Research On Legislative Guarantee Of Big Data Security

In recent years,data resources have increasingly become a key element that penetrates the arteries of economic development,which has also made the penetration of big data in various fields of society more and more deep,and has become a strategic asset of vital importance in Chinas economic development.By digging and utilizing big data,the decision-making level in various fields can be greatly improved,and then technological innovation in each field can be promoted.At the same time,the application of big data technology has also caused a large amount of data to be used by criminals,which also poses a huge threat to the rights of data subjects and seriously threatens the countrys data sovereignty.Although the large-scale effect of the big data industry has become increasingly prominent,the disorderly state of its barbaric growth has always been invisible because there is no unified and clear law regulating it.Especially in terms of data collection,many companies ignore the laws and regulations and only know that "it is what I need",and ignore the protection of data related to national security,trade secrets,and citizen privacy,so as to give the health of the big data industry Development lays deadly hidden dangers.In addition,big data security risks also appear in the aspects of big data storage,analysis,and application.These different types of security risks highlight the importance and urgency of data governance and the legalization of data governance.The legalization of data governance is a very important proposition.This proposition has two key words,one is the structure of data governance,the other is the rule of law.The structure of data governance includes data collection,processing,analysis and final application,that is to say,the relationship between different subjects in the whole data cycle.The legalization of data governance,that is,how to set the rights and obligations of data governance subjects and how to arrange the system of their relationship mode to meet the requirements of the rule of law.Therefore,it is necessary to conduct risk type analysis and legislative suggestions from the perspective of big data internal process.To ensure the safety of big data and realize the legalization of data governance,first of all,we should speed up the legislation of big data security,strictly regulate the collection,storage,analysis and use of big data,and implement the responsibility of security subject in each link of data life cycle.To ensure the safety of big data,we need to speed up the construction of laws and regulations,formulate relevant systems for data resource rights confirmation,collection,storage,analysis and application,and improve the data property protection system.In terms of specific legislative suggestions,we should make clear the legal responsibilities and obligations of big data managers and operators,formulate operational implementation rules,guide the government departments and various industries to effectively carry out the security protection of big data assets,standardize the security measures in all aspects of the life cycle of management data,and regulate the confirmation,collection,storage,analysis and application of data To avoid data leakage,data resource abuse and damage to national interests.Only by constantly improving the legislative protection of big data security in the era of big data,can we fundamentally guarantee personal,enterprise and national data security,and provide reliable guarantee for the efficient use of big data technology.Therefore,it is necessary to study the legislation of data security in the era of big data.Based on this,this paper takes data governance as the problem consciousness,and always focuses on big data security and its legal protection.First,it analyzes the basic theories related to big data,and clarifies the right attribute of big data.Big data is not only personal data rights(both personality rights and property rights),but also enterprise property and the embodiment of national sovereignty.Then,based on the existing research results of big data security,starting from the core business form of big data,this paper analyzes the security risks in the internal process of big data from the following aspects: data collection,data preprocessing,data storage,data processing and analysis,data display / data visualization,data application,and analyzes the occurrence of big data security risks Diameter and law.Thirdly,combing the most representative big data legislation at home and abroad,analyzing and drawing on the advanced legislative concepts and legislative technology,finally,facing the Chinese context to explore the legal path suitable for Chinas data security.The body of this article is divided into five chapters,and each chapter is summarized as follows:Logical starting point of research on big data security legislation guarantee: concept theory and right attribute.Conceptualism and right attribute are the legal logic starting point of big data governance.The research on security risk analysis and governance of big data must be based on the concept theory and right attribute,on which we can distinguish how the rights of different data subjects are infringed in different fields,and lay a theoretical analysis foundation for data governance.The first part analyzes the basic concepts,functions,values,and types of big data.The new concept of "big data" not only refers to large-scale data objects,but also includes the processing and application activities of these data objects.It is a unity of data objects,technologies and applications.Big data objects may be actual,limited data collections,such as databases held by a government department or enterprise,or virtual,unlimited data collections,such as all information on Weibo,WeChat,and social networks.Big data has a connection function,big data connects everything;feedback function,big data feedback things;reveal function,big data reveals relevance and brings value.The natural value of big data lies in openness and sharing.The innovation of the real big data business model is the second innovation based on the openness and sharing of data.This can really stimulate the productivity of big data.From the perspective of the data generating subject,currently applicable big data can be roughly classified into three categories: administrative record data,business record data,and Internet(including search engine)data.According to the data content belonging to a certain type of subject,it can be further divided into three categories: personal data,corporate data,and government data.This articles research on the confirmation of the power of big data and legislation mainly focuses on three aspects: personal data,de-informatized processed personal data(more attributable to corporate data),and government data.The second part is the legal analysis of big data empowerment.Big data empowerment is to clarify the data ownership of big data,that is,the nature,content and rights of big data rights.There are four different doctrines of data rights in the academic circles,which are the new personality right theory,the new intellectual property right theory,the trade secret right theory,and the data property right theory.This article believes that,as far as personal data is concerned,the author believes that it should be data information under the users autonomous control and a right that can be appropriately disseminated,so that it includes both the right to moral interest and certain property rights.The right to personal data is a new type of right that has both personality and property rights.As far as de-identified big data(enterprise big data)is concerned,the property attributes of data should be recognized.For data operators,in the context of data assetization,based on the needs of data management and interest-driven mechanisms,data management should be configured separately Rights and data asset rights.Chapter 2 Research on big data security and its risk type.The first part is an analysis of the security risks of the big data core business format.The core format of big data mainly includes the collection,storage,processing,analysis and application of big data.