论文

元监管“次生风险”之先定规范机制研究

摘要

元监管是一种能够确保数据安全风险防范目的与手段相适应的风险规制技术手段。本文以欧盟GDPR中的数据控制者为样本进行研究,分析了元监管的制度设计和治理效能,发现元监管必然导致“次生风险”问题,并从其内容、形式以及表现等维度,对该问题进行揭示。研究结论得出,运用先定规范机制对数据控制者的权力进行限定,是解决该问题的路径之一。

作者

党俊琦 ,西北政法大学人工智能与智慧法治研究院研究员,博士生,研究方向为风险行政法,反恐怖主义法。
Dang Junqi

参考文献 查看全部 ↓
  • [1]Article 29 Data Protection Working Party.Statement of the Working Party on Current Discussions Regarding the Data Protection Reform Package[Z]. 2013:2-3.
  • [2]C. Kuner.The European Commission's Proposed Data Protection Regulation:A Copernican Revolution in European Data Protection Law. Bloomberg BNA Privacy & Security Law Report 1[R]. 2012:1.
  • [3]宋华琳.迈向规制与治理的法律前沿[J]. 域外法治,2017(6):182-192.
  • [4]B. Hutter.Risk in Social Science[M]. Oxford:Oxford University Press,2006:215.
  • [5]B. Morgan.Social Citizenship in the Shadow of Competition:The Bureaucratic Politics of Regulatory Justification[M]. Aldershot:Ashgate Publishing Ltd.,2003:2.
  • [6]段泽孝.人工智能时代互联网诱导行为的算法规制[J]. 江西社会科学,2019(2):24-32.
  • [7]肖冬梅,谭礼格.欧盟数据保护影响评估制度及其启示[J]. 中国图书馆学报,2018,237(9):76-80.
  • [8]王铮,曾萨,安金肖,黄菁茹.欧盟《一般数据保护条例》指导下的数据保护官制度解析与启示[J]. 图书与情报,2018(5):119-125
  • [9]C. Coglianese,E. Mendelson.Meta-Regulation and Self-Regulation[M]. 2010:152.
  • [10]C. Parker.The Open Corporation:Effective Self-Regulation and Democracy[M]. Cambridge:Cambridge University Press,2002:5.
  • [11]M. Macenaite.The “Riskification” of European Data Protection Law through a Two-fold Shift[J]. EJRR,2017,8(3):524-525.
  • [12]刘鹏,王力.西方元监管理论及其对中国监管改革的启示[J]. 新视野,2016(6):83-89.
  • [13]本文GDPR的法条均由作者翻译,原文参见GDPR.ERU-Lex[EB/OL]. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF??uri=CEL-EX:32016R0679& qid=1550862106178&from=EN,2019-08-01.
  • [14]Centre for Information Policy Leadership.A Risk-based Approach to Privacy:Improving Effectiveness in Practice[Z]. 2014-6-19:4.
  • [15]方波,徐建华.风险政策制定体系中的风险权衡分析研究[J]. 公共管理评论,2013(1):3-20.
  • [16]王翼.公共事件次生灾害——生成原因、危害及预防途径探析[J]. 河南社会科学,2013(3):32-35.
  • [17]C. Hood,H. Rothstein,R. Baldwin.The Government of Risk:Understanding Risk Regulation Regimes[M]. Oxford University Press,2001:3.
  • [18]C. Quelle.The Data Protection Impact Assessment:What Can it Contribute to Data Protection?[D]. The Netherlands:Tilburg University,2015.
  • [19]O. Lynskey.The Foundations of EU Data Protection Law[M]. Oxford University Press,2015:85.
  • [20]Centre for Information Policy Leadership.The Role of Risk Management in Data Protection[R]. Brussels,2014.
  • [21]R Gellert.Rights-Based and the Risk-Based Approaches to Data Protection[J]. European Data Protection Law Review,2016(4):490,482.
  • [22]C. Hood,H. Rothstein,R. Baldwin.The Government of Risk:Understanding Risk Regulation Regimes[M]. Oxford University Press,2001:3.
  • [23]K. Irion,G. Luchetta.Online Personal Data Processing and EU Data Protection Reform:Report of the CEPS Digital Forum[R]. Brussels:Centre for European Policy Studies,2013:23.
  • [24]Grafenstein.The Principle of Purpose Limitation in Data Protection Laws:The Risk-based Approach,Principles,and Private Standards as Elements for Regulating Innovation[M]. Nomos,2018:599-601.
  • [25]Digitaleurope.Digitaleurope Comments on the Risk-based Approach [EB/OL]. https://teknologiateollisuus.fi/sites/default/files/file_attachments/elinkeinopolitiikka_digitalisaatio_tietosuoja_digitaleurope_risk_based_approach.pdf,2013-8-28.
  • [26]Article 29 Data Protection Working Party.Guidelines on Data Protection Impact Assessment(DPIA)and Determining Whether Processing is “likely to result in a high risk” for the purposes of Regulation 2016/679,WP 248 rev.1[Z]. 2017:22.
  • [27]WIPR.La Liga fined i250,000 for breach of GDPR[EB/OL]. https://www. worldipreview.com/news/la-liga-fined-250-000-for-breach-of-gdpr-18217,2019-08-01.
  • [28]Rand Corporation.Review of the European Data Protection Directive[Z]. 2009:48-51.
  • [29]WP29.Opinion 03/2012 on purpose limitation[Z]. 2012(203):25-26.
  • [30]Article 29 Data Protection Working Party.Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 96/46/EC[Z]. 2014(217):37.
  • [31]Jon Belcher.Digital Marketing Agency Bisnode fined by the Polish DPA for failing to be transparent with data subjects when creating a large decision support database [EB/OL]. https://www.lexology.com/library/detail.aspx?g=a10fbec0-8234-41da-9ddb-9cac58c360c6,2019-08-01.
  • [32]J. Black.The Rise,Fall and Fate of Principles Based Regulation. LSE Law[J]. Society and Economy Working Papers,2010,17:23.
  • [33]Hunton Andrews Kurth.CNIL Fines Uber for Data Security Failure Related to 2016 Data Breach [EB/OL]. https://www.lexology.com/library/detail.aspx?g=9e87c2b5-bce6-44e7-810d-79ecb0a5a679,2019-08-01.
  • [34]C. Parker.Meta-regulation—legal Accountability for Corporate Social Responsibility[A]. D. McBarnet,A. Voiculescu,T Campbell(eds). The New Corporate Accountability:Corporate Social Responsibility and the Law[C]. Cambridge University Press,2007:207-237.
  • [35]C. Kuner et al..Risk Management in Data Protection[J]. International Data Privacy Law,2015,5(2):96-97.
  • [36]CNIL.The CNIL's Restricted Committee Imposes a Financial Penalty of 50 Million Euros against GOOGLE LLC[EB/OL]. https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc,2019-08-01.

元监管“次生风险”之先定规范机制研究

可试读20%内容 PDF阅读 阅读器阅览

试读已结束,剩余80%未读

¥5.71 查看全文 >

VIP免费

论文目录

  • 一 引言
  • 二 元监管理论的制度设计和治理效能
    1. (一)制度设计
    2. (二)治理效能
  • 三 元监管“次生风险”的范畴及其缘由
    1. (一)内容维度
    2. (二)形式维度
    3. (三)表现维度
  • 四 元监管“次生风险”之先定规范
    1. (一)规范界线
    2. (二)规范原则
    3. (三)规范程序
    4. (四)规范协商
  • 五 结语

查看更多>>>