Research On The International Legal Protection Of Personal Information

In the information age,the development of Internet technologies such as big data and cloud computing has given personal information more economic value.The protection and utilization of personal information has thus become a new "rules of the game" for the operation and completion of companies in the information age.The most important feature of personal information is the ability to identify specific individual.In the current era when personal information is stored,collected,and used in large quantities,the personal information in the sense of international law is information that could identify a specific individual,either alone or in combination with other information.At present,there are already some international rules protecting personal information.These rules regulates the principles of personal information protection,the rights of data subject,the obligation of controller and processor,and the duty of government entities,and the rules provide a wide protection of personal information.Because of the difference of collecting and using personal information in different regions,the international legal rules for the protection of personal information present regional characteristics.Among them,the EU General Data Protection Regulations("GDPR")and APEC Cross-Border Privacy Rules System(CBPR)sets a complete system of personal information protection,so this paper takes GDPR and CBPR as examples to study the international legal rules for personal information protection.Although the existing international legal rules for the protection of personal information have provided protection for personal information in many aspects,there is still room for improvement.For example,the basic principles of personal information protection are not clear enough,the provisions of the consent principle are vague;the provisions of data subject rights are not perfect;the localization of information affects the cross-border flow of information,and the lack of special protection for personal sensitive information in the process of cross-border information flow.This paper summarizes the basic principles of international legal protection of personal information,and sorts out,compares and evaluates the principles of personal information protection in GDPR and CBPR.In terms of the consent principle,organizations such as industry associations may be introduced to quantify the specific criteria for consent,and to avoid the consent of the data subject as the data controller's exemption clause.In terms of the rights enjoyed by data subjects,although the international legal rules are regulated,they can still be improved at the level of coordination and convergence of specific rights.In terms of the obligations of data controllers and data processors,international legal rules provide for substantive and procedural obligations.At the level of international cooperation in personal information protection,the European Union and American Privacy Shield Agreement guarantees the flow of data between the EU and the United States and provides a good example for international cooperation in personal information protection.In addition,GDPR and CBPR are actively cooperating in the approval of companies for cross-border data flows.In the context of the current information localization storage hinders the cross-border flow of information,the signing of bilateral and multilateral personal information protection agreements can not only effectively protect the security of personal information in the process of cross-border flow,but also promote the development of the digital economy.In the process of cross-border flow of personal information,special protection of personal sensitive information should also be carried out to establish more perfect international legal rules for the protection of personal information.