高级检索

首页

杂志文章

当前位置: 首页 -> 行政法学研究 -> 杂志文章 -> 正文

卓力雄:数据携带权:基本概念,问题与中国应对⃰

信息来源:《行政法学研究》2019年第6期 发布日期:2019-12-31


【注释】

[1]目前,我国对欧盟数据携带权研究的文章仅有寥寥数篇且研究层次相对较低,说明我国学界对数据携带权的关注度有待提高。具体参见张哲:《探微与启示:欧盟个人数据保护法上的数据可携权研究》,载《广西政法管理干部学院学报》2016年第6期;曹亚廷:《数据携带权及其对征信业影响初探》,载《征信》2016年第9期;苗振林:《欧盟数据可携权立法评析》,载《许昌学院学报》2018年第5期;李蕾:《数据携带权:结构、归类与属性》,载《中国科技论坛》2018年第6期等。

[2]第29条数据保护工作组(Article 29 Data Protection Working Party)根据欧盟第95/46 / EC号指令第29条确立,故此得名。它是一个独立的欧洲数据保护和隐私咨询机构,由每个欧盟成员国的数据保护机构、欧洲数据保护主管和欧洲委员会的代表共同组成。该工作组的意见不具有法律效力,但具有很强的指导性和影响力。2018年5月25日,根据欧盟《一般数据保护条例》(GDPR)(法规(EU)2016/679)的规定,它被欧洲数据保护委员会(European Data Protection Board)取代。

[3]See Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p.45

[4]Yunfan Wang and Anuj Shah, Supporting Data Portability in the Cloud Under the GDPR, Carnegie Mellon University, Fall 2017, p.7 available at https://alicloud-common.oss-ap-southeast-1.aliyuncs.com/Supporting_Data_Portability_in_the_Cloud_Under_the_GDPR.pdf(最后访问时间:2019年5月14日)

[5]Helena Ursic, Unfolding the New-Born Right to Data Portability: Four Gateways to Data Subject Control, 15 SCRIPTed 55 (2018)

[6]Robert Madge, GDPR: data portability is a false promise, My Data Journal, Jul 4, 2017. available athttps://medium.com/mydata/gdpr-data-portability-is-a-false-promise-af460d35a629(最后访问时间:2019年5月14日)

[7]ARTICLE 29 DATA PROTECTION WORKING PARTY, Guidelines on the right to data portability, 16/EN, WP 242 rev.01 p10. available at https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611233(最后访问时间:2019年5月14日)

[8]Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.13.

[9]ARTICLE 29 DATA PROTECTION WORKING PARTY, Guidelines on the right to data portability, 16/EN, WP 242 rev.01 p.11-12

[10]详见欧盟法律官网词汇表,网址:https://eur-lex.europa.eu/eli-register/glossary.html(最后访问时间:2019年5月14日)

[11]Article 2 of Decision No 922/2009/EC of the European Parliament and of the Council of 16 September 2009 on interoperability solutions for European public administrations (ISA) OJ L 260, 3.10.2009, p.23该解释一直被欧盟采用,也可见于欧盟法律官网词汇表,网址:https://eur-lex.europa.eu/eli-register/glossary.html(最后访问时间:2019年5月14日)

[12]ARTICLE 29 DATA PROTECTION WORKING PARTY, Guidelines on the right to data portability, 16/EN, WP 242 rev.01 p.17

[13]Id. At 15.

[14]Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.13

[15]ARTICLE 29 DATA PROTECTION WORKING PARTY, Guidelines on the right to data portability, 16/EN, WP 242 rev.01 p.16

[16]数据保护工作组的《指南》也对数据携带权是一种控制权作了确认。详见ARTICLE 29 DATA PROTECTION WORKING PARTY, Guidelines on the right to data portability, 16/EN, WP 242 rev.01 p.6

[17]Henry Pearce, Personality, Property and Other Provocations: Exploring the Conceptual Muddle of Data Protection Rights under EU Law , 4 Eur. Data Prot. L. Rev. 192 (2018)

[18]Id. At 199.

