风险管理模式下的数据保护影响评估制度

doi:10.11959/j.issn.2096-109x.2018064

网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (8): 63-70.doi: 10.11959/j.issn.2096-109x.2018064

风险管理模式下的数据保护影响评估制度

程莹()

中国政法大学人权研究院，北京 100088

修回日期:2018-07-15 出版日期:2018-08-15 发布日期:2018-10-12
作者简介:程莹（1988-）女，山东聊城人，中国政法大学博士生，主要研究方向为个人信息保护和隐私权。
基金资助:
山东省法学会法学研究课题基金资助项目(SLS(2017)C28);中国国家留学基金委资助项目(201707070116)

Data protection impact assessment system in the mode of risk management

Ying CHENG()

Institute for Human Rights,China University of Political Science and Law,Beijing 100088,China

Revised:2018-07-15 Online:2018-08-15 Published:2018-10-12
Supported by:
Law Society Law Research Foundation of Shandong Province(SLS(2017)C28);China Scholarship Council Foundation(201707070116)

摘要/Abstract

摘要：

伴随大数据时代个人信息保护领域风险管理理论的广泛应用，数据保护影响评估已经成为推动个人数据保护的重要制度。运用文献研究、实证分析的方法，以2016年欧盟《一般数据保护条例》（GDPR）对数据保护影响评估的规定为样本，深入分析数据保护影响评估的理论背景、兴起与演变、含义、适用范围等内容，以期搭建规范、明确的影响评估制度，加强个人信息保护。数据保护影响评估内容不限于隐私风险评估，还包括数据安全、数据质量、非歧视等内容；对于容易带来高风险的数据处理行为，应设定数据保护影响评估为强制性义务；评估过程应听取利益相关者的意见，反映其利益需求；加强外部监督并适度公开评估报告。

关键词: 数据保护影响评估, 个人信息安全影响评估, 欧盟《一般数据保护条例》, 风险管理, 隐私影响评估, 个人信息保护

Abstract:

In the era of big data,the risk management approach has been broadly applied in the field of personal information protection.Data protection impact assessment has become an important system to promote data protection.It takes the provisions of the data protection impact assessment of the European General Data Protection Regulation (GDPR) 2016 as the sample.By using the literature research and empirical analysis method,it analyzes in depth the theoretical background,rise and evolution,meaning and scope of data protection impact assessment to establish a standardized and specific impact assessment system as well as promote personal information protection.Assessment content includes not only privacy risk assessment,but also data security,data quality and non-discrimination.Data protection impact assessment should be set as a mandatory obligation for data processing activities that are likely to result in high risks.The evaluation process shall take the advices from stakeholders to reflect their benefits.The external supervision should be strengthened and the assessment report shall be published properly.

Key words: data protection impact assessment, personal information security impact assessment, GDPR, risk management, privacy impact assessment, personal information protection

中图分类号:

程莹. 风险管理模式下的数据保护影响评估制度[J]. 网络与信息安全学报, 2018, 4(8): 63-70.

Ying CHENG. Data protection impact assessment system in the mode of risk management[J]. Chinese Journal of Network and Information Security, 2018, 4(8): 63-70.

参考文献 22

[1]	《信息安全技术个人信息安全规范》（GB/T 35273-2017）[S]. 2018. .
	Information security technology-personal information (GB/T 35273-2017)[S]. 2018. .
[2]	RUBINSTEIN I S . Big data:the end of privacy or a new beginning[J]. International Data Privacy Law, 2013,3(2): 74-87.
[3]	NISSENBAUM H . Privacy as contextual integrity[J]. Wash L Rev, 2004,79: 101-139.
[4]	KUNER C ,et al. Risk management in data protection(2015)[J]. 5 International Data Privacy Law 95,98.
[5]	范为 . 大数据时代个人信息保护的路径重构[J]. 环球法律评论, 2016(5): 92-115.
	FAN W . The path reconstruction of personal information protection in the age of big data[J]. Global Law Review, 2016(5): 92-115.
[6]	杨秀 . 网络服务商个人信息保护制度的缺陷及其完善一以新浪微博诉脉脉案为例[J]. 国际新闻界, 2017(8): 140-155.
	YANG X . Defects and perfection of personal information protection system of network service providers:take the ‘sina micro-blog prosecuted maimai’ as an example[J]. Chinese Journal of Journalism＆ Communication, 2017(8): 140-155.
[7]	张敏, 马民虎 . 欧盟数据保护立法改革之发展趋势分析[J].,2016(2):00030-1 网络与信息安全学报, 2016(2): 00030-1.
	MA M , MA M H . Analysis on the development trend of EU data protection legislation reform[J]. Chinese Journal of Network and Information Security, 2016,2(2): 8-15.
[8]	WADHWA K , RODRIGUES R . Evaluating privacy impact assessments[J]. Innovation:The European Journal of Social Science Research, 2013,26(1-2): 161-180.
[9]	BENNETT C J . Regulating privacy:data protection and public policy in Europe and the United States[M]. Cornell University Press, 1992:112.
[10]	HOFFMAN L J . Security and privacy in computer systems[M]. Los Angeles: MelvillePress, 1973:125.
[11]	CLARKE R . Privacy impact assessment:its origins and development[J]. Computer Law ＆Security Review, 2009,25: 123-135.
[12]	DE HERT P , . A human rights perspective on privacy and data protection impact assessments[C]// Privacy Impact Assessment. Springer,Dordrecht, 2012: 33-76.
[13]	WEBER R H . Privacy management practices in the proposed EU regulation[J]. International Data Privacy Law, 2014,4(4):290.
[14]	WRIGHT D , DE HERT P . Privacy impact assessment[M]. Springer, 2011: 5-6.
[15]	CLARKE R . Privacy impact assessment:its origins and development[J]. Computer Law ＆Security Review, 2009,25: 123-135.
[16]	CLARKE R . PIAs in Australia:a work-in-progress report privacy impact assessment[M]. Springer,Dordrecht, 2012: 119-148.
[17]	BAMBERGER K A , MULLIGAN D K . Privacy decision-making in administrative agencies[J]. The University of Chicago Law Review, 2008,75(1): 75-107.
[18]	WRIGHT D , FINN R , RODRIGUES R . A comparative analysis of privacy impact assessment in six countries[J]. Journal of Contemporary European Research, 2013,9(1): 160-180.
[19]	TANCOCK D , PEARSON S , CHARLESWORTH A . Analysis of privacy impact assessments within major jurisdictions[C]// Privacy Security and Trust (PST),2010 Eighth Annual International Conference on. IEEE, 2010: 118-125.
[20]	WRIGHT D , WADHWA K . Introducing a privacy impact assessment policy in the EU member states[J]. International Data Privacy Law, 2012,3(1): 13-28.
[21]	WRIGHT D , FINN R , RODRIGUES R . A comparative analysis of privacy impact assessment in six countries[J]. Journal of Contemporary European Research, 2013,9(1): 160-180.
[22]	BAMBERGER K A , MULLIGAN D K . PIA requirements and privacy decision-making in US government agencies privacy impact assessment[M]. Springer Netherlands, 2012: 225-250.

风险管理模式下的数据保护影响评估制度

Data protection impact assessment system in the mode of risk management

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

参考文献 22

相关文章 0

Metrics

推荐阅读 0