Liability For Damages Of The Entrusted Party In The Processing Of Personal Information

Under the background of the information society,the economic value of personal information is constantly being tapped,and the division of labor in information processing is also constantly being refined.With the participation of multiple parties in the process of processing personal information,the difficulty of proving personal information infringement has increased significantly.Noting the dilemma of protecting the rights of personal information subjects,the legislator made a special structure for the processor’s liability for damages in Article 69 of the PIPL that is different from the general tort liability,but neglected to provide the same liability for the entrusted party in the context of entrusted processing.Scholars put forward the theory of the integration of processor and trustee and the analogous application of the theory of common danger liability,in an attempt to alleviate the problem of personal information subject rights protection,but the dilemma of rights protection caused by the poor ability of personal information subject and information processing subject and the participation of multiple parties in the processing has not been well resolved.In practice,some courts have adopted methods to protect personal information by lowering the standard of proof,but the lack of relevant legal basis is not a long-term solution.In view of the above problems,this article first distinguishes the subject at two levels,supplemented by the definition guidance of the entrusted party,so as to achieve the precise positioning of the subject of damage liability in this article.On the basis of analyzing the determinism of processing purposes and methods that is now universally applicable,combined with the exploration of functional differentiation paths at home and abroad,this paper proposes a functional differentiation path of processing purpose and mode determinism,supplemented by official guidelines and judicial cases.Then,the confusing aspects of the coprocessor,the regulator,the employee of the processor and the trustee are distinguished,and finally the distinction between the two levels is summarized and the definition guide of the trustee is given.Secondly,from the perspective of value pursuit,construction benchmark and direction,three considerations for the construction of damage liability are pointed out.First,on the basis of the identification of the interests of the information subject,the processor and the entrusted party,the protection of personal information is the mainstay,and the balance of interests supplemented by information circulation is the value pursuit;Second,through the substantive analysis of the three-party relationship in the entrusted processing of information,and based on the reality that personal data subjects lack the conditions for distinguishing between processors and entrusted parties,the responsibility construction benchmark for the isomorphism of external responsibilities between processors and entrusted parties is proposed;Third,in view of the obvious weak position of the entrusted party compared with the information company and the general tendency in comparative law,the general direction of tilting the protection of personal information is proposed.Finally,starting from the four elements of tort liability,the specific construction of the entrusted party’s liability for damages is carried out.Analyze the possible infringement of the entrusted party by using the obligation clauses such as "shall" and "should" in legal documents;According to the characteristics of the risk of damage and the long-term occurrence of entrusted handling of infringement,the necessity of recognition of non-material damage is emphasized.As far as causation is concerned,adjust the standard of proof for conditional relationships to reasonable certainty to reduce the difficulty of proof for Personal Data Subjects;In determining the principle of attribution,this paper argues that it should be isomorphic with the presumption of fault liability of the processor;Regarding the unclear causal chain caused by the participation of multiple parties in information processing,the author demonstrates the suitability of joint and several liability without real participation;Finally,a three-step determination method of "loss of information subject-benefit of the entrusted party-statutory compensation" is proposed for determining the amount of damages.