Wei Xiaodong is a researcher at Liaoning University Law School and Liaoning Intellectual Property College
The normative form adopted by the Mainland Personal Information Protection Law is different from the normative form of personal information protection in the Personality Rights Part of the Civil Code, and the Personal Information Protection Law adopts the property normative model of "prior consent", and the concept of personal information rights and interests proposed by the Law is more like property rights from the perspective of interpretation. The purpose of personal information protection should be to protect the right to privacy, and the property regulation model of the Personal Information Protection Law will increase the cost of obtaining information when providing services, and the cost of information use, processing and supervision will also increase. Under the application of big data technology, the informed consent rules, anonymization rules, and security guarantee rules in the personal information processing rules applicable to medical acts will all face the dilemma of failing their purpose. The protection of personal information of medical behavior under the application of big data technology shall adhere to the result-oriented responsibility normative model for the purpose of privacy protection. The application of the principle of consent should adopt an open-ended general principle, reduce the cost of medical institutions' access to information, and adopt the principle that the public is beneficial to the individual, and reduce the barriers to access to information in order to promote the advancement of medical technology research and development. In terms of information security assurance duty of care and supervision level, the principle of pragmatism should be adopted and evaluated according to average technical standards. According to the different stages of data production, data storage, data management, and data transfer, adopt data information supervision measures and regulatory norms that conform to the essence of the stage.
The promulgation of the Mainland Personal Information Protection Law marks the gradual improvement of the mainland's personal information protection legal system, which has significantly improved the level of personal information protection in the mainland. However, there are certain differences between the PIPL and the Civil Code in terms of personal information protection, forming different interpretation modes in the application of the same facts and laws, which can easily lead to conflicts in the application of law. For personal information processors, the contradiction and uncertainty of the application of laws will add additional costs such as "prior consent negotiation" and "security measures" to the use of personal information. The medical field is an area that relies heavily on personal information, and with the development of big data technology and personalized medicine, the use of personal information is becoming more and more extensive and deep. The inherent contradictions in the mainland's personal information protection legal system will increase the cost of using personal information in medical behaviors, thereby increasing the cost of medical services and medical research and development, and hindering the development and progress of related medical technologies. Starting from the essence of personal information, this paper discusses the dilemma of the application of rules in the protection of personal information of medical behavior in mainland China under the background of big data, and attempts to put forward targeted solutions.
I. Dilemma in the application of the law on personal information protection
(1) The dilemma in judging the nature of personal information—right or object of right
1. Semantic analysis of "personal information protection"
The semantic logic of the term "personal information protection" can be understood as follows: personal information is regarded as an interest recognized and protected by law. "Protection" means that the law selects recognized interests from various interest claims, which is also the view of interest jurisprudence, "interests are an integral part of the facts of life, but it is impossible to grasp all the facts of life, and jurisprudence only emphasizes the characteristics that are important for its purpose, that is, essential interests." Therefore, the designation "Personal Information Protection Law" means that the law clearly indicates that it is the interests of "personal information" that are to be "protected". However, the different methods of "protection" determine the different nature of the "protection law", and then determine the different nature of the interest relationship adjusted by the law. Whether it is the Personal Information Protection Law or the Civil Code, the protection method reflected in the law is the protection method of the equal relationship between the information subject or the information interest subject, so it is a protection law of the nature of private law. Therefore, the legal relationship of personal information discussed in this article is the interest relationship discussed in the context of civil law.
In civil law, it is civil rights and interests that become the object of protection under civil law, and "protection" indicates that the law provides ways and means to realize the interests of this recognized object of interest. From the perspective of semantic interpretation of civil law, "personal information protection" is the realization of "personal information interests". The construction of civil law norms is to reflect the basic interests recognized by law by providing for the content of civil rights in a general manner that "has indirect third-party effect in horizontal relations". The concept of rights in civil law refers to "the legal power conferred on a person to satisfy his specific needs, and rights are a definite and appropriate power relationship, which is a factual relationship in the social sphere rather than the normative field". Therefore, the object of "protection" in civil law should be an objectively existing social relationship, which is abstracted by the law as "authorization in the normative sense, a legal possibility and action, and the concrete content is what is enjoyed and what should be enjoyed". This "what" is the content of rights, determined by the social relations that give rise to rights. Rights are a reflection of this social relationship, so rights must have an object to which they are directed, that is, an object, and the object of rights must be definite. "Personal information protection" must also be realized in the form of a concept structure of rights, that is, the law first defines a social relationship similar to rights. Therefore, the PIPL first puts forward the concept of "rights and interests in personal information", otherwise it cannot meet the benefits of personal information protection.
