信息接收視角下個人信息自決的不完備性與效力限度

The Incompleteness and Limitation of Effectiveness of Personal Information Self-determination from the Perspective of Information Reception

被收集的個人信息會轉化為影響信息主體行為的信息，信息接收是影響個人信息自決合理性的重要標準。作為信息接收的個性化推薦被司法裁判直接正當化，與個人信息自決的強控制規則體系存在合法性邏輯斷裂。個人信息自決完全以自決利益為基礎，存在兩重不完備性。首先，在信息社會關係視角下，多種場景的信息關係表明個人信息接收受到社會動力機制、社會規範因素和信息利用結果的三重因素影響。其次，在功利主義權利觀視角下，完全由個人決定信息接收與社會功利最大化存在矛盾。制度功利主義將權利視為整體制度下的一種利益安排，當權利保護與社會功利最大化存在矛盾時，需要在社會整體層面合理界定權利內容。制度功利主義通過個人、契約和集體權利設置，可以實現權利保護與社會功利最大化的契合。應對兩重不完備性，在制度上應當通過“選擇退出機制”改變數據控制者在個人信息價值再利用時的被動局面。在規範上，將個人同意解釋為寬鬆的概括授權，并且與目的限制、最小夠用等原則協調。個人信息權的具體權能，如訪問權、异議權、更正權等，本質上是信息主體控制其信息接收程度的權利，防止其行為受到數據控制者的不當影響。

The personal information collected will be transformed into information that affects the behavior of the information subject. Information reception is an important criterion for determining the rationality of personal information self-determination. Per-sonalized recommendation as a way of receiving information is directly justified by judicial judges. This is a logical fracture of legality with the strong control rule system of personal information self-determination. Self-determination of personal information is based entirely on the interests of self-determination, and is incomplete in two aspects. First, from the perspective of information society relations, the information relationship in multiple sce-narios shows that personal information reception is affected by social dynamics, social norms and information utilization results. Second, from the perspective of utilitarian rights, there is a contradiction between the decision to receive information entirely by the individual and the maximization of social utility. Institutional utilitarianism regards rights as an arrangement of interests under the overall system. When there is a contradiction be-tween the protection of rights and the maximization of social utility, the content of rights needs to be defined at the overall level of society. Institutional utilitarianism can achieve the harmony between the protection of rights and the maximization of social utility through the establishment of individual, contract and collective rights. To cope with the dual incompleteness, the system should adopt an “opt-out mechanism” to change the pas-sive situation of data controllers in the reuse of personal information value. In terms of norms, personal consent is interpreted as a loose general authorization, and it is coordina-ted with the principles of purpose restriction and minimum sufficient. The specific powers of personal information rights, such as the right of access, objection, and correction, es-sentially empower the information subject to control the extent of its information reception and prevent its behavior from being improperly affected by the data controller.