论文部分内容阅读
《网络安全法》首次从法律层面对数据处理行为进行了明确规定,包括数据处理的主体、个人信息范围、数据收集和使用规则、数据处理规则及数据跨境流动等法律制度。《网络安全法》的“大数据条款”为数据交易和数据流通的大数据产业提供了发展空间,但个人信息范围仍很广泛,个人信息界定缺乏明晰的标准,数据处理的匿名化处理标准仍有待明确,个人信息泄露毁损丢失的“双告知”制度会不合理增加运营成本,甚或引发用户恐慌,个人信息删除更正权存在容易被滥用的风险,跨境数据流动中的重要数据范围界定仍有待明确。建议采取“合理识别”原则确定个人数据范围,遵循“合理匿名化”标准进行数据匿名化处理,实施分级分类管理,制定跨境数据流动配套规则等,进一步完善数据处理法律规制的后续配套制度。
For the first time, the Cyber Security Law clearly stipulates data handling practices from the legal perspective, including the main body of data processing, the scope of personal information, data collection and usage rules, data processing rules and the legal system of cross-border flow of data. The Big Data Clause of the Cyber Security Law provides room for growth in the big data industry where data is traded and data is circulated. However, the scope of personal information is still wide, and the definition of personal information lacks clear standards and the anonymization of data processing Standards still to be clarified, personal information disclosure damages the lost “dual notification ” system will unreasonably increase operating costs, or even lead to user panic, delete personal information right to abuse there is the risk of abuse, cross-border data flow important data The scope is still to be defined. It is suggested to adopt the principle of “reasonable identification” to determine the scope of personal data, conduct data anonymization according to the standard of “reasonable anonymization”, implement classification and classification management, formulate supporting rules for cross-border data flow, and further improve data processing laws and regulations Follow-up system.