摘要
数据匿名化是兼顾隐私保护与数据利用的有效手段。随着大数据、数据开放运动的发展,数据匿名化的法律问题受到更多关注。文章从法律视角对匿名化数据的概念、认定的法律标准以及数据匿名化处理过程中应当遵循的法律规范进行了系统性论述,提出匿名化区别于假名数据,对不可识别性有着更高的要求。对数据进行匿名化处理的机构,以及接收匿名化数据的第三方(在一般情形下),均不能实现数据的身份再识别。为此,采取匿名化处理的机构应当在事前、事中、事后的整个周期采取必要的技术手段、合同机制以及IT审计等方式保障数据真正实现匿名化。
Data anonymization is an effective means which could compromise the privacy protection wih the use of data well. The legal issues on the data anonymization are getting more and more attention with the development of the big data and data open initative. From the legal perspective, this paper demonstrates the legal concept of anonymous data, the judgement standard of it as well as the legal requirements on the process of data anonymization in details. It indicates the anonymous data is different from pseudonym data, the former of which has a higher requirement for the data being unidentifable status. The organization that anonymize the data could not make the data re一identifable. None of the third party which receive the anonymous data could do that under the general circumstances. In order to achieve this objective, the organization should take all necessary means including the technical measure, contract mechanism and IT audit to ensure that data being unidentifable in the whole process.
出处
《信息通信技术》
2016年第4期38-44,共7页
Information and communications Technologies
关键词
数据匿名化
数据保护法
法律规范
Data Anonymization
Data Protection Law
Legal Requirements
作者简介
王融 中国信息通信研究院互联网法律中心副主任,高级工程师.长期从事电信、互联网立法与监管政策研究.代表著作(合著):《电信法》、《融合背景下的中欧电信管制比较研究》、《个人信息保护法研究》.近年来主要研究方向为个人信息保护法、网络信息安全法.发表论文、文章40余篇,重点支撑信息通信领域法律、行政法规及部门规章立法工作.