[19]《欧盟基本权利宪章》第8条明确将个人数据保护确立为基本权利,See “Charter of Fundamental Rights of the European Union”, OJ C 326, 26.10.2012, p.397

[20]Nestor Duch-Brown, Bertin Martens, Frank Mueller-Langer, The Economics of Ownership, Access and Trade in Digital Data, p.17 (European Comm'n JRC Digital Economy Working Paper 2017-01)available athttps://ec.europa.eu/jrc/sites/jrcsh/files/jrc104756.pdf(最后访问时间:2019年5月30日)

[21]Eva Fialova, Data Portability and Informational Self-Determination, 8 Masaryk U. J.L. & Tech. 47 (2014)

[22]Giancarlo F. Frosio, The Right to Be Forgotten: Much Ado about Nothing, 15 Colo. Tech. L.J. 313 (2017)

[23]Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on universal service and users' rights relating to electronic communications networks and services (Universal Service Directive), OJ L 108, 24.4.2002, p.57, 66

[24]Paul De Hert, Vagelis Papakonstantinou, Gianclaudio Malgieri, Laurent Beslay, Ignacio Sanchez, The right to data portability in the GDPR: Towards user-centric interoperability of digital services, computer law & security review (2018) p.194

[25]Barbara Van der Auwermeulen, How to attribute the right to data portability in Europe: A comparative analysis of legislation, computer law & security review 33 (2017) p.58

[26]Uldis Bojars, Alexandre Passant, John Breslin, Data Portability with SIOC and FOAF, XTech 2008 conference, 2008, p.6

[27]第18条对数据携带权的规定如下:

1.当个人数据的处理是以电子方式和以结构化、常用的格式处理时,数据主体有权从控制者那里获得正在处理的数据的副本供数据主体作进一步使用。

2.如果数据主体提供了个人数据并且处理是基于同意或合同,则数据主体有权将那些个人数据和数据主体提供的并通过自动处理系统保留的任何其他信息,以一种常用的电子格式传输给另一个数据控制者,而不受到数据控制者的阻碍。

3.委员会可以具体说明第1款所述的电子格式以及根据第2款传输个人数据的技术标准、方式和程序。

这些实施行为应按照第87条(2)款所述的审查程序予以通过。

See EUROPEAN COMMISSION, Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), 2012/0011 (COD), p.53

[28]The Committee on Civil Liberties, Justice and Home Affairs, Draft report on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) 2012/0011(COD), 17 December 2012, p.86-87,91

[29]第15条具体增加内容如下:

2.数据主体有权从控制者那里获取正在处理的个人数据通信。如果数据主体以电子形式提出请求,则除非数据主体另有要求,否则应以电子形式和结构化格式提供信息。在不影响第10条的情况下,管理员应采取一切合理步骤,核实请求访问数据的人是数据主体本人。

2a.如果数据主体提供了通过电子手段处理的个人数据,则数据主体有权从控制者那里获得其本人所提供的以电子、可互操作并是常用格式的个人数据的副本,数据主体并能够对该数据作进一步的使用而不受该控制者的妨碍。在技术上可行且可用的情况下,数据控制者应直接将该数据传输给数据主体所要求的另一控制者。

2b.本条不应当妨碍在第5条第(1)款(e)项下不再需要时删除数据的义务。

See Protection of individuals with regard to the processing of personal data ***I European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011–C7-0025/2012–2012/0011(COD)) (Ordinary legislative procedure: first reading), p.138, 146

[30]《条例》第15条是数据访问权,第16条是更正权,第17条是擦除权(“被遗忘权”),第18条是限制处理权,第19条是关于更正、擦除或限制处理中的通知责任,第20条是数据携带权。从《条例》条文的排列顺序也可以看出数据访问权是数据携带权的前置性权利。See Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.43-45

[31]See ARTICLE 29 DATA PROTECTION WORKING PARTY, Guidelines on the right to data portability, 16/EN, WP 242 rev.01 p.3-4

[32]Orla Lynskey, Deconstructing Data Protection: The Added-Value of a Right to Data Protection in the EU Legal Order, 63 Int'l & Comp. L.Q. 591 (2014)

[33]Helena Ursic, Unfolding the New-Born Right to Data Portability: Four Gateways to Data Subject Control, 15 SCRIPTed 66 (2018)

[34]Gabriela Zanfir, The right to Data portability in the context of the EU data protection reform, International Data Privacy Law, Volume 2, Issue 3, 1 August 2012, p.151

[35]“锁定效应”是指两个相同意义上的科学技术产品,一个是较先进入市场,积累了大量用户,用户对其已产生依赖;另一个较晚才进入市场,同种意义上的科学产品,用户对第一个已经熟悉了解,而另一个还需要用户重新学习了解,产生了很大麻烦,因此较晚进入市场的那个很难再积累到用户,从而慢慢退出市场。先进入市场的那个相当于已经锁定了同种类型的科学产品,从而发展越来越快。“锁定效应”本质上是产业集群在其生命周期演进过程中产生的一种“路径依赖”现象。

[36]Engels, B. (2016). Data portability among online platforms. Internet Policy Review, 5(2), p.5

[37]New research:Global attitudes to privacy online:https://bigbrotherwatch.org.uk/2013/06/new-research-global-attitudes-to-privacy-online/(最后访问时间:2019年5月14日)

