1.1. The Background and Significance of the Research
Driven by the rapid development of digital information technology, big data provides people with more valuable data and information by judging and analyzing people’s consumption habits, flow, and actual needs. However, it should also be noted that big data is a double-edged sword. While life is convenient, the relevant technologies are not yet mature enough, resulting in insufficient personal data storage methods, subjects and procedures in my country, which increases the risk of personal information leakage. In November 2016, based on the systematic analysis and research of more than 1 million survey questionnaires across the country, the first “China Personal Information Security and Privacy Protection Report” was publicly released. The report shows that more than 70% of the respondents believe that the problem of personal information disclosure is serious, and the copies of express orders, ID cards and other documents and mobile phones have become the main carriers of personal information disclosure; 81% of respondents have received unfamiliar calls from the other party who know their personal information such as their name, organization, and gender. In fact, the number of personal data leakage incidents is increasing, and it has also given some criminals an opportunity to take advantage of the opportunity to carry out fraudulent activities. Because his personal information was obtained illegally, the nearly 10,000 yuan of expenses that had been used to go to university were deceived, which led to Xu Yuyu’s sudden illness and unfortunate death. Since then, similar information leakage and information fraud activities have often appeared in various news media, and some criminals have even committed large-scale crimes abroad. It can be seen that in the era of big data, cases of infringement of personal information are common. Information in the era of big data Crisis has become a new type of problem that we have to face. How to effectively protect personal information under such an information crisis is not only an urgent problem of the times and society, but also a legal problem that the legal community urgently needs to solve. How to effectively protect personal data security in the era of big data is not only the need to protect the basic rights and dignity of individuals, but also the need to promote the development of the big data industry, and it is also an inevitable requirement that is consistent with international legislation .
1.2. Research Status and Problems
The research on personal information protection in China is mainly influenced and inspired by the information legislation protection of the United States, the European Union, Germany, Japan and other countries. From the perspective of the research direction of personal information protection in the theoretical circle in recent years, the academic circle’s focus has been from the beginning The introduction of foreign personal information protection legislation was later combined with China’s basic national conditions. The final research focus has gradually evolved into localized theories, protection mechanisms, legislative models, rights attributes, value foundations, etc., achieving a “macro to micro”, The transition from “concrete to abstract”. The research on the protection of personal information in civil law in my country’s legal circles mainly focuses on the relationship between personal information and the right to privacy .
After years of development, the current domestic research on personal information protection in the data age spans multiple disciplines, mainly involving law, economics, library and information science, journalism and communication, etc. The research direction is gradually refined, the research depth is gradually deepened, and the research methods are diversified, which has injected new vitality into the research of personal information protection in the future big data era. However, I have to point out that the current research still has the following more prominent problems: First, the basic theoretical research of personal information protection is relatively weak, and the forensic evidence is lacking, which leads to conceptual confusion in the research process, such as personal data, personal information, and personal information. The concepts of information privacy, personal privacy, and personal data privacy are confused with each other; the second is that the research results lack systemicity, showing the characteristics of “fragmentation” and “decentralization”, which is mainly reflected in the unreasonable distribution of research results and the structure of research content Not optimized enough. For example, from the perspective of the distribution of research results, personal information protection research led by law does not have a high degree of integration of disciplines .
2. The Basic Characteristics and Protection Status of Personal Information in the Era of Big Data
The Personality Rights of the Civil Code defines citizens’ personal information as recorded electronically or in other ways, and can be used alone or in combination with other relevant information to identify a natural person’s personal identity, mainly including personal biometric information, name, and birth. Date, ID number, phone number, etc. In the era of big data, the scale of various types of data has surged. Personal information, as one of the types of data, will inevitably appear to be abused, leaked, and infringed under the increasing demand for data scale.
2.1. Basic Characteristics of Personal Information in the Era of Big Data
In the current era of digitization and big data, the characteristics of personal information have also undergone some new changes. In summary, there are three main points:
2.1.1. Personal Information Lacks a Comprehensive Civil Law Protection System
Among the civil laws and regulations currently implemented in my country, there are relatively few laws and regulations on the protection of personal information, and the scope of regulations and regulations is relatively small, and it is difficult to achieve the purpose of effective protection of personal data. In addition, many laws on the protection of personal information are scattered and disorganized, not only failing to form a unified protection system in the civil law content of a certain department, but also failing to form an independent and complete personal data protection structure in government regulations. In this case, if personal information is illegally used or leaked, the information subject will not receive special legal protection, and their personal property rights and personality rights cannot be protected. As a result, individual lawbreakers, because they are not deterred by the law, will have a fluke mentality, and use personal information more rampantly to obtain benefits.
