Research On The Legal Regulation Of De-identification Of Personal Information

Identification is the core factor of personal information.Therefore,in the era of big data,it is a key measure of personal information protection to make use of information after the de-identification process,that is,the de-identification of personal information.De-identification,and said to identity,anonymous,to identify,is a kind of by removing identifiable factors to cut off the link between information and information subject of personal information processing technology,it is in the middle of the personal information collection and utilization of the processing stages,is based on personal information identification technology to deal with its privacy and property attribute phase separation in order to realize the personal information protection and information data analysis,the interests balance between use and value-added process.It is not only a crucial link in the protection mechanism of personal information to reduce the risk of personal information infringement,but also an indispensable information protection and processing measure to realize the sublimation of personal information value,promote its circulation and use.At present,China's personal information to identify the has a certain theoretical basis and practical basis,theoretical boundary have cognitive schema theory,information theory,information privacy right to self-determination theory,theory of rational expectation theory support,also in the field of network information in practical use and large data trading areas and government information collection management got certain use,and after will be to identify the personal information can enter into business practices gradually formed in the field of information utilization.However,at present,the legal regulation of personal information de-identification in China is still in the exploration stage.There are many deficiencies in the legal regulation,such as scattered legal norms,maladjustment,limited effectiveness,incomplete standard system,and ineffective administrative supervision.The legal regulation of personal information de-identification first needs to clarify the concept and mode choice of legal regulation.First,the concept of legal regulation,on the one hand,should remain consistent with the personal information protection regulation concept,personality interests protection as priority status,on this basis,through the personal information protection coordination with the concept of data protection mode to protect personal information subject and information control,Arthur and the conflicts between the social public,realize personality interests protection and the freedom of information equity;On the other hand,we should adopt the idea of encouraging regulation first and binding regulation second.Furthermore,it is the choice of legal regulation mode.It is advisable to adopt a multi-level and multi-aspect mixed regulation mode with clear division of labor and mutual coordination and cooperation among three regulatory subjects,namely,administrative agencies,industry organizations and personal information controllers represented by enterprises,under the legal norms of personal information.The legal regulation of personal information de-identification focuses on the specific design of legal regulation mode.First of all,the premise of adopting the mixed regulation mode is to perfect the legal norms of personal information identification.First,as far as the principle is concerned,the de-identification of personal information as a means of personal information processing is guided by the principles of informed consent,appropriate limitation of purpose,data minimization,etc.Meanwhile,the two special principles of prohibition of re-identification and risk control should be followed.Secondly,as far as the legal standard is concerned,the classification of personal information should be made clear first,and the recognizability and sensitivity of personal information should be taken as the standard to define the identifiers and quasi-identifiers.On this basis,a reasonable standard is adopted for de-identification.Thirdly,as far as the legal obligations of the personal information controllers and users are concerned,they include the obligation of de-identification,the obligation of risk prevention and control and the obligation of prohibition of re-identification.Thirdly,comprehensive legal regulation is made from three aspects: administrative regulation,industry self-discipline and enterprise self-care.In terms of administrative regulation,firstly,the unified personal information management institution should be clearly defined as the supervision institution.Secondly,the processing and utilization of personal information should be brought into the scope of administrative licensing,and the qualification of the subject of the identification and utilization of personal information should be examined and registered.Thirdly,personal information management institutions should supervise and guide the whole process of personal information de-identification,record and review the de-identification,and finally,clarify the administrative consequences of violation of laws and regulations at the levelof administrative responsibility.At the level of industry self-regulation,it is necessary to perfect the industry self-regulation regulation and realize the effective combination of industry self-regulation regulation and personal information de-identification.Establish a privacy risk assessment system to realize the whole-process risk prevention and control;To promote the formulation of specific industry and technical standards.At the level of self-management of the personal information controller,on the one hand,the personal information security management mechanism should be established within the personal information controller;on the other hand,the personal information controller should make the commitment of de-identification and prohibition of re-identification,and bear the corresponding civil liability for the violation of commitment.The three types of regulation modes are divided and cooperated to form a multi-level,multi-aspect systematic and comprehensive mixed regulation system,and promote the effective use of personal information de-identification.