《電子技術(shù)應(yīng)用》
您所在的位置:首頁 > 其他 > 設(shè)計(jì)應(yīng)用 > 免于同意之合同所必需規(guī)則的原理探究與落地適用
免于同意之合同所必需規(guī)則的原理探究與落地適用
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
伍旋航
(廈門大學(xué)法學(xué)院,福建廈門361005)
摘要: 作為“同意例外”情形之一的合同所必需規(guī)則為個(gè)人信息保護(hù)與合理利用的動(dòng)態(tài)利益平衡提供了規(guī)范依據(jù)。依據(jù)《個(gè)人信息保護(hù)法》第13條第1款第2項(xiàng)的規(guī)定,合同所必需規(guī)則包含兩種情形:一是個(gè)人作為一方當(dāng)事人與作為另一方當(dāng)事人的處理者訂立合同所必需;二是上述雙方主體為履行合同所必需?!秱€(gè)人信息保護(hù)法》設(shè)立合同所必需規(guī)則并無“架空”告知同意規(guī)則之意,處理目的、處理范圍以及處理場(chǎng)景可作為合同所必需規(guī)則的三層條件限定。據(jù)此,從常見的個(gè)人信息處理場(chǎng)景出發(fā),對(duì)合同所必需規(guī)則的適用展開進(jìn)行了列舉。此外,還應(yīng)從法律效果上準(zhǔn)確把握合同所必需規(guī)則。首先,合同所必需規(guī)則并不排斥其他合法性基礎(chǔ)的適用。其次,適用合同所必需規(guī)則可豁免同意征求,但不及于“重新取得同意”與“撤回同意”的情形。再而,合同所必需規(guī)則僅豁免處理者的同意征求義務(wù),處理者仍需遵守個(gè)人信息處理規(guī)則。最后,應(yīng)明晰合同所必需規(guī)則的適用多為個(gè)人信息被處理者收益。
中圖分類號(hào):D92 文獻(xiàn)標(biāo)識(shí)碼:ADOI: 10.19358/j.issn.2097-1788.2024.02.012
引用格式:伍旋航.免于同意之合同所必需規(guī)則的原理探究與落地適用[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(2):78-85.
Exploring the rationale and practical application of the rules necessary for a contract without consent
Wu Xuanhang
(School of Law, Xiamen University, Xiamen 361005, China)
Abstract: As one of the “Consent exceptions”, the rules necessary for a contract provide a normative basis for the dynamic balance between the protection of personal information and the rational use of personal information. Pursuant to Article 13 (1) (2) of the Personal Information Protection Law, the rules necessary for a contract consist of two situations: one is necessary for an individual to enter into a contract as a party to a contract with a processor as a party to the other party, and the other is necessary for the performance of the contract by the abovementioned parties. Personal Information Protection Law sets up the necessary rules of the contract is not “Overhead” informed consent rules meaning, the purpose, scope, and context of the processing can be defined as three levels of conditions for the required rules of the contract. Based on this, this paper enumerates the application of the rules necessary for a contract from the common personal information processing scenarios. In addition, we should grasp the necessary rules of the contract accurately from the legal effect. Firstly, the rules necessary for a contract do not exclude the application of other bases of legality. Secondly, the application of this rules may exempt consent from solicitation, but not in the case of “Re consent” and “Withdrawal of consent”. Moreover, the rules necessary for a contract only exempt the processor from the consent seeking obligation, and the processor is still required to comply with the personal information processing rules. Finally, it should be made clear that the application of the necessary rules of a contract is mostly for the benefit of the person whose personal information is processed.
Key words : personal information processing;basis of legality;rules necessary for a contract;consent to exemptions

引言

《個(gè)人信息保護(hù)法》確立了以“告知—同意”為核心的個(gè)人信息處理規(guī)則,強(qiáng)調(diào)了個(gè)人信息處理中對(duì)個(gè)人信息主體的權(quán)利保障。同意并非個(gè)人信息處理的唯一合法性基礎(chǔ)?!秱€(gè)人信息保護(hù)法》第13條第1款第2項(xiàng)規(guī)定“為訂立、履行個(gè)人作為一方當(dāng)事人的合同所必需”(以下簡稱“合同所必需規(guī)則”)同屬個(gè)人信息處理的合法性基礎(chǔ)之一。合同所必需規(guī)則借鑒了GDPR第61(b)條的規(guī)定,但國內(nèi)對(duì)該規(guī)則的原理內(nèi)涵與具體適用仍不明晰。為更好推動(dòng)合同所必需規(guī)則的落地適用,本文結(jié)合GDPR第61(b)及相關(guān)規(guī)定,對(duì)合同所必需規(guī)則的內(nèi)涵與實(shí)踐適用進(jìn)行了分析。1合同所必需規(guī)則的基本內(nèi)涵 歐盟數(shù)據(jù)保護(hù)委員會(huì)曾通過了一項(xiàng)《關(guān)于在向個(gè)人信息主體提供在線服務(wù)時(shí)根據(jù)GDPR第61(b)條處理個(gè)人數(shù)據(jù)的準(zhǔn)則》(2.0版)(以下簡稱《準(zhǔn)則》),上述指南對(duì)GDPR第61(b)條對(duì)合同所必需規(guī)則的基本內(nèi)涵和適用標(biāo)準(zhǔn)作了詳細(xì)規(guī)定,對(duì)理解合同所必需規(guī)則的原理具有重要意義。11設(shè)立合同所必需規(guī)則的考慮個(gè)人信息處理的合法性基礎(chǔ)主要有兩大類:一是同意,二是法定許可(又稱“同意例外”)。基于同意的個(gè)人信息處理體現(xiàn)了對(duì)個(gè)人同意授權(quán)的嚴(yán)格遵循,是在大數(shù)據(jù)時(shí)代賦予個(gè)人信息主體的一項(xiàng)自主決定權(quán)利。我國《個(gè)人信息保護(hù)法》允許個(gè)人信息處理者基于法定許可處理個(gè)人信息主要有三個(gè)層面的考慮。第一,個(gè)人信息來源于個(gè)人,但個(gè)人信息并非絕對(duì)獨(dú)占的。個(gè)人信息還承載著除了個(gè)人利益之外的社會(huì)利益甚至國家利益。因此,特定情形下,個(gè)人信息主體需要讓渡其享有的同意授權(quán)的權(quán)利,以實(shí)現(xiàn)不同利益之間的平衡[1]。這一利益平衡理念同樣體現(xiàn)在GDPR,其序言指出“保護(hù)個(gè)人數(shù)據(jù)的權(quán)利不是一項(xiàng)絕對(duì)權(quán)利,必須考慮其在社會(huì)上的作用并應(yīng)當(dāng)根據(jù)比例性原則與其他基本權(quán)利保持平衡?!?/p>


作者信息:

伍旋航

(廈門大學(xué)法學(xué)院,福建廈門361005)


文章下載地址:http://ihrv.cn/resource/share/2000005906


weidian.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。