从CCPA和GDPR比对看美国个人信息保护立法趋势及路径

美国加州颁布的《2018年加州消费者隐私法》(CCPA),在借鉴《通用数据保护条例》(GDPR)个人信息保护模式的同时,探索适合美国互联网产业发展的特有路径。文章将CCPA和GDPR进行对比,从其共性中分析美国顺应世界个人信息保护模式的新趋势,从其特性中探索美国个人信息保护权益衡量的特有路径。我国应该借鉴美国个人信息保护立法的灵活性、具体性和有效性,建立个人信息保护集体诉讼机制,为个人提供更多的救济渠道;分业制定个人信息具体规则和国家强制性标准,为个人信息保护提供有效依据;加强源头治理,提升行政执法能力。     

关于借鉴欧盟政策加强个人信息跨境传输安全认证制度建设的建议

针对如何建设我国《个人信息保护法》第38条确立的个人信息跨境传输认证制度的问题,通过重点分析欧盟数据保护委员会发布的《将认证作为传输工具的指南》中的认证基本框架、对数据进出口方的监管、个人信息主体权利等关键内容,总结该指南关于认证的设计要点与重要结论,提出构建我国个人信息跨境传输安全认证制度的相关建议。     

个人信息保护势在必行

本文首先以银行、网络招聘、火车票及电信实名制和医院为例说明个人信息保护的迫切需求;接着从"两高"新增个人信息安全犯罪新罪名,专家、人大和政协委员对个人信息保护法的呼吁到工业和信息化部针对个人信息保护开展的相关工作,说明各界对个人信息安全保护立法及相关政策措施的广泛关注和积极反应。     

个人信息保护法律制度十年回顾

随着信息网络技术和产业的高速发展,我国个人信息保护制度建设取得了巨大的进步。回顾十年来个人信息保护法律制度建设历程,我国已形成了具有中国特色、涵盖领域广的个人信息保护法律制度,并积极适应个人信息保护的国际化进程。如今,全球个人信息保护更加关注数据安全,我国个人信息保护法律制度在处理机制、监管模式和问责机制方面还有进一步完善的空间;未来,也应在借鉴国外先进经验、适应人工智能（AI）等新技术方面更加灵活和主动。     

网店实名制中的个人信息保护问题研究

《网络商品交易及有关服务行为管理暂行办法》新近出台,其中规定的“网店实名制”引人关注。但实名之后,用户个人信息安全是否更蕴含风险,如何予以更有力地规制和保护？本书对此进行了分析和评析,以推动网络个人信息保护研究的进步。     

网络时代个人信息保护研究

随着网络化和社会信息化程度越来越高,人们更快捷地共享信息和利用信息,但是伴随而来的网络个人信息安全问题越来越严重,越来越引起人们的重视。该文从个人信息的内容谈起,分析了个人信息泄露的主要危害、成因及途径,探讨了具体的防范措施。     

如何在网上保护个人信息

当您上网的时候,尤其是在一些电子商务网站进行购物,或者希望注册成为某些网站的会员的时候,有没有考虑过自己的隐私问题?事实上,当您上网浏览的时候,尤其是需要发送某些包含个人隐私的信息的时候,很容易在所经过的网路上留下自己的踪迹,如果这些蛛丝马迹不幸被黑客截获并加以利用,     

社保系统个人信息隐私保护算法

针对社会保障信息系统中公民的个人信息隐私保护越来越困难的现状,介绍了社保系统的隐私保护难题包括如何保护信息安全和如何界定隐私信息2个方面,分析了隐私信息保护的2个根源性问题在于个人信息的不当采集和不当使用,在此基础上提出了利用转换原始数据的方式保护隐私信息的算法,阻止了信息拥有者对隐私信息直接或间接的获取,为社保系统中个人信息隐私保护的实现提供了一定的研究思路。     

公民个人信息保护的研究

侵害公民个人信息的行为已经给社会和个人带来极大的危害。文章以个人信息泄露与传播的规律为基础,提出了保护个人信息的五项措施。     

基于互联网的个人信息保护的探讨

个人信息在网络空间经常面临一系列的危机,正常的社会秩序正因此而面临严峻的考验。如何解决这一新的社会议题,关系着和谐的信息社会的构建。本文以我国当前对个人信息的保护现状为切入点,讨论了加强个人信息保护的紧迫性和必要性,国外当前所采取的保护模式,提出立法保护是我国个人信息保护的必由之路,并探讨了实施立法保护的基本原则。     

基于硬件特征信息嵌入认证的软件保护

为了既方便软件开发、降低成本,又便于软件保护、维护权益人的利益,研究了软件保护的常用技术和方法,结合软件工程的具体实践,提出了基于硬件特征信息嵌入认证的软件保护方法.该方法的主要特点是利用用户计算机系统的硬件特征信息,采用特征信息嵌入法,通过对当前计算机特征信息与已认证特征信息表中的信息进行比对,实现基于认证的软件保护;同时使用有效的加密算法,进一步提高软件保护强度.实验结果表明,该方法设计简单、成本低、通用性强、保护强度高,是软件保护的有效方法.     

