摘要
个人信息保护法体系建构的基础是国家在宪法上所负有的保护义务,该义务对应着"个人信息受保护权",而不是"个人信息权"。将个人信息作为私权客体的权利保护模式,在规范逻辑、制度功能等方面存在局限;应以"个人信息受保护权—国家保护义务"框架建构个人信息的权力保护模式。在数字时代,个人信息国家保护义务意味着国家不仅应履行尊重私人生活、避免干预个人安宁的消极义务,还应通过积极保护,支援个人对抗个人信息处理中尊严减损的风险。基于控制"数据权力"这一侵害风险源的需要,国家一方面应避免过度侵入个人信息领域;另一方面应通过制度性保障、组织与程序保障以及侵害防止义务的体系化,营造个人信息保护的制度生态。
The foundation of personal data protection law is the state’s constitutional duty of protection, which corresponds to the right to protection of personal data, not the so-called right of personal data. The civil right-based approach that treats personal data as the object of private rights is flawed both logically and institutionally. Therefore, we should adopt the framework that centers on the state’s duty to protect and the right to protection of personal data to establish the legal model of personal data protection. In the digital era, the state’s duty to protect personal data means that the state shall not only perform such negative duties as respecting private life and refraining from interfering with personal tranquility, but also shall actively support individuals to mitigate the risks of personal dignity being undermined in personal data processing. Based on the needs of controlling data power as the source of such risks, the state shall on the one hand avoid excessive interference with personal data and on the other hand foster a conducive institutional environment to protect personal data through a system of institutional guarantee, organizational and procedural guarantee and prevention of harms.
出处
《中国法学》
CSSCI
北大核心
2021年第1期145-166,共22页
China Legal Science