[38]Barbara Van der Auwermeulen, How to attribute the right to data portability in Europe: A comparative analysis of legislation, computer law & security review 33 (2017) , p.60

[39]Elias Bizannes, Why Every Site Should Have Data Portability Policy, Techcrunch, 23 June 2010, https://techcrunch.com/2010/06/23/data-portability-policy/(最后访问时间:2019年5月14日)

[40]Robert Madge, GDPR: data portability is a false promise, My Data Journal, Jul 4, 2017. available athttps://medium.com/mydata/gdpr-data-portability-is-a-false-promise-af460d35a629(最后访问时间:2019年5月14日)

[41]Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.37

[42]Robert Madge, GDPR: data portability is a false promise, My Data Journal, Jul 4, 2017,https://medium.com/mydata/gdpr-data-portability-is-a-false-promise-af460d35a629(最后访问时间:2019年5月14日)

[43]Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.36

[44]Lucio Scudiero, Bringing Your Data Everywhere: A Legal Reading of the Right to Portability , 3 Eur. Data Prot. L. Rev. 120 (2017)

[45]Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.13

[46]Diker Vanberg, A. & , Ünver, MB., "The right to data portability in the GDPR and EU competition law: odd couple or dynamic duo?", in European Journal of Law and Technology, Vol 8, 2017, p.2

[47]Helena Ursic, Unfolding the New-Born Right to Data Portability: Four Gateways to Data Subject Control, 15 SCRIPTed 54 (2018)

[48]Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.60

[49]Stefan Weiss, Privacy threat model for data portability in social networks applications, (2009) 29 International Journal of Information Management, p.251

[50]Gasser, Urs. 2015. "Interoperability in the Digital Ecosystem." Berkman Klein Center for Internet and Society Research Publication No. 2015-13, p.13

[51]Christopher S. Yoo, When Antitrust Met Facebook, 19 Geo. Mason L. Rev. p.1155 (2012)

[52]Regulation (EU) 2016/679 (General Data Protection Regulation), OJ L 119, 4.5.2016, p.82

[53]Laurits R Christensen, Andrea Colciago, Federico Etro, Greg Rafaert, The Impact of the Data Protection Regulation in the EU(2013), European Financial Review 72. p.2

[54]Id,At 57-58.

[55]Peter Swire; Yianni Lagos, Why the Right to Data Portability Likely Reduces Consumer Welfare: Antitrust and Privacy Critique, 72 Md. L. Rev. 352-353 (2013)

[56]Gasser, Urs and Palfrey, John G., Breaking Down Digital Barriers: When and How ICT Interoperability Drives Innovation. Berkman Center Research Publication No. 2007-8. p.13

[57]Graef, Inge and Verschakelen, Jeroen and Valcke Peggy, Putting the Right to Data Portability into a Competition Law Perspective (2013). Law: The Journal of the Higher School of Economics, Annual Review, 2013, p.62

[58]2017年3月全国人大代表吴晓灵、周学东等人向全国人大建议应当尽快制定《中华人民共和国个人信息保护法》,并提交《关于制定<中华人民共和国个人信息保护法>的议案》,该议案同时将《中华人民共和国个人信息保护法(草案)》作为附件提交。该草案第16条“信息可携权”规定,信息主体有权就其被收集处理的个人信息获得对应的副本,并可以在技术可行时直接要求信息控制者将这些个人信息传输给另一控制者。参见吴晓灵等:《中华人民共和国个人信息保护法(草案)2017版》,http://www.sohu.com/a/203902011_500652(最后访问时间:2019年5月15日)

[59]“新浪微博起诉脉脉抓取使用微博用户信息案”详见《北京淘友天下技术有限公司、北京淘友天下科技发展有限公司与北京微梦创科网络技术有限公司不正当竞争纠纷二审民事判决书》((2016)京73民终588号判决);“大众点评诉百度案”详见《北京百度与上海汉涛不正当竞争纠纷一案》((2016)沪73民终242号)。

[60]参见程啸:《论大数据时代的个人数据权利》,载《中国社会科学》2018年第3期。

[61]参见吴伟光:《大数据技术下个人数据信息私权保护论批判》,载《政治与法律》2016年第7期。

[62]Yunfan Wang and Anuj Shah, Supporting Data Portability in the Cloud Under the GDPR, Privacy Engineering Capstone Project, Fall 2017, p.2-3 available at https://alicloud-common.oss-ap-southeast-1.aliyuncs.com/Supporting_Data_Portability_in_the_Cloud_Under_the_GDPR.pdf(最后访问时间:2019年5月14日)

[63]The CNIL's restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC, 21 January 2019,https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc(最后访问时间:2019年5月14日)

上一页 [1] [2]