Research On The Legal Protection Path Of Personal Information In The Age Of Big Data

In the era of big data,the value of personal information is comparable to that of “oil and gold”,which contains enormous economic and social value and becomes the core asset of enterprise competition.The collection,analysis,storage and sharing of personal information has become the norm.While bringing convenience to the management of public authorities,huge profits to private institutions and high efficiency and convenience to people's life,the problems of personal property and personal safety caused by excessive collection,illegal abuse and mass leakage of personal information are also increasing protruding.The issue of personal information protection has become a hot issue and a difficult problem to be solved in all walks of life at home and abroad.The first part of the text introduces the definition of personal information.The definition of identification is no longer an essential requirement for the definition of personal information in the era of big data.Lots of unidentifiable information can be identified and compared,and specific individuals can still be identified.Therefore,the definition of personal information is divided into an identification path and an associated path.At the same time,it analyzes the personality attribute,property attribute,sociality and publicity of personal information,and analyzes the existing privacy theory,property rights theory and specific personality right theory of personal information,and considers that because of the social and public nature of personal information,an individual does not have absolute exclusive control over his or her information.Personal information is a legal benefit with multiple attributes.The second part analyzes the current situation and shortcomings of personal information protection in China,and points out the challenges faced by the traditional notice-and-consent model,such as the long and obscure privacy policy,which brings heavy burden to users and enterprises.Users can either agree or quit without the right to choose freely.Users are unaware of the secondary use of personal information and so on.In addition,anonymous information also faces the challenge of being re-identified.In view of the above challenges,this paper reflects on the traditional personal information protection mode.The traditional personal information protection mode takes personal control as the core and is built in the era when personal information is limited and controllable.However,in the era of big data,information is separated from the control of information subject,and the actual receivers,such as enterprises and governments,take the actual control.The essence of personal information protection is legal protection,which is not realized by simply relying on empowerment,but should be regulated on personal information processing behavior.The third part first introduces the industry self-regulation model of the United States and the scenario and risk concept of the consumer privacy bill of rights(draft).Meanwhile,the federal trade commission is responsible for the supervision of personal information.Secondly,it introduces the unified legislative mode of the European Union and the various codes of conduct of data controllers and data processors in the general data protection regulations,and sets up the unified personal information supervision institution and the data protection officer in the enterprise.This paper makes a comparative analysis and summarizes the enlightenment to the personal information protection mode in China.The fourth part of the text firstly improved the notice-and-consent model,and then proposed the risk management path of personal information protection,shifting the focus of attention from the collection stage to the use stage,enumerating the reasonable use scenarios,and introducing the privacy risk assessment mechanism.In a specific scenario,the personal information processing behavior may be assessed for the risk caused by the information subject,and different measures are taken for the assessed risk level to reduce the risk.Anonymous information should also be risk assessed,privacy design should be implemented,and user accountability should be established.At the same time,it is recommended to integrate the authority of other departments on the basis of the State Internet information office,and form a unified regulatory body.Also,a personal information protection officer is established within the company.Finally,improve the industry self-discipline mechanism.Establish industry self-discipline organizations,formulate sound industry self-discipline conventions,and build personal information security certification systems.