A Comparative Study Of European And Chinese Personal Information Protection Systems Under The Third-party Payment Model

Personal information is the basic resource of electronic services in the era of big data.Although the system of personal information protection is not the special product of this era,but facing the impact of professional development,in the process of adjusting to the relevant era development lots of shortcoming were revealed.As a typical business operation mode in the era of big data,the third party payment mode has sprouted to maturity in a very short period of time.However,because this mode of operation involves a large number of personal information of users,it is difficult for the relatively backward personal information protection system to achieve a higher level of information security.After the examination of foreign legal systems,it can be found that the provisions of personal information protection system under the third party payment mode of the European Union are quite pertinent.In this connection,the comparative legal study can be of great benefit in the understanding of the trends of the personal information system development,thus,the formulation of the relevant suggestions for the corresponding Chinese legal regulations.In addition to the introduction and conclusion,this thesis consists of six parts.The first two parts are the basic rules and general protection regulations of personal information protection under the third party payment mode.From the third part,the order of thesis is made according to the flow of personal information circulation under the third party payment mode,with detailed explanation as an example of the part of sensitive payment information system,where the differences between the European and the Chinese laws are compared,then the shortcomings of Chinese regulation are taken into consideration and corresponding suggestions for improvement are proposed.In the first part,there is a need to understand the differences between the legislative concepts and types of "third party payment services" and "personal information" on the macro level and the specific meaning of "third party payment services" and "personal information" in this paper.Because the European Union legislation is more comprehensive,this paper is based on the concept of "third party payment services" and "personal information" in the European Union legislation.In the second part,according to the concept of the classification of personal information protection of the European Union laws,in the specific context of the third party payment,the definition of the sensitive information in the European Union and the Chinese legislation are compared,and general rules of the sensitive information protection are distinguished from the detailed personal information protection regulations.In the third part,through studying of users' information verification system,it can be found that the European Union legislation establishes a unified personal electronic information file system with "the regulatory technical standards of open communication" as the central part,which lays a solid foundation for the complete system of personal information security.The third party payment providers do not undertake the obligation of collecting and storing identity information,which reduces the risk of information leakage.The Chinese system of verification is based on the users' real name system.In terms of data storage,the degree of computerization is limited,and the storing organization is too scattered,which makes the efficiency of the related system limited.The solution is to establish a unified personal electronic information archive system in a certain region at least.Fourth,in terms of users' payment authentication system,the European Union Payment Service Directive of 2015 requires all European banks and third party payment service providers to enforce online payment users' identity authentication procedures,the so-called strict users'identity authentication procedure.In contrast,Chinese users payment authentication system,in general,has a large number of compliance risks arising during detailed authentication process because of the lack of clear legal basis,except for the explicit provisions for electronic signatures.Fifth,in terms of risk management of payment service,the European Union has issued the Guidelines on Security Measures for Operational and Security Risks,which makes the risk management system of the third party payment service more operable and helps to improve the safety awareness of the third party payment organizations.At the same time,China should pay attention to the comprehensive supervision of the third party payment services,and at the same time should guide the third party payment platforms through the publication of guidelines to fulfill the compliance obligation and to overcome actively service risks.Sixth,in terms of major incident reporting system,the European Union also issued guidelines,namely,the Guidelines on Major Incidents Reporting.According to the guidelines,the third party payment providers need to submit preliminary reports,intermediate reports and final reports in special cases according to specific procedures.Although the third party payment service providers have certain reporting obligations under the Chinese law,there is a lack of clear classification and procedural regulations on the major accident reporting system,and the lack of regulations for the system of users' notification.This is also an important aspect to improve the supervision of the third party payment services.