2.1.2. Transmission Channels and Scope Are Expanding Day by Day
In the past, the way of personal information transmission was mostly oral and written, and the way of transmission was relatively single, which also made the scope of personal information dissemination have certain limitations, and most of it was spread and used in specific groups. After the advent of the era of big data, the inclusiveness and openness of the Internet has made it possible for any particular group to use the method of network communication to send specific personal information to individuals or groups. Although the emergence of social media such as WeChat, QQ, and Weibo has greatly facilitated people’s production and life, the risks they bring cannot be underestimated. Once a certain content has attracted the attention of netizens, it will Will be quickly forwarded and spread on the network platform.
2.1.3. The form of Digitization Is Becoming More and More Obvious
In the past, people had to rely on tangible media such as paper and film if they wanted to develop the information process, but after entering the era of big data, they can directly collect, store, and transmit personal information in the form of digitization. The so-called digitization of personal information means that personal information is electronically stored on the Internet in the form of data and becomes data information. Intangibility and virtuality are its most significant characteristics. Whether it is personal information in a broad sense such as shopping preferences, hobbies, social spheres, or basic personal information such as name, ID number, mobile phone number, household registration, etc., it can be stored on the Internet after data processing. The risk of personal information being leaked in the data age is greater.
2.1.4. Increasingly Prominent Commercial Value
In the era of big data, personal information is collected, used and transmitted on a large scale, and its main use value lies in business. This kind of commercial use can be divided into direct use and indirect use. Direct use refers to the direct use of information acquirers. For example, by analyzing personal information, businesses can understand the preferences of consumers and improve the pertinence of their services. Indirect use means that the information acquirer sells personal information to direct users instead of using it directly. What is different from the previous ones is that most of the infringing objects collect a large amount of personal information on a large scale, and rarely collect personal information of a certain user individually. Generally speaking, in the era of big data, indirect personal information that did not have commercial value in the past, such as user preferences and social scope, has become a commercial resource that cannot be ignored and should be protected by laws and regulations.
2.2. Specific Manifestations of Violations of Personal Information
In the information society, the process of using personal data information mainly includes four links: collection, processing, transaction, and application. In these links, personal data and information security are at risk of being violated.
2.2.1. There Is a Risk of Improper Disclosure
Overall, in the context of big data, improper disclosure behaviors mainly include personal information leakage behaviors and malicious dissemination of personal information behaviors. Personal information leakage mainly occurs in some institutions and departments that manage personal information. The main reason for information leakage is mostly the imperfect information management system or the existence of loopholes. The malicious dissemination of personal information mainly refers to the malicious disclosure of personal subject information when the information subject does not have the willingness to disclose information, thereby infringing on the privacy of the individual.
2.2.2. There Is a Risk of Improper Collection
In the process of personal and social interaction, personal information plays a very significant role. In the process of collecting personal information, it is necessary to refine the collection methods and strengthen supervision, otherwise it will increase the probability of improper collection. In summary, there are three main situations: one is excessive collection behavior. Mainly reflected in the process of collecting personal information, often deviating from the normal collection purpose, but also beyond the scope of standard collection. The second is wrong collection behavior. The accuracy of personal information is the key to measuring personal information. Failure to grasp the correct personal information will greatly increase the risk of infringement of personal information subjects’ interests. The third is illegal secret collection. Mainly refers to the secret collection behavior that occurs when the subject of personal information is concealed. In this process, collectors often use various modern methods to collect personal information, which also greatly increases the distortion rate of personal information.
