《電子技術應用》
您所在的位置:首頁 > 其他 > 設計應用 > 免于同意之合同所必需規(guī)則的原理探究與落地適用
免于同意之合同所必需規(guī)則的原理探究與落地適用
網(wǎng)絡安全與數(shù)據(jù)治理
伍旋航
(廈門大學法學院,福建廈門361005)
摘要: 作為“同意例外”情形之一的合同所必需規(guī)則為個人信息保護與合理利用的動態(tài)利益平衡提供了規(guī)范依據(jù)。依據(jù)《個人信息保護法》第13條第1款第2項的規(guī)定,合同所必需規(guī)則包含兩種情形:一是個人作為一方當事人與作為另一方當事人的處理者訂立合同所必需;二是上述雙方主體為履行合同所必需?!秱€人信息保護法》設立合同所必需規(guī)則并無“架空”告知同意規(guī)則之意,處理目的、處理范圍以及處理場景可作為合同所必需規(guī)則的三層條件限定。據(jù)此,從常見的個人信息處理場景出發(fā),對合同所必需規(guī)則的適用展開進行了列舉。此外,還應從法律效果上準確把握合同所必需規(guī)則。首先,合同所必需規(guī)則并不排斥其他合法性基礎的適用。其次,適用合同所必需規(guī)則可豁免同意征求,但不及于“重新取得同意”與“撤回同意”的情形。再而,合同所必需規(guī)則僅豁免處理者的同意征求義務,處理者仍需遵守個人信息處理規(guī)則。最后,應明晰合同所必需規(guī)則的適用多為個人信息被處理者收益。
中圖分類號:D92 文獻標識碼:ADOI: 10.19358/j.issn.2097-1788.2024.02.012
引用格式:伍旋航.免于同意之合同所必需規(guī)則的原理探究與落地適用[J].網(wǎng)絡安全與數(shù)據(jù)治理,2024,43(2):78-85.
Exploring the rationale and practical application of the rules necessary for a contract without consent
Wu Xuanhang
(School of Law, Xiamen University, Xiamen 361005, China)
Abstract: As one of the “Consent exceptions”, the rules necessary for a contract provide a normative basis for the dynamic balance between the protection of personal information and the rational use of personal information. Pursuant to Article 13 (1) (2) of the Personal Information Protection Law, the rules necessary for a contract consist of two situations: one is necessary for an individual to enter into a contract as a party to a contract with a processor as a party to the other party, and the other is necessary for the performance of the contract by the abovementioned parties. Personal Information Protection Law sets up the necessary rules of the contract is not “Overhead” informed consent rules meaning, the purpose, scope, and context of the processing can be defined as three levels of conditions for the required rules of the contract. Based on this, this paper enumerates the application of the rules necessary for a contract from the common personal information processing scenarios. In addition, we should grasp the necessary rules of the contract accurately from the legal effect. Firstly, the rules necessary for a contract do not exclude the application of other bases of legality. Secondly, the application of this rules may exempt consent from solicitation, but not in the case of “Re consent” and “Withdrawal of consent”. Moreover, the rules necessary for a contract only exempt the processor from the consent seeking obligation, and the processor is still required to comply with the personal information processing rules. Finally, it should be made clear that the application of the necessary rules of a contract is mostly for the benefit of the person whose personal information is processed.
Key words : personal information processing;basis of legality;rules necessary for a contract;consent to exemptions

引言

《個人信息保護法》確立了以“告知—同意”為核心的個人信息處理規(guī)則,強調(diào)了個人信息處理中對個人信息主體的權利保障。同意并非個人信息處理的唯一合法性基礎?!秱€人信息保護法》第13條第1款第2項規(guī)定“為訂立、履行個人作為一方當事人的合同所必需”(以下簡稱“合同所必需規(guī)則”)同屬個人信息處理的合法性基礎之一。合同所必需規(guī)則借鑒了GDPR第61(b)條的規(guī)定,但國內(nèi)對該規(guī)則的原理內(nèi)涵與具體適用仍不明晰。為更好推動合同所必需規(guī)則的落地適用,本文結合GDPR第61(b)及相關規(guī)定,對合同所必需規(guī)則的內(nèi)涵與實踐適用進行了分析。1合同所必需規(guī)則的基本內(nèi)涵 歐盟數(shù)據(jù)保護委員會曾通過了一項《關于在向個人信息主體提供在線服務時根據(jù)GDPR第61(b)條處理個人數(shù)據(jù)的準則》(2.0版)(以下簡稱《準則》),上述指南對GDPR第61(b)條對合同所必需規(guī)則的基本內(nèi)涵和適用標準作了詳細規(guī)定,對理解合同所必需規(guī)則的原理具有重要意義。11設立合同所必需規(guī)則的考慮個人信息處理的合法性基礎主要有兩大類:一是同意,二是法定許可(又稱“同意例外”)?;谕獾膫€人信息處理體現(xiàn)了對個人同意授權的嚴格遵循,是在大數(shù)據(jù)時代賦予個人信息主體的一項自主決定權利。我國《個人信息保護法》允許個人信息處理者基于法定許可處理個人信息主要有三個層面的考慮。第一,個人信息來源于個人,但個人信息并非絕對獨占的。個人信息還承載著除了個人利益之外的社會利益甚至國家利益。因此,特定情形下,個人信息主體需要讓渡其享有的同意授權的權利,以實現(xiàn)不同利益之間的平衡[1]。這一利益平衡理念同樣體現(xiàn)在GDPR,其序言指出“保護個人數(shù)據(jù)的權利不是一項絕對權利,必須考慮其在社會上的作用并應當根據(jù)比例性原則與其他基本權利保持平衡?!?/p>


作者信息:

伍旋航

(廈門大學法學院,福建廈門361005)


文章下載地址:http://ihrv.cn/resource/share/2000005906


weidian.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權禁止轉載。