| In the era of information,the rapid development of technology and updates have increased the demand for high-quality information utilization.In order to realize the sharing and flow of information,information controllers gradually realize the importance of anonymizing personal information which is regarded as technical means to balance the use of information and the protection of personal information.To a certain extent,this is rooted in the clarification of the legal status of anonymized information in the Personal Information Protection Law,which clearly stipulates that anonymized information does not belong to personal information.Thus,anonymized information naturally does not apply to the legislation related to personal information protection.In addition,it also means that the information controller has the right to share anonymized information with third parties without abiding by the article of personal information law.It can be seen that the legal provisions of anonymization have built a bridge for the efficient use of information and the protection of personal information.Unfortunately,the current legislation on personal information in our country only stipulates the principled clauses of anonymized information.This thesis will specifically explain the theoretical basis of the anonymization of personal information.This thesis holds the view that anonymizing personal information meets the practical needs of information utilization and personal information protection in the era of big data,and the use of anonymized information helps to remedy the weakness of the principle of informed consent.Besides,anonymization also conforms to the proportional principle in the processing of personal information.Therefore,when the information which has been anonymized enters the circulation field,it can promote the efficiency of information utilization and realize the maximum value of information utilization.Subsequently,This thesis will analyze the problems existing in the current legal system of anonymization of our country.In practice,legislation has not yet provided normative guidance on how to make distinction between anonymized information and personal information.Also,the legislation need to address the issues such as the specific processing procedures for anonymized information,the legal standards for anonymized information,and how to prevent the risk of re-identification of anonymized information.Finally,based on the domestic and foreign legislative experience and judicial practice of personal information anonymization,this thesis provides suggestions for improving the legislation related to personal information anonymization due to the lack of legal norms for personal information anonymization in our country.Based on dividing the concept of personal information and anonymized information,this thesis argue that the standard model of anonymization should be process-oriented and the information controllers should place emphasis on the risk management.Secondly,in view of the inherent risk of re-identification of anonymized information,a risk prevention mechanism for re-identification should be established.Specifically,re-identification risk level classification should be established to limit the sharing of anonymized information by information controllers.The legal provisions should prohibit information recipients from re-identifying anonymized information.At the same time,information processors should be required to adopt technical measures and management measures to prevent the risk of re-identification.Thirdly,a re-identification risk accountability mechanism should be established which include clarifying who bears the responsibility for re-identification,exploring the path for the procuratorate to initiate public interest litigation for the re-identification of anonymized information,and exempting information processors from responsibility by applying the safe harbor model. |
PDF Full Text Request