2.3. Legislative Protection Status of Personal Information Protection in My Country
Although my country has legislated the protection of personal information, in real life, the legal provisions are scattered, scattered, and the scope of protection is narrow. The scope, concept, nature and connotation of personal information lack legal provisions to clarify it. It can be said that in the scope of civil law, the protection of personal privacy through a single law has been unable to keep up with the development of the era of big data. The current civil law has no way to comprehensively and effectively cover and realize the legal protection of personal data information. Judging from the current legislation, the privacy of individuals is only protected as part of the right of reputation in the “General Principles of Civil Law”, even in the “Interpretation of the Supreme People’s Court on Certain Issues Concerning the Determination of Liability for Mental Damage in Civil Tort”, it will infringe the privacy of citizens It is independent from the right of reputation, but the protection of personal privacy is still not taken seriously . The main laws and regulations currently promulgated are: at the nineteenth meeting of the Standing Committee of the Ninth National People’s Congress held on December 28, 2000, the “Decision on Maintaining Internet Security” was passed, which clearly proposed the use of Where the Internet insults others or fabricates facts to slander others, illegally tampered with, intercepted, or deleted other data and materials such as emails of others, infringed on citizens’ communication secrets and freedom of communication, and used the Internet to commit fraud, theft, or extortion, and constitute a crime, criminal responsibility shall be investigated in accordance with relevant regulations. On December 28, 2000, the Ninth National People’s Congress Standing Committee passed the “Decision on Strengthening the Protection of Online Information” at the 19th meeting of the Standing Committee, which clearly stated that any organization or individual would steal or otherwise obtain or sell it illegally. Or illegal and criminal acts of providing citizens’ personal electronic information to others, as well as other illegal and criminal acts of network information, have the right to report and sue the relevant authorities. The department that receives the report or accusation shall deal with it in a timely manner according to law, and the infringed person may file a lawsuit in accordance with the law . The Tort Liability Law was promulgated in 2009. Article 2 clarifies the legal attributes of the right to privacy, and clearly stipulates that the civil rights and interests of specific personality rights shall also be adjusted by the law. Including it provides a direct legal basis for the protection of personal information, but compared with the ever-increasing phenomenon of personal information infringement, it still lags behind, and it is still unable to protect personal information rights in a timely and comprehensive manner. In 2017, the “Cyber Security Law” clarified that the collection of personal information requires the user’s consent in an explicit way, and must follow the principle of “legitimate, legal, and necessary”. In addition, my country’s “General Principles of Civil Law” formally legalizes the right to personal information. Article 111 of the General Provisions stipulates that the personal information of natural persons is protected by law. Any organization or individual who needs to obtain the personal information of others shall obtain and ensure the security of the information in accordance with the law, and shall not illegally collect, process, use, or transmit the personal information of others, and shall not illegally trade, provide or disclose the personal information of others. On August 20, 2021, the 30th meeting of the Standing Committee of the 13th National People’s Congress voted to pass the “Personal Information Protection Law of the People’s Republic of China”, which will come into force on November 1, 2021 .
At present, the legal protection of personal information can be divided into direct protection and indirect protection. In addition to the “Personal Information Protection Law” that will be implemented within this year, which provides special protection for personal information, there are also the “Passport Law”, “Identity Card Law”, “Criminal Law” and “Statistics Law” that directly protect personal information. Indirect protection means that the law does not clearly specify “personal information”, but protects personal information by protecting “privacy rights, name rights, portrait rights, and other specific personality rights related to personal information”. Related legislation includes the Constitution, the Cyber Security Law, the Civil Procedure Law, and the Criminal Procedure Law. At the same time, Articles 813 to 816 of my country’s “Civil Code” provide detailed legislation on the protection of personal information on the basis of the “General Principles of the Civil Law”.
In terms of personal information legislation, the legal systems in developed countries such as Europe and the United States are relatively complete. For example, the protection of personal information in the United States is sectoral, and instead of adopting a unified legislative method, it has adopted specific legislation on a certain aspect of personal information. In order to achieve the purpose of legal protection, unlike the United States, the European Union has adopted a unified and centralized legislative approach, which regulates both the public and private sectors. In order to assist the implementation of the law, the European Union has also established a special and independent personal data protection agency, which has provided valuable experience for our country’s personal information legislation .
Compared with developed countries in Europe and the United States, the current legislation system for the protection of online personal information in the civil law system of our country is not complete. The main manifestations are as follows: First, the civil law lacks more practical principled clauses, and the operability in practice is not strong; With the rapid development of the Internet and new media, more and more traces of information left by citizens on the Internet, and these personal information has not been included in the protection of civil law, so that the construction of the information security legal system in the civil law is not very perfect .