2. Personal information is an objective reality rather than a social relationship
Rights are different from the object of rights, rights are abstract constructs, such as property rights, creditors' rights, intellectual property rights, and the object of rights is an objective reality that embodies social relations, such as the object of property rights and copyright works. "Personal information" is not semantically an abstraction, but a real thing. Personal information is an objective existence, not an abstract concept of a specific social relationship, because "personal information" cannot directly express the content of social relations that is "legally possible or possible". Any individual has personal information, the information itself is a reflection of objective things, personal information can reflect social relations but not social relations, personal information protection is not to protect personal information but to protect the rights and interests reflected by personal information. Therefore, personal information has the property of the object of rights and cannot be regarded as an independent civil right.
3. Dilemma in the application of the Personal Information Protection Law
If personal information is the object of rights, as mentioned above, a relationship of rights and obligations should be established around personal information, and personal information should be able to generate an independent civil right or interest. However, there is no specific personal information as the object of the types of rights listed in the entire Civil Code, and the personal information regulation in the Personality Rights Part of the Civil Code is not the definition of the object like "work" in the Copyright Law, but the definition of the object of personality rights. Therefore, from the perspective of legal interpretation, the essence of personal information reflected in the current mainland civil law system is only a form of expression of the object of rights. Article 1 of the Mainland Personal Information Protection Law clearly puts forward the concept of "rights and interests in personal information", which adopts the same terms as Article 1 of the Civil Code, that is, it stipulates that "this Law is formulated in accordance with the Constitution", which means that the level of the Personal Information Protection Law is the level formulated in accordance with the Constitution. This shows that the legislator has placed the Personal Information Protection Law in the same position as the Civil Code, and the "rights and interests in personal information" expressed in the law have the same nature as the "civil rights" in the Civil Code, and are all basic rights based on the Constitution. Therefore, according to the Personal Information Protection Law, "personal information" should be an independent civil right and interests. Obviously, this contradicts the "objective reality" nature of "personal information".
Treating "personal information" as a basic civil right will cause confusion in the application of the law. Because the rights and interests in personal information will be regarded as an interest relationship independent of personality rights, property rights, intellectual property rights, etc., in the absence of reflecting the recognized legal protection interest values such as personality interests, ownership interests, intellectual property interests, each independent personal information will be exclusive and dominant due to its own rights and interests. If the simple "personal information rights and interests" are independent of personality rights, it is undoubtedly a property right nature of rights and interests, and the protection of personal information that reflects the relationship between personality interests will be subject to competition between two different nature norms, and then the mutual exclusion of legal effects will occur, which is not allowed by the legal order. Personality interests should take precedence over property interests, but the protection method of property rights interests is efficient due to the exclusive and dominant behavior-oriented normative form, so it will result in the protection of personal information of impersonal interests being superior to the protection of personal information of personality interests. This is clearly not the legislative intent. The legitimacy of any right representing interests is a consensus formed through long-term practice in human society, no matter what kind of rights theory is adopted, any private right is the result of a balance and compromise between public interests and private interests formed for the sake of social life order. Personal information has existed since ancient times and is endless, and almost like water and air, it is not justifiable to treat it as an independent civil interest if it cannot express interests that can exist independently in addition to other legally protected interests.