腾讯与360大战再次引发对个人信息保护的思考

本文从腾讯与360之间引发的"3Q大战"之争出发,论述了个人信息保护的必要性,并对国家相关政府机构和第三方测评机构在个人信息保护中应发挥的作用提出了建议。     

基于云计算的个人信息安全保护研究

针对当前个人信息安全现状,本文分析了导致个人信息不安全的原因及泄露途径;提出了基于云计算的个人信息安全保护体系重点探讨个人数据信息在存储介质中的安全保护研究,并在云服务器上构建了一个云计算环境下的云存储安全架构体系．     

The protection of personal information in public registers: the case of urban planning information in Ireland

This article commences by describing public registers. Examples of such registers in use in Ireland are set out. The advantages of allowing the public access to public registers are discussed, as are the negative consequences that can arise from the provision of access. In particular, privacy issues arising from the provision of access are explored. The extent to which the provision of electronic access to public registers may give rise to special concern is raised. The making available to the public of planning related information in Ireland is used as a case study in exploring these issues. Examples of personal information used in the Irish planning process are set out and the legislative provisions governing access are described. Statutory protection available for privacy of such information contained in both planning law and data protection law are evaluated and suggestions are made with respect to achieving an appropriate balance between access and privacy of personal information in public registers.     

个人信息保护与企业合理使用的衡平规制

随着大数据技术的发展,个人信息的保护与企业合理利用信息之间的界限问题日益突出。网络时代的个人信息特征异于传统,在立足这些新的特性基础上,通过中外立法模式的对比思考与比较法上的分析,我国在平衡公民个人信息权利与企业经营利益之间的界限认知上仍有很大空间需要探索,以民法总则为核心的司法上的救济方式将成为促进这一平衡的一个有力突破点。     

Point-of-capture archiving and editing of personal experiences from a mobile device

Personal experience computing is an emerging research area in computing support for capturing, archiving, and editing. This paper presents our design, implementation, and evaluation of a mobile authoring tool called mProducer that enables everyday users to effectively and efficiently perform archiving and editing at or immediately after the point-of-capture of digital personal experiences from their camera-equipped mobile devices. This point-of-capture capability is crucial to enable immediate sharing of digital personal experiences anytime, anywhere. For example, we have seen everyday people who used handheld camcorders to capture and report their personal, eye-witnessed experiences during the September 11, 2001 terrorist attack in New York (The September 11 Digital Archive. ). With mProducer, they would be able to perform editing immediately after the point of capture, and then share these newsworthy, time-sensitive digital experiences on the Internet. To address the challenges in both user interface constraints and limited system resources on a mobile device, mProducer provides the following innovative system techniques and UI designs. (1) Keyframe-based editing UI enables everyday users to easily and efficiently edit recorded digital experiences from a mobile device using only key frames with the storyboard metaphor. (2) Storage constrained uploading (SCU) algorithm archives continuous multimedia data by uploading them to remote storage servers at the point of capture, so that it alleviates the problem of limited storage on a mobile device. (3) Sensor-assisted automated editing uses data from a GPS receiver and a tilt sensor attached to a mobile device to facilitate two manual editing steps at the point of capture: removal of blurry frames from hand-induced camera shaking, and content search via location-based content management. We have conducted user studies to evaluate mProducer. Results from the user studies have shown that mProducer scores high in user satisfaction in editing experience, editing quality, task performance time, ease of use, and ease of learning.

跨境数据流动时代个人信息安全的立法保护

跨境数据流动导致个人信息安全问题的原因在于各国立法的分散和缺陷。数字经济时代,数据流动交换进入爆发式增长阶段。文章通过梳理跨境数据流动时代国外个人信息保护规范的发展现状,以及跨境数据流动背景下我国个人信息保护状况,分析了目前全球在跨境数据流动方面的问题,并依据问题从设立个人信息专员制度、统一立法标准、确立数据主权归属主体等方面进行了立法对策建议,力图提出可行性措施。     

个人信息权利的法律属性再思考：从二元到三方

明确个人信息的权利属性是加强个人信息安全保护的基本前提。要维护实现个人信息权利,仅单纯从个人权利保障出发或从促进信息数据企业发展出发都不是可取的路径。要克服个人信息权利属性"个人-企业"二元模式的局限,充分认知国家在个人信息权利构造上的决定性作用。赋予个人信息权利,实质是国家通过法律对个人信息这一资源性权益,在"个人-企业-国家"之间分配过程中,对个人人格尊严与财产的一种法益保护。要从"个人-企业-国家"三元模式中,深化个人信息权利属性的再认知,从三者价值均衡中,寻求个人信息最佳保护实践。     

Proposal on personal identifiers generated from the STR information of DNA

The individual differences in the repeat count of several bases, short tandem repeat (STR), among all of the deoxyribonucleic acid (DNA) base sequences, can be used as unique DNA information for a personal identification (ID). We propose a method to generate a personal identifier (hereafter referred to as a “DNA personal ID”) by specifying multiple STR locations (called “loci”) and then sequencing the repeat count information. We also conducted a validation experiment to verify the proposed principle based on actual DNA data. We verified that the matching probability of DNA personal IDs becomes exponentially smaller, to about 10^-n, as n stages of loci are used and that no correlation exists among the loci. Next, we considered the various issues that will be encountered when applying DNA personal IDs to information security systems, such as biometric personal authentication systems. Published online: 9 April 2002     

Human-centred appraoches to control and information technology: European experiences

In this paper, the concept of Human-Centred Technology will be described with regard to the different dimensions of workplace, groupwork and networks and in terms of the frameworks of both society and the natural environment. These different aspects of Human-Centred Systems will be illustrated by a series of case studies representing several European countries. The report covers a wide range of research fields. The emphasis is on technology: the roles of control and information technology in enterprises today — including issues of applying AI — and the strategies of designing and implementing technology taking into account the specific aspects which characterize human-centred systems.