Research On Information Security Obligation Of Internet Service Providers

In the era of big data,the development of data-driven economy endows traditional information security with new connotation,which challenges the adaptability of current legal system.With the support of data processing technology,network service providers are the holders of data dividends in a data-driven economy.Against the background of strict data compliance requirements and increasing awareness of users’ personal information rights and interests,it is possible to make it assume corresponding obligation in information security protection.This thesis uses the methods of legal hermeneutics,literature research and comparative research,and combines the characteristics of big data era to expand the connotation of network service provider and information security obligation,the introduction of risk control theory,the saving of social cost and the theory of trust benefit protection provide the legal basis for the network service provider to undertake the obligation of information security.This thesis proposes to consider the value of safeguarding cyberspace security and protecting individual rights and interests in the process of constructing the information security obligation system.The current legislative situation of information security obligations is that the content of the existing obligations and the provisions on the assumption of responsibilities are scattered in a number of laws,departmental regulations and other normative documents,it can be divided into three categories: information system security,information content security and information self-security.There are some problems,such as unclear classification standard of obligation subject,unclear boundary of obligation,responsibility bearing way to be detailed and so on.On the basis of introducing the obligations of data operators in the European Union and the obligations of future review in German law,and combining the experience of relevant extraterritorial legislation and the needs of our country’s practice,we should make the criteria clearly for defining and classifying network service providers,according to the principle of legality and the principle of rationality,the obligation of personal information security in the obligation of information security is detailed,following the principle of balance of interests and the principle of proportion,demarcating the boundary of the information security obligation of the network service provider.On the responsibility bearing,it is necessary to specify the civil liability for violating the obligation of information security,to clarify the standards for the fulfillment of the information security obligations of network service providers,and to add a mechanism for the exemption of administrative liability when the obligations can not be fulfilled,and insist on the modesty and restraint of the application of criminal liability.On the basis of the current legislation,a complete information security obligation system for internet service providers should be constructed step by step.