3. The Main Problems Faced by the Civil Law Protection of Personal Information in the Era of Big Data
3.1. The Traditional Protection Mode Gradually Fails
In the past, in order to avoid the leakage of personal information, people usually adopted the method of strictly keeping personal information by themselves. But in the era of big data, it is not enough to just rely on personal protection of information. Because the effective collection of personal information can be achieved through big data, if some people obtain this information with ulterior motives, it will have very serious consequences, and even leak personal privacy and cause economic losses. Unlike objects in the traditional sense, in the era of big data, information will become a resource after it is fully explored. It will not lose value immediately after use, and it can be recycled. If the information is obtained by some institutions, it may cause immeasurable losses to the information subject. Therefore, not only define and protect information from the perspective of privacy, but also need special laws and regulations to protect against the theft of personal information.
3.2. The Provisions and the Scope of Protection Are Not Clear Enough
At the level of civil law protection of personal information, our country is still in the stage of continuous exploration, and no systematic and complete legal regulations have been formed. The regulations related to the protection of citizens’ personal information are scattered among other laws, lacking systematic expressions, and the lack of coordination and cooperation between them makes it difficult to effectively protect citizens’ personal information when it is violated. It is mainly reflected in three aspects: First, the protection of personal information in the current civil law mostly protects the private and undisclosed personal sensitive information of citizens, while the protection of “general personal information” is in judicial practice. China is often unable to rely on it. The second is that there is no clear regulation on the right of personal information. The right of personal information includes the right of decision, inquiry, correction, deletion, confidentiality, income, and relief. The protection of personal information in the current civil law focuses on the content of personal information and whether the collection procedure is legal, but lacks relevant regulations on how to regulate the behavior after collection and utilization. Third, because information has certain property attributes in addition to its personality attributes, and with its economic value becoming increasingly prominent, personal information is being violated more and more frequently and infringement methods are endless, and citizens’ spirit and property are also will be violated.
3.3. The System of Laws and Regulations Needs to Be Improved
At present, the academic circles have not reached a consensus on the definition of the scope of personal information rights, which affects the legal construction of personal information protection to a certain extent, and it is necessary to further improve the personal information protection system. My country is currently improving the laws on the protection of personal information. The preliminary investigations have been completed, and the status of personal information abuse has been classified, including the disclosure of personal information without the subject’s consent, and the disclosure of personal information without the subject’s consent. Provide to others, etc. At the same time, a solicitation of opinions on how to protect personal information was carried out, laying a foundation for the promulgation of personal information protection laws. In real life, many situations will cause personal information to be leaked and have negative consequences. The methods and methods of personal information protection need to be innovated. Based on the current status of personal information protection mechanisms, it is not only necessary to create a personal information protection self-discipline mechanism to strengthen the protection of personal information, but also to formulate relevant laws and regulations at the national level, and introduce corresponding legislation as the basis for personal information protection.
3.4. Lack of Clear Information Infringement Regulations
At present, my country’s regulations on the protection of personal information tend to be procedural and principled, which makes it easy for right holders to fail to receive timely and effective relief and protection when they are infringed. The protection of personal information in the civil law is mainly indirect. It only provides relatively complete regulations for infringement of citizens’ rights such as reputation, privacy, portrait, name, etc., but there are no rules to follow when general personal information is infringed. In addition, its tort liability is mostly to eliminate the interference, stop the infringement, restore reputation, eliminate danger, etc., focusing on the protection of personal rights and interests, so that the protection of property attributes is not taken seriously, and this tort liability regulation also invisibly reduces the infringement of personal information. The cost of the act has caused frequent infringements of personal information.
4. Countermeasures and Suggestions to Strengthen the Civil Law Protection of Personal Information in the Era of Big Data
4.1. Establish a Sound Legal Protection System
At present, my country’s existing personal information protection legal system is not sound enough. Although Article 111 of the “General Principles of Civil Law” stipulates that the personal information of natural persons is protected by law, this provision is too principled and general, regarding the definition of personal information and the performance of infringement of personal information. There are no specific rules for the legal consequences of infringing personal information, and it is difficult to apply in practice. Therefore, it is necessary to establish a legal protection system for personal information under big data. Specifically, it is advisable to adopt a legislative model that combines basic laws and special laws. The Basic Law is the “Personal Information Protection Law” and the “Civil Code”. The Basic Law clarifies the legislative purpose and basic principles of personal information protection, clarifies the concept, nature, and definition standards of personal information, and clarifies the important issues of violations of personal information rights like manifestations, legal consequences and relief measures. Currently, both laws have been promulgated, but implementation still needs a long process. On this basis, it assists in the convergence of relevant special laws in specific areas, such as improving the “Network Security Law” in the network field and the “Consumer Rights Protection Law” in the economic and financial fields. In addition, in the field of civil law, a complete set of personal information protection system must be established through the revision of relevant laws. Provisions on the production of evidence, jurisdictional responsibilities, etc., through the amendment of the Criminal Law to improve the sentencing of relevant crimes in the criminal field, and the amendment of the Administrative Law to improve the responsibility of administrative agencies in supervision and so on .