(2) Dilemma in the application of personal information protection norms -- property norms or responsibility norms
1. Result-oriented and behavior-oriented
Regardless of whether personal information is an equity interest or an object of rights and interests, it is the social relationship it reflects that determines the specific content of interests and the method of protection, that is, the content and interpretation of protection norms. Protection norms are divided into result-oriented norms and behavior-oriented norms from the perspective of composition, and property norms and responsibility norms from the perspective of means of protecting interests. Result-oriented norms refer to norms that take the consequences of actions as the elements for judging the illegality of behaviors, while behavior-oriented norms only examine the specific elements of behavior, and if the elements of conduct meet the constituent elements of the protection norms, they constitute the normative factual elements that produce legal effects, and the factual elements do not necessarily require damage consequences. However, norms in reality cannot be classified according to academic abstraction and rigidity, and most norms cannot be simply distinguished into a certain norm semantically, but have a mixed nature, and even choose between the two because of the needs of value judgments when specific facts are applied. The purpose of the protection of fundamental rights is to ensure the realization of interests, which include direct and indirect realization. The direct realization of interests is embodied in the civil law as exclusive and dominant, and the right to claim is the absolute right to claim, so there are absolute rights claims such as property rights, personality rights, and intellectual property rights claims in civil law. The indirect realization of interests is embodied in remedial protection, the most typical of which is the tort liability claim in the claim right. Therefore, the basis of absolute claims should be mainly based on behavior-oriented norms, and the basis of tort liability claims should be mainly based on result-oriented norms. The description of what constitutes a fact in a protective norm depends on the nature of the claim, which determines whether it is behavior-oriented or result-oriented.
2. Property norms and responsibility norms
The so-called regulation from the perspective of protection means refers to the existence of negotiation costs for the use of the subject matter considered in the initial allocation of rights. Property norms mean that exploitation cannot be carried out without the consent of the right holder, and the actor must first obtain the consent of the right holder for the exploitation of the object, so there must be negotiation costs. The liability norm means that the actor does not need to obtain the permission of the right holder in advance, and can carry out the act directly, but it should be liable for the payment of consideration, and for the actor, the exploitation of the object does not need to negotiate costs. It can be inferred from this that the general norms of exclusive dominance belong to property norms, which means that acts cannot be carried out without the consent of the right holder. The norm of responsibility means that an act can be carried out without the consent of the right holder, but it is subject to the consequences of responsibility. Property norms obviously give rights holders stronger "legal power" than responsibility norms.
3. Inconsistency between the norms of the Civil Code and the Personal Information Protection Law
In the norms of the Mainland Civil Code on "personal information", from the perspective of semantic interpretation, only the "information security" clause of Article 1038 belongs to the property norm. The article contains the semantic component "shall not be without consent". Other norms, such as Article 1035 "Restrictions on Information Processing" and Article 1036 "Reasons for Exemption from Liability for Information Processing", are responsible norms, especially the "Reasons for Exemption" specification in Article 1036 proves that the Civil Code adopts a result-oriented approach to "personal information protection", and the protection method adopts the responsibility normative model. This is because "exemption" means that although the conduct meets the factual elements of the protection norm, the element of the result of injury is also required in order to apply the legal effect of the norm. Since "exoneration" considers the factual elements of the act, not the consequence elements, the composition of responsibility is result-oriented.
However, the normative semantics of the mainland Personal Information Protection Law have the color of property norms. Article 2 of the Mainland Personal Information Protection Law stipulates that "the personal information of natural persons is protected by law, and no organization or individual may infringe upon the rights and interests of natural persons' personal information." Article 10 stipulates that "no organization or individual may illegally collect, use, process or transmit the personal information of others, and must not illegally trade, provide or disclose the personal information of others; Must not engage in personal information processing activities that endanger national security or the public interest. "These two articles are general norms and can be used to interpret other norms. First of all, the "collection, use, processing, and transmission" in the specification are all descriptions of the appearance of the act rather than the results of the act, so the judgment of "illegality" can be obtained from the examination of the appearance of the behavior. Therefore, the general norm of the PIPL is a behavior-oriented norm. Second, although the norm does not have a semantic structure of "without consent, it is clear that there must be "must not" in the legal effect of this "unlawful" act, and the constituent elements of the legal effect of "must not" must also include "without consent". This makes it necessary for personal information users to pay negotiation costs to use personal information, otherwise it will form illegal consequences regardless of whether there are harmful consequences. Therefore, the Personal Information Protection Law is also a property regulation. From the above analysis, it can be inferred that the protection intensity of "personal information" in the Personal Information Protection Law has exceeded that of the Civil Code, and even exceeded the protection intensity of "secret information" in the Civil Code. Because the protection of "secret information" applies the "privacy" protection norm in the Civil Code. The Civil Code's privacy protection norms are obviously not property norms, but also responsibility norms, and are also practice-oriented. This forms a logical contradiction in value judgment, the right to privacy represents the interests of human dignity and freedom, which is obviously higher than the social relationship interests reflected by other personal information, but the legal power given by norms is less than other low-value interests.
