| 英文摘要 |
The Personal Information Protection Law established exemption conditions, namely“statutory duties”(or literally“duties fixed by regulations”) and the accompanying principle of necessity, from the“notification and consent”requirement for state organs. Drawing on the dichotomy between the foundational and instrumental functions of personal information rights and interests, personal information processing activities could be categorized into core information processing activities and auxiliary information processing activities. For the core information processing activities, the term“regulations”in“duties fixed by regulations”should be limited to normative documents at or above the level of Rules (Departmental Rules and Local Governmental Rules), and explicit authorization is required. For the auxiliary information processing activities, provided that superior legislation had already granted authority for core information processing, the scope of“regulations”may be extended to all legitimate norms, and explicit authorization is not required. Furthermore, administrative agreements establishing reciprocal rights and administrative practices on the premise of organizational norms should be recognized as supplementary sources of duties. Given the Whole-of-Government process promoted by digital reforms, the application of the necessity principle should not be confined to static“minimization”. Instead, we should construct a contextualized understanding of necessity, by considering the stage-specific characteristics of public data collection, sharing, and openness, along with the specific impacts of personal information processing activities on information rights and interests, thereby achieving a dynamic balance between duty fulfillment and the protection of personal information rights and interests. |
本站僅提供期刊文獻檢索。
