中国个人信息保护法下的企业责任浅析
An Analysis of Corporate Responsibility under China's Personal Information Protection Law
수난(동아대학교); 황선영(동아대학교)
43호, 205~240쪽
초록
随着网络经济的发展,个人信息保护已成为公众最关心的利益问题之一。作为个人信息保护领域的基本法≪中华人民共和国个人信息保护法≫(以下简称≪个人信息保护法≫)于 2021 年 11 月 1 日正式施行。这表明中国个人信息安全将面临进一步的规范,个人信息的保护提高到一个新的层级。≪个人信息保护法≫明确了“个人信息”的定义:即“个人信息是以电子或者其他方式记录的与已识别或者可识别的自然人有关的各种信息,不包括匿名化处理后的信息”。 数字经济时代,数据信息蕴含巨大经济利益的想象空间,是数据信息作为重要生产要素的一个显著特点。追求经济利益的各类企业,会积极收集、处理、利用个人信息为自己创造巨大价值。这种利益驱动反映在现实生活中,就是一些企业、机构,从商业利益等出发,随意收集、违法获取、过度使用、非法买卖个人信息,利用个人信息侵扰民众生活安宁、危害民众生命健康和财产安全。≪个人信息保护法≫全面规定了作为个人信息处理者企业的义务及责任,并提出明确的合规要求。明确了任何企业都应该完善个人信息保护合规工作,结合法律规定的合规红线,审视自身个人信息处理相关的业务,积极应对个人信息保护合规。有必要从个人信息处理启动之前端规范企业日常的个人信息处理活动,施加更严格的法律义务来预防企业的信息处理活动。制定企业内部管理制度和操作规则,关注相关的法律法规,承担好履行好相关责任,以规避相关的风险。 ≪个人信息保护法≫对企业等在个人信息处理活动中合规法律义务的设定,反映了中国社会治理方式的逐步完善,也凸现企业合规建设日渐完备及速度加快的趋势。从全球视野来看,此举不仅顺应了全球企业强化合规的趋势,并且也为未来企业发展指明了方向。
Abstract
With the development of the network economy, personal information protection has become one of the most concerned interests of the public. As the basic law in the field of personal information protection, the Personal Information Protection Law of the People's Republic of China (hereinafter referred to as the Personal Information Protection Law) came into force on November 1, 2021. This shows that China's personal information security will face further regulation, and the protection of personal information will be raised to a new level. The Personal Information Protection Law clarifies the definition of “personal information”: that is, “personal information is all kinds of information related to identified or identifiable natural persons recorded electronically or otherwise, excluding anonymized information.” In the era of digital economy, data information contains the imagination space of huge economic benefits, which is a significant feature of data information as an important factor of production. All kinds of enterprises that pursue economic interests have a strong internal drive to collect, process and use all kinds of personal information. This kind of interest drive is reflected in real life, that is, some enterprises and institutions, starting from commercial interests, collect, illegally obtain, overuse, illegally trade and trade personal information at will, and use personal information to disturb people's life and endanger people's life, health and property safety. The Personal Information Protection Law fully stipulates the obligations and responsibilities of enterprises as personal information processors, and puts forward clear compliance requirements. It is clear that any enterprise should improve the compliance of personal information protection, combine the red line of compliance stipulated by law, examine its own business related to personal information processing, and actively respond to personal information protection compliance. It is necessary to standardize the daily personal information processing activities of enterprises from the front end of personal information processing, and impose stricter legal obligations to prevent enterprise information processing activities. Formulate the internal management system and operating rules of the enterprise, pay attention to relevant laws and regulations, and assume relevant responsibilities to avoid relevant risks. The Personal Information Protection Law sets the legal obligations of enterprises and others to comply with personal information processing activities, which reflects the gradual improvement of China's social governance methods, and also highlights the trend of increasingly complete and accelerating enterprise compliance construction. From a global perspective, this move not only conforms to the trend of global enterprises to strengthen compliance, but also points out the direction for the future development of enterprises.
- 발행기관:
- 법학연구소
- 분류:
- 국제거래법