(3) The nature of rights and interests in personal information – personality rights or property rights
1. The relationship between personal information and personality rights
Property norms do not mean that the rights protected by norms are property rights, but refer to norms constructed in the mode of property rights protection, and there are also property norms in the norms of personality rights protection. The concept of personality rights in the Civil Code also indicates that personality rights are aimed at safeguarding human dignity and freedom, and personality rights are exclusive and cannot be transferred and separated from the subject. Property rights are aimed at maintaining economic order, and are not only transferable, but only transferable can make property rights meaningful. The legitimacy of personality rights is based on personality consciousness, that is, the individual's self-identification and autonomous decision-making, which is the product of long-term social development, freeing individuals from the shackles of various identities and classes, and deeply realizing the importance of human dignity and personal freedom through various political changes. The complexity and breadth of personality rights make the norms of protection equally complex and diverse. Therefore, the norms for the protection of personality rights in the Civil Code have both property norms and responsibility norms, both result-oriented norms and behavior-oriented norms. The Civil Code includes the protection of personal information in the regulation of personality rights, and it is clear that legislators believe that personal information is the object expression of personality rights.
It is worth exploring whether personal information can express the interests of other personality rights. Personal information also includes social evaluation personality information such as name, portrait, and reputation, as well as personal information such as life, body, and health. If it constitutes an infringement of the right to name, portrait or reputation, there will inevitably be the use of personal information as an object. However, the interest relationship protected by law is not the relationship of information interests, that is, the relationship between the interest of the name and portrait and the subject, but the dignity and free social evaluation interests obtained by the subject due to the name and portrait. Personal information such as name and portrait are the objects of the right to name and portrait, not the objects of personal information rights and interests. This is because if the right to name or portrait is infringed by using personal information such as name and portrait, it is a direct infringement of personal interests and directly meets the constituent elements of the protection norm. The use of other personal information must achieve the consequences of infringing other interests, and the use of personal information in this case is only the medium that causes the consequences, not the object of infringement. Name and portrait are subordinate concepts to personal information, and the norms for the protection of personality rights such as name rights and portrait rights are also special norms for personal information behavior norms. When the use of secret personal information to violate the right to privacy, it is also not the relationship between the information and the subject, but the relationship between the subject and society. The right to privacy is different from the right to name and portrait, and its protection norms are result-oriented. The use of information is a medium, and the right to privacy is not directly formed by personal information like the right to name and portrait, and the consequences of the formation of privacy interests can only be achieved through the transformation of personal information use as a medium. Therefore, only the consequences of privacy infringement constitute an infringement of privacy, and the emergence of this legal effect needs to be determined through comprehensive consideration of the composition of the act and privacy interests to determine whether it constitutes a factual element of protection norms. The protection norm also requires a systematic construction of complex personal information use behaviors in order to achieve the purpose of privacy protection.
2. The relationship between personal information and property rights
From the essence of personal information, personal information protection norms should not include property rights protection norms, but at present, there is a tendency to advocate that personal information has property value and should establish property rights protection norms, although the Personal Information Protection Law does not clearly express the property nature of personal information, but it also has property rights protection colors. The most core norm of the norm of property rights, or the norm that is most significantly different from the norm of personality rights, is the norm of disposal. Many norms of the PIPL have the characteristics of dispositional norms, such as the consent rules, deletion rules, interpretation rules in the PIPL, and the use of the presumption of fault in the principle of attribution of personal information infringement, all of which imply the legislator's acquiescence to the property rights of personal information. However, from the perspective of the nature of personal information rights and interests, even norms with the color of property rights should be applied in accordance with the path of personality rights protection.
