突发疫情事件为例

对个人信息保护进行适当限制是平衡个人权益与公共利益的必然选择。基于特定的紧急背景在公法中设定个人信息保护限制,虽有助于集中力量驱逐疫情,但往往忽视对作为私权客体性的个人信息对象考察,容易侵犯个人信息法益。当前我国民法典对个人信息保护的限制规定虽符合疫情防控下个人信息保护限制的紧急需求,但缺失对权利限制的一般条款以及合理实施的进一步解释,亟待更精细的规范进行界定。这表明应对重大疫情防控时,我国立法在个人信息保护的合理限制问题时出现了制度缺位。原因在于,无论是公法还是私法都无法独自处理好疫情防控下的个人信息保护限制问题。公、私法二元性质个人信息保护立法框架契合数据治理理论的内在属性,也是风险社会中公私法协力的必然要求。重大疫情背景并不决定个人信息保护限制的二元范式,这是由个人信息的属性本身所决定的。公法和私法分别规定个人信息保护限制规则均具有部分正当性来源,但从法律的实现效果以及比较立法趋势来看,将个人信息保护限制置于一部公私复合的个人信息保护法之中更符合时代发展。文章最后在该立法范式引导下,反思了当前个人信息保护限制立法体系逻辑,并提出了个人信息保护限制立法完善的建议。     

Data protection in Malaysia and Hong Kong: One step forward,two steps back?

Continuing rapid developments in information communication technology has led to an ever increasing amount of personal information being collected, processed, stored and used, without the individual even knowing about it. For countries which have domestic legislation relating to privacy and data protection, it has afforded the opportunity for a review. For others, it has opened up the opportunity to legislate. The aim of the paper is three-fold. First, the paper aims to deal with data protection regime in Malaysia and in Hong Kong by examining the salient features of the newly enacted Malaysia's Personal Data Protection Act 2010 and the recent recommendations for legislative reform to the Personal Data (Privacy) Ordinance in Hong Kong. Second, it considers whether the laws are more concerned with legitimising data protection practices of organizations and businesses rather than the protection of individuals' privacy interests. Finally, the paper briefly considers whether the laws adequately address the impact to individuals' data privacy brought about by technological advancements before providing a conclusion.     

民法典框架下个人数据财产法益的体系构建

从欧盟个人数据保护相关立法的变迁可以发现,个人数据从隐私权保护的传统模式开始出现向财产权保护模式过渡的迹象。这并不意味着数据产业界的新机会,而是调节数据主体与数据控制者之间日益失衡关系的新尝试。财产权保护模式有着隐私权保护模式无可比拟的优势,却也存在权利定性和范围界定上的困难。与非个人数据更为鲜明的财产属性不同,个人数据上的民事权益应该构建为一个以数据主体的财产利益为基础、以数据控制者对个人数据的占有利益为核心的财产法益体系。数据控制者及其义务作为个人数据财产法益体系的中心,才能在保护数据主体和发挥数据效用之间保持平衡。     

个人健康医疗信息和隐私权保护

Personal health care and medical treatment information are both personal information which can be used as a sign to identify each individual. Such information shall be under the control of the owner. The comprehensiveness of personal health care and medical treatment information makes it more valuable than the simplex personal information. The controlling right of personal health care and medical treatment information is irretrievable once deprived. The rights of controlling, managing and using regarding personal health care and medical treatment information can be separated appropriately. The right of privacy is an independent personality right. For the protection of public interests, the right of personal privacy shall be appropriately limited. Meanwhile, the government shall be responsible for the protection of personal health care and medical treatment information. Tang Xiaotian is a professor and supervisor in charge of the development and planning division of Shanghai University of Political Science and Law, and deputy General Secretary-in-chief of the Society of Law of Shanghai, whose main studies is focused on victim science, criminal law and criminology. Till now, he has 8 monographs and over 90 articles published in academic journals.     

Systematic construction of lawfulness of processing employees’ personal information under China's personal information protection law

