Research On Legal Issues Of Financial Institutions Handling Personal Financial Information

In recent years,the development of financial digitization has subverted the traditional mode of personal financial information protection.In the past,financial institutions were only responsible for the security of users’ personal financial information,but now,they also have the practical need to make full use of such information to realize commercial value.Furthermore,the single regulation on information processing behavior of financial institutions in the past should be changed into multiple adjustment at present,so that personal financial information can be fully protected and fully utilized under the legal framework.According to the basic theory of expression of will,our Civil Code constructs the "informed consent" rule.On this basis,the standard of public law in the Personal Information Protection Law optimizes the rule,and makes up for the deficiency of the standard of pure private law to a certain extent.Regulations in the financial sector also clarify this rule.Therefore,this rule is the core rule in the field of personal financial information protection.It has the important function of clarifying the informing obligation of financial institutions and the right to know and decide of users,so as to effectively balance the protection and use of information.Therefore,adjusting the information processing behavior of financial institutions should be carried out based on the principle of the rule.In practice,the problem of illegal and unreasonable information processing behavior of financial institutions is essentially that the boundary between financial institutions’ obligation to inform and users’ right to know and decide is not clear.These problems mainly focus on the two scenarios of information collection and information sharing.In the collection scenario,financial institutions often collect users’ sensitive personal financial information without individual consent,and the notification obligation of financial institutions becomes formalized.In the sharing scenario,the subject,content and method of information disclosure obligation are not clear in the open bank scenario,while the authorization and consent mechanism is too strict in the financial holding company scenario.However,due to the particularity of personal financial information which is different from general personal information and the particularity of the processing scene of personal financial information,the general application of the "informed consent" rule cannot properly solve the above problems.Therefore,it is necessary to apply the "Contextual Integrity Theory" in practice to adjust and apply the rule,so as to specifically adjust and clarify the boundary between the informing obligation of financial institutions and the right to know and decide of users in different scenarios.In this regard,the specific measures to solve the problem include:strengthening the individual notification obligation of financial institutions in the collection scenario,adopting personalized collection methods and establishing the third-party institution review mechanism;In the sharing scenario,clarify the subject and content of information disclosure obligations in the open bank scenario,improve the way of information disclosure in the open bank scenario,change the authorization and consent mechanism in the financial holding company scenario,and improve the supporting measures in the financial holding company scenario sharing.