II. The essence of personal information protection - privacy protection
(1) The rights and interests in personal information only reflect that the right to privacy is the root of the general system
The legislative logic of the European Data Protection Directive (GDPR) is that the composition of liability norms depends on the level of risk, and the imposition of obligations is determined by the sensitivity and risk of data rather than a general liability box; Special rights granted to data subjects without regard to risk liability. For example, the Council of Europe's Personal Data Protection Regulation, the predecessor of the law, declares that everyone shall not interfere with the private and family life, communication and home of any person, except for the social interest of national, social and economic security, as well as for the purpose of organizing crime, public health and moral protection, unlawful interference with the privacy of any person is prohibited. The views and ideas of European judicial decisions incorporated in this law also point to the protection of privacy. For example, the European Court of Human Rights has held that "everyone has the right to free his or her private life from intentional attention, and it would be too narrow to limit his or her private life to the internal scope of his or her chosen personal life to the exclusion of the external world altogether", and the scope of "private life" should be broadened to "private social life", since everyone has a need for social recognition and is inclined to obtain good social evaluation and establish good social relations. The provisions of the Strasbourg Agreement of 1981 of the Council of Europe on the automatic processing of personal data are clearly aimed at protecting the right to privacy, and this agreement is also a source of domestic law in European countries. For the personality rights interests reflected in the data information, in the case of In Van Oosterwijck v. Belgium and In Leander v. The Sweden case is a matter of privacy. These cases make it clear that even if the data is not sensitive data, it constitutes a privacy violation, such as communication and telephone data, even if it is not sensitive data such as physical or psychological, and non-sensitive data such as age constitute the object of privacy protection.
The United States is the birthplace of the concept of privacy, and the reason why this rights system can originate in the United States is because the development of information and communication technology in the United States has formed social problems that seriously interfere with the secret lives of individuals. The essence of privacy is the exclusive autonomy of the natural person subject over his or her personal life, free from interference by anyone else, including the public sector. The U.S. judiciary has adopted four areas of privacy violations, namely, disclosing the secret facts of others, intruding on the peace and private life of others, publicly distorting the image of others, and stealing people's names and likeness. In recent years, the United States has paid special attention to the development of information privacy norms, and almost all of the norms that take information as the object of adjustment are aimed at protecting privacy. For example, the Federal Privacy Act of is used to protect the computer information element recorded by the government and financial institutions in banks, The Right to Privacy Protection Act is used to protect the privacy of the press, The Telecommunication Act is used to protect the privacy of consumers in telecommunications, and the Electronic Communications Privacy Act (The Electronic Communication Privacy Act) is designed to regulate the privacy of wired and wireless electronic or oral communications. Recently, the United States promulgated the Data Privacy Security Law (Draft), which clearly states that the purpose of the law is to establish a strong supervision mechanism for consumer data privacy. It can be seen that a series of legislation on data information in the United States has privacy protection as the core.
(2) The right to privacy is a personality right, not a property right
1. The value of privacy determines that it can only be a personality right
The value of privacy lies not in profiting from the disclosure of information, but in a peace of mind and belief gained by having the ability to prevent any information from being made public. In its usual sense, it is difficult to consider it an "asset-like" right. The value of privacy lies in maintaining human dignity and freedom, and the function of privacy lies in: personal autonomy, emotional release, self evaluation, and limited and protected communication. Therefore, privacy and property are essentially different from the perspective of value function, the core of the personality value of privacy is the inner autonomy of people, the core of the personality value of property is the external correlation of people, the two are diametrically opposed interest demands, and there is a natural inconsistency between privacy and property rights.
2. The personality of privacy is the result of long-term practice in society
As mentioned above, from the historical evolution of the privacy system, the right to privacy has always been regarded as a right to protect personal interests. The concept of privacy was coined in the United States because "the latest technological inventions and commercial means have evoked further protection of the legal interests of personality and the right to secure the right to be alone, as Judge Thomas Cooley has called it." Photographic technology and the press have invaded the sacred realm of the private and the family, the countless mechanical devices have made the whispers of secret rooms publicly spread on the roof, gossip is no longer a source of laziness and evil, but an industry that seriously infringes on the private affairs of the individual family, and the law should recognize the right to privacy in all respects. After 1965, the U.S. Supreme Court has clarified the concept of privacy in several important judgments, emphasizing that the right to privacy involves the value of human dignity and freedom, and constructing a safeguard mechanism through the typology of privacy protection in tort law and the constitutional norms of basic rights to privacy. There is no concept of privacy in German civil law or the constitution, and German jurisprudence doctrine is called private sphere or privateness, which holds that privateness leads to general personality rights, and at the same time determines its content and scope, so that individuals can enjoy an autonomous field formed by their own life, and develop and realize their individuality without the interference of others, and each person must have a field of self-existence, which can be called the internalization of general personality rights. The protection of the private sphere (privacy) is an expression of the embodiment of personality rights to ensure the self-formation of individual life without interference. The German courts adopt the domain theory advocated by doctrine, which divides privacy protection into three levels, that is, the hidden domain (core level) is absolutely protected, and the protection of the other two areas (private domain and private domain) is determined according to the measure of interests. The Mainland Civil Code clearly distinguishes between property rights and personality rights, and makes a general conceptual construction of personality rights in Article 109 of the General Provisions of the Civil Code and Article 990 of the Personality Rights Part of the Civil Code, and also explicitly includes "privacy" into the type of "personality rights" in Articles 110 and 990 of the Civil Code. Article 1034 of the Civil Code on the protection of "personal information", according to the semantic interpretation logic analysis, should be similar to the German practice, taking the private domain as the core area and applying privacy protection. Therefore, the protection of privacy rights should be in accordance with the protection model of personality rights, which is basically the consensus of all countries and regions in the world. No matter how countries type or concretize the right to information due to the development of information technology, they will not deviate from the basic framework of the protection of personality rights. Those ideas that intend to replace the liability for infringement of personality rights with liability for infringement of property rights are inconsistent with the essence of personal information rights and interests and the premise and purpose of the personal information protection system.