4.2. Standardize the Authorization Behavior of the Information Subject
Data sharing in the era of big data is not the same as data sales. There is a fundamental difference between the two, and this difference is whether the information subject has been authorized. The authorization of information sharing should pay attention to the following issues: First, if data sharing involves personal information, it should be authorized by the information subject. Although my country’s “General Principles of Civil Law” stipulates that personal information must be collected and used in accordance with the law, it does not clearly stipulate legal and illegal situations. “No personal information may be provided to others without the consent of the person being collected” is clearly stipulated in the “Divisions of the Civil Code”, but it does not specify whether the information right holder’s explicit consent is required. In this regard, my country should make reasonable reference to the successful experience of the United States, the European Union and other places. If the authorization terms are unclear, even if the individual agrees, it cannot be regarded as an authorization. Second, when collecting and using personal information, you should obtain personal authorization, and data sharing must also obtain special authorization from the information subject. In terms of domestic judicial practice, some courts have adopted the above position. Third, the circumstances that do not require authorization should be clearly enumerated by the law. This will not only protect the rights of personal information, but also provide clear development expectations and behavior standards for the development of the data industry. In addition, the relevant provisions of Article 816 in the “Divisions of the Civil Code” are also slightly broader, and it is necessary to elaborate on them .
4.3. Improve the Relief System for Information Infringement
Relief, as the final guarantee for the realization of rights, undoubtedly makes it impossible to realize the relief protection when faced with the infringement of personal information rights, long time for rights protection, lack of rights protection evidence, complicated rights protection procedures, and no idea how to protect rights. Therefore, it is necessary to establish a relatively complete relief system for personal information infringement. First of all, the personal tort relief system should be a comprehensive remedy that integrates criminal, civil, and administrative. This requires effective supplementation and convergence between legislation in various fields, and between substantive law and procedural law; secondly, personal information. The civil law relief measures should be adapted to the consequences of personal information infringement. Different from traditional infringements, personal information infringement is uncontrollable and irreversible. How to completely compensate and cut off the adverse effects caused by personal information infringement requires the design of special remedies. Third, the relief measures for personal information should learn from the advanced technological means under the Internet. Since personal information infringement is based on Internet big data, the relief of personal information infringement should also learn from advanced technical means. Relieving “network technology” through “network technology” may be the most direct, efficient and quickest way of remedy.
4.4. Promote the Combination of Information Protection and Development and Utilization
On the surface, information protection and information utilization seem to be mutually opposing behaviors, but in the era of big data and the Internet, simply protecting information blindly, or simply and rudely sealing information in the name of protection, will not only bring about production and life. Many inconveniences will also obliterate the huge economic and social value contained in the information. Therefore, it is recommended that under the premise of personal information protection, information protection and rational use should be organically combined, not only to protect the information rights of the information provider, but also to protect the intellectual property rights formed by the information processor in the process of information use, specifically: Construct a relatively complete and new type from the aspects of personality rights (information provider rights), intellectual property rights (information user rights), contract law (information utilization methods), tort liability law (accountability for misuse of information), etc. Personal information protection and use rules, so as to achieve an effective balance between the information industry’s interests in the use of personal information, the interests of individuals in the protection of personal information, and the public interests of the state’s management of society.
All in all, with the advent of the era of big data, data informatization not only provides unprecedented opportunities for China’s social and economic development, but also brings some new challenges. In order to ensure the healthy and rapid development of the economy and society in the era of big data, It is necessary to pay attention to and strengthen the revision and improvement of the existing legal system, to give full play to the effectiveness of the law, so that citizens’ personal information can be used rationally under the premise that security is fully protected, which contributes to the economic and social development, national security, and social stability in the era of big data.