Research On Data Rights And Obligations Of Data Controllers

Personal data is valued because the technology and industry related to big data are constantly developing,personal data is becoming a new resource,at the same time,it has caused a series of data leakage and personal privacy violations.In this context,the position of data controller in the whole data industry is very important.On the one hand,it collects and uses personal data,on the other hand,it provides products and services to users,but the content and boundary of its rights and obligations are not unified,which has caused theoretical and practical disputes.Designing the rights and obligations of data controllers is the key factor to realize data security and the smooth development of data industry.In this paper,the concept of data controller is defined,the problems of data rights and obligations in theory and practice are analyzed,the basis and content of data rights and obligations of data controllers are clarified,and the current situation of personal data protection is combined with the current situation of personal data protection.The content of this paper is divided into five parts,the specific content and structure are as follows:The first chapter introduces the concept of data controller and data source,and determines the scope of data controller,and clarifies the difference and connection with related concepts.The data controller originated in Europe,its data source is personal data,the main body includes natural person,legal person and non-legal person organization,administrative organ and so on,but the discussion of data controller in this paper does not include administrative organ.In the legal context of our country,the term "network operator" and "information controller" are used for data controllers.But the scope of data controller and network operator is different from the legal benefits protected.Data controller and information controller are only different terms due to the understanding of "data" and "information ",and there is no essential difference between them.The second chapter puts forward the data rights and obligations of data controllers.Data controllers in the area of rights face: differences in the attributes of rights,excessive collection of personal data,and rational use of personal data;while the problems in the area of obligations mainly inform the existence of defects in the obligation of consent,the lack of legislation in the obligation of security management,and the non-operability of the obligation to report and inform.This chapter combs the above problems.The third chapter discusses the basis and content of data rights of data controllers.This chapter first introduces the data rights basis of the data controller,which mainly includes four aspects: one is to comply with the requirements of informing consent,the other is to comply with the requirements of social public welfare purposes,the third is to comply with the requirements of public data,and the fourth is specific contractual relations.Secondly,the data rights of data controllers are clarified: one is the right to collect data,the other is the right to use data,and the third is the right to flow data.The fourth chapter discusses the basis and concrete contents of data obligations of data controllers.This chapter first introduces the data obligation basis of the data controller,which mainly includes three aspects: one is to protect personal data,the other is to limit the data controller,and the third is to comply with the principle provisions.Then it makes clear the data obligation that the data controller should undertake,mainly includes four aspects: one is to ensure the quality of personal data,the other is to ensure the security of personal data,the third is to ensure the implementation of the rights of data subjects,and the fourth is the obligation to report personal data security events.The fifth chapter responds to the questions studied.The data rights and obligations of data controllers should be legislated and the specific content of data rights and obligations should be clarified in the legislation,while considering encouraging industry self-regulation and introducing industry review mechanisms.