(1)Security risk analysis of big data collection.Big data collection is the first link in the data life cycle.Big data data collection is based on the determination of user goals and is aimed at all structured,semi-structured,and unstructured data in the range.This process will bring about a series of data collection security and privacy issues.These issues include: the integrity of the data collection,the privacy of the data collection,and the accuracy of the data collection.(2)Security risk analysis of big data storage.In big data storage,the biggest security risk is data leakage.From the analysis of the ways of data leakage,there are three main types of data leakage: stealing,leaking and losing secrets.(3)Big data pre-processing and analysis security risk analysis.The security risks in big data analysis include: privacy loopholes and awkwardness,anonymization may become impossible,shielding data may leak personal information,and unethical behavior based on interpretation.Big data analysis is not 100% accurate.Discrimination involves Of individuals have little(if any)legal protection,and big data may exist forever,and the discovery of electronic evidence makes patents and copyright irrelevant.(4)Security risk analysis of big data applications.First,there are a large number of "data islands".Second,there is insufficient data on professional talent reserves.In addition,the problem of big data security and privacy protection is also one of the main factors hindering the development of big data applications for peoples livelihood.The second part is the analysis of the security risks of big data transactions.Judging from the core elements of three types of transactions: supervision,rules,and markets,the main problems facing the current development of big data transactions include: the lack of regulatory standards for data transaction supervision,the definition of data ownership is not clear,and the theory of transaction rules needs to be innovated."Extensive",data positioning platform is unclear,transaction technology chain is not perfect,data quality is difficult to be effectively guaranteed,various data subjects lack the concept of sharing,government data classification is unclear,and the black market floods lead to privacy leakage.The third part is the analysis of security risks in the field of big data applications.The needs of big data security in the Internet industry,telecommunications industry,financial industry,medical industry,government organizations and other fields are analyzed.The status quo of security in the field of big data applications is mainly manifested in the high pressure of mobile data security,the networked society makes big data vulnerable to attacks,user privacy protection becomes a problem,the secure storage of massive data,and the trust and security of big data.There are three main forms of destruction and abuse of data resources: First,the blackmail virus forms a black industrial chain,and manufacturing becomes the hardest hit area for data blackmail.Second,without authorization,large enterprises illegally collect and abuse user data for profit.Third,large-scale data leakage has become the new normal,and data leakage incidents in important industries have gradually increased.Therefore,secure big data is the real big data,and more stringent and sound data protection laws should be formulated.The third chapter studies the status of big data security legislation at home and abroad.This chapter mainly studies the big data legislation at home and abroad,and absorbs and draws on advanced foreign legislation technology and legislative concepts to improve Chinas big data security legislation.The first part introduces and analyzes US big data legislation.In terms of big data legislation,the United States adopts a decentralized legislative model,which focuses on two points: preventing big data from causing unfairness to the rights of certain groups,and preventing violations of personal information privacy.The trends and characteristics of big data legislation in the United States in recent years are: to maintain the continuity of the original policy,to reflect the trend of application outside the domestic jurisdiction,and to further strengthen consumer privacy protection.The second part introduces and analyzes the EUs representative data legislation: the General Data Protection Regulation(GDPR).Compared with the previous big data laws,the revision of the GDPR is mainly reflected in the following aspects: Jurisdiction standards have shifted from geographical / national division to data content division,paying more attention to the protection of data subject rights,and setting strict obligations on data controllers and processors.Reform data protection institutions,promote the unification and efficiency of the EU data circulation market,and set huge penalties.The third part introduces and analyzes the new UK Data Protection Act 2018.The law establishes a UK data protection framework to promote the effective implementation of GDPR in the UK,and makes certain provisions derogation under the GDPR framework.At the same time,ensure that the United Kingdom is consistent with the European Union in the protection of personal data after Brexit to promote data flow between the United Kingdom and EU countries.The main contents of the new bill include: protecting individuals,protecting organizations,strengthening the power of regulators,and establishing judicial data processing mechanisms.The fourth part sorts out the big data legislation list of other countries in the world.The GDPR is now the worlds most powerful data protection mechanism,and many countries want to make it the "gold standard" for other jurisdictions.This section mainly sorts out big data legislation in Australia,Brazil,France,Germany,India,Japan,Russia,Sweden,Canada,and South Korea.The proliferation of data protection laws around the world proves the importance of data protection on the global agenda.improve.The last part analyzes the current status of Chinas big data legislation.First of all,we reviewed the existing big data