With the rapid development and widespread use of digital technologies in the workplace in China, employers’ right to monitor and direct employees has often been abused, raising a number of disputes over the infringement of employees’ right to privacy in terms of their personal information. China must urgently develop an appropriate approach to balancing these two conflicting interests. However, there is currently no coherent and uniform regime governing the protection of employees’ personal information in China. The primary legal source on which employers can rely is the latest version of the Chinese Personal Information Protection Law (PIPL), which offers three lawful bases for employers’ processing of their employees’ personal information. These bases are employee consent; “necessity for the conclusion or performance of an employment contract”; and “necessity for conducting human resource management.” Concerns have been expressed regarding the reasonableness and effectiveness of the three lawful bases under the PIPL. First, it is both legally and practically problematic for the PIPL to rely so heavily on employee consent. Second, it is unclear whether the other two lawful bases relieve employers of the duty of notification and, if so, how to safeguard employees’ right to know. Third, the ambiguous standard of “necessity” requires clarification.This article argues that China should adopt many elements from EU law, while US law should be only followed in relation to the standard of “necessity”. In relation to employee consent, the EU approach is preferable to the US approach. As the EU approach does not generally regard employees’ consent as a lawful basis for the processing of their information and uses the other two lawful bases as alternatives to employee consent, this approach better reflects the customary practices of employee subordination and employer control in China. In contrast, US law deems employee consent to be an absolute general defense to the tort of privacy violation and adopts an employer favoritism approach to balancing these two conflicting interests, which is not appropriate in the Chinese context. In relation to the scope of necessity, three tests taken from the EU and US approaches should be considered by the Chinese courts. In addition, when processing personal information based on the other two lawful bases, employers should safeguard employees’ right to know through collective contracts concluded with labor unions or employee representatives under the Chinese Labor Contract Law, which would effectively address employers’ arbitrariness. Ultimately, these changes would produce a better balance between employees’ right to privacy in terms of their personal information and employers’ need to subordinate and control employees.     

论网络隐私权的立法保护

在日新月异的高科技发展过程中,弘扬人的主体性,保障人格尊严、生活自由、个人权利之不可侵犯,是民法学与时俱进的使命。网络信息技术的飞速发展和广泛应用,在带给人们方便、快捷的生活方式和巨大商业利益的同时,也给人们隐私权的保护带来了新的挑战。实践中网上侵权事件,尤其是侵害网络隐私权的事件频繁发生,使得网络隐私权的立法保护成为理论和实践中的一个热点问题。本文通过研究以美国和欧盟为代表的两大立法模式以及目前我国在网络隐私权方面的立法状况,对构建我国网络隐私权立法保护体系提出了一些对策和建议。     

Privacy law as price control

The median Internet user is concerned about digital advertisers collecting personal information. To address these fears, the European Union passed the Privacy Directive to regulate the common business practice of information collection. This paper investigates the potential effects of this regulation, finding that the law is likely to generate several unintended consequences. Economists and legal scholars acknowledge that personal data serves as the “price” for accessing many digital platforms. I extend this logic to argue that if a regulation enables consumers to stop supplying this information, while continuing to consume the site’s content, it is equivalent to a price control. Next, I discuss unintended consequences that this price control may generate: tie-in sales, investment flight, and altered exchange characteristics. Lastly, I conclude that, just as with traditional price controls, the privacy price control may be a way for government officials to enhance their popularity with the citizenry. In short, my analysis suggests that one of the most well-researched policy interests of economics—the theory of price controls—can shed light on one of economists’ newest interests: digital privacy.     

Protecting health information privacy in research: what's an ethics committee like yours doing in a job like this?

The Commonwealth and State legislation designed to protect the privacy of personal health information has attracted the criticism that the constraints imposed on the use of the information in research obstructs that research. A central and common feature of the legislation is the reliance upon the review by human research ethics committees of research that proposes to use personal health information for research without prior consent from those whose information it is. The origins of this reliance are explored and explained and it is suggested that this has proved to be an inappropriate policy choice. The extension of the reliance is then described and the conceptual, procedural, workload and structural consequences of requiring these voluntary committees to conform to legislative standards of review of issues of the public interest are critically examined. In recent reviews of the Commonwealth legislation, there is recognition of the underlying uncertainty as to the appropriate balance between protection of personal privacy and the promotion of beneficial research. In the further exploration of these matters that those reviews recommended, a close and critical examination of the wisdom of continuing to rely on ethics committees is needed.     

公共卫生突发事件中个人信息权的保护:以新型冠状病毒肺炎疫情为背景

在公共卫生突发事件应对中追踪检测、收集及分析大量的个人健康信息和流动信息是出于社会大多数公众的生命安全之考虑,是实现公共管理手段的体现,可以达到对传染疾病的有效防治目的.但个人信息收集主体不规范的行为可能会导致个人信息泄露之可能,造成相关当事人的利益受损,如何平衡个人信息采集与公共利益保护依旧悬而未决.以公共卫生突发事件中的个人信息利用为全新视角,对个人信息保护制度进行研究,对于破解个人信息保护面临的实践难题具有重要的现实意义.本文分析了突发公共卫生事件下个人信息保护的法律依据,结合我国突发公共卫生事件下个人信息保护豁免的域外实践,指出我国突发公共卫生事件下个人信息保护存在一些困境,如在突发公共卫生事件中,个人信息的保护缺乏专门的立法和事后具体的利用规则.未来我国在突发公共卫生事件中,应加快个人信息保护的专门立法,同时应确立合法性原则、目的限定原则、最小范围原则及保密性原则为内容的公共卫生突发事件个人信息处理原则来进一步规范信息控制主体的行为.