legislation in China,and then analyzed the governance status of big data regulations,rules,and policies.In addition,the "Data Security Management Measures" were reviewed and analyzed.Finally,a theoretical review of the existing big data legislation in China was conducted to analyze the existing problems of the existing big data legislation.Protection,but on the whole,Chinas big data protection legislation has many problems in terms of application scope,operability,and specific content.Chinas big data legislation lags behind practice and urgently requires a national level big data security protection law.Chapter 4 The legislative principles of big data security.In the process of big data security legislation,we must first point out the direction of big data legislation from the aspects of legislative purpose,legislative philosophy and legislative principles.This chapter mainly studies the legislative principles of big data security assurance,so as to provide guidance for the concept and principles of the formulation of specific rules for big data in the future.It also highlights the core ideas of big data legislation.The first part analyzes the purpose and philosophy of big data security legislation.The purpose of big data security legislation is to protect personal data rights and corporate property rights,safeguard national data sovereignty,and achieve comprehensive protection of big data security.The legislative idea is the guide for the design of the legal system and the basis for establishing the legislative purpose and purpose.Big data legislation should adhere to the legislative concept of adhering to the public welfare,the basic concept of algorithmic justice,the legislative concept of both data security and data circulation,and the legislative concept of data sovereignty protection.Regarding the legislative model guided by the concept of legislation,this article considers that China adopts a unified legislative model supplemented by a decentralized legislative model.From the perspective of Chinas traditional and practical conditions,it adopts a unified legislative model to suit Chinas national conditions and supplements it.The second part discusses the basic principles of big data security legislation in China.First of all,it sorted out the changes of the basic principles of big data protection in foreign countries,and then analyzed the evolution of the basic principles of big data protection in China.Compared with the development of basic principles of big data protection in Europe and the United States,the theoretical construction of the basic principles of big data protection in China is actually It has experienced the germination stage from 2000 to 2010 and the development stage from 2010 to the present.Based on this,the theoretical construction of the basic principles of big data protection in China is realized.The basic principles of big data security legislation should include: data disclosure and freedom principles,eight principles that data controllers should follow(security principles,fairness,legality,transparency,purpose limitation,data minimization,keeping data accurate and up-to-date,storage time should not be Exceeding the time required,taking into account the rights of the people,integrity and confidentiality,and the emphasis on the collection and use of personal data(transparency,control of data subjects,strict penalties).Chapter 5: Legislative Guarantee of Big Data Security.This chapter puts forward suggestions for the big data security and the healthy development of big data in China from the perspective of legislation,ensuring that every aspect of big data has legislative specifications,and ensuring the safety of all aspects of big data.The first part is the legislative suggestions on the various aspects of big data and the rights of data subjects.1.Regarding data controllers as a big data core business format legislation proposal: Legislation should clearly define "consent",which means any free,specific,informed,and clear expression of the wishes of the data subject,either through a statement or clear Affirmative action,the subject expressed consent to process personal data related to him or her;big data collection systems must be compliant;big data processing should be reasonable and legal;data analysis should ensure fairness of algorithms;data sharing must be compliant;exemption legislative recommendations;Obligation to notify after data breach.2.Legislative recommendations on data transaction security.Big data transactions are not raw data but desensitized data.Big data transaction contract rules should be standardized,the rights and obligations of both parties to the transaction should be improved,and the definition of contract breach should be clear.Suggestions for the breakthrough path to promote the development of big data transactions in China: accelerate the establishment of standard legislation and optimize the data transaction environment;speed up the process of data opening up and form positive interactions with data transactions;gradually promote the principle of "classified" transactions and try out "one class one policy";innovation Trading methods,exploring the "pan-transaction" model;improving rules and grasping supervision.3.Rights of the data subject.Legislation should grant people the rights as consumers,citizens,etc.,so that people can exercise a series of specific data subject rights under specific conditions.These rights include the right to know,access,correction,deletion,restriction of processing,Right to data portability and objection.The second part analyzes that big data security needs to open government data.The vitality of data lies in sharing and flowing.The biggest value of government data openness to big data security lies in reducing or even eliminating the existence of data "black market".Data circulation and sharing make data "black market" no longer inundate,and can also reduce or even eliminate the problem of data leakage from the front.In addition,the norms of national legislation can maximize the free flow of data,eliminate the hidden dangers of data leakage,eliminate the "black market" of data,and effectively guarantee the safety of big data.Data opening is a continuation of open government affairs and government information.With the development of information technology,the government has opened up the governments governing activities to the public to a greater e xtent.The value of government data openness is that data openness is conducive to changing traditional administrative models and improving government governance capabilities;data openness is conducive to transforming economic development methods and stimulating market vitality;data openness has brought convenience to social life.To open government data,we should accelerate the development of comprehensive government data opening laws and regulations,build a unified and standardized government data open platform across the country,deepen understanding in multiple dimensions,strengthen top-level design and collaborative advancement,and build an open government data framework with Chinese style.Establish a data governance mindset.