(3) Property value is not a reason for granting property rights to personal data information
1. The property value of personal information under big data technology
For the property value of personal information, the Italian philosopher Luciano ? Floridi has a deeper analysis. He called the development of big data technology and artificial intelligence technology based on computer technology the "fourth revolution", which "freed mankind from the laborious work, the dominance of human beings in the fields of logical reasoning, information processing and intelligent behavior no longer exists, human beings are no longer the undoubted masters of the information circle, and digital devices replace human beings to perform more and more tasks that originally required human thoughts to solve." Increasingly, we delegate or outsource our memories, decisions, daily schedules, and other activities to these digital intelligence agents in a way that is constantly integrated with ours. Thanks to the Fourth Revolution, all this will become commonplace. The unique status of human beings will be replaced. We will accept the identity of our own information body among many objects. Depersonalized and redefined information bodies may be seen as goods that can be bought and sold in the advertising market, and our value is determined by our purchasing power as customers." "On the internet, no one cares who you are, as long as your ID is the right buyer. In 2013, most people's (private) personal information (a collection of information including age, gender, work history, personal medical history, credit scores, income details, shopping history, daily pastimes, address, etc.) sold for only $1. "Moreover, so far this price has not increased, because the information will only increase, there is no scarcity, and it cannot lead to an increase in the price." Therefore, although personal information has property value, it does not reach the level of property benefits such as the need to confer exclusive rights.
2. Value does not necessarily confer property rights
Not everything of value in the world is to be endowed with exclusive, exclusive property rights. If the three popular theories of the essence of modern rights philosophy: natural rights, personality rights, and utilitarianism are used to explaintly defend the legitimacy of data property rights, it will pale in the face of the nature of information technology. The processing and mining of information is not the result of the subject's labor, as mentioned earlier, man has given way to digital equipment, so there is no so-called "human labor" consequence, so the natural rights theory cannot deduce the legitimacy of data property rights. "Depersonalization", "anonymization" and "batching" are the typical characteristics of transaction information objects, so information as the object of transaction is premised on detaching from the personality of the subject, and the so-called personality rights to embody personality or "will" through property are completely different from the so-called "information property". As for the utilitarian theory of "tragedy of the commons" as the basis for the legitimacy of rights, it is even more inapplicable to information, the nature of information determines that there is no scarcity, the Internet has become the main way of social life, information production is the inevitable result of social life, as long as human social life does not stop, information production will not stop. Therefore, data and information will not be overused, exhausted and destroyed because there is no protection of property rights, and there is no reason to treat data information as the object of property rights. Others believe that it is the data processing integration value generated by the labor or intellectual achievements of data technology developers, so according to the incentive mechanism, the data property rights should be protected to stimulate the innovation and development of data technology. Whether it is a patented technical solution or as a computer software for a work, data technology is not a thing with data information, and even a database that constitutes a quasi-work is fundamentally different from data information that does not have any original content.
3. Only data and information related to privacy interests should be the object of rights
Information and communication technologies have made privacy the most prominent social issue. According to Floridi, ICT has a powerful impact on "information frictions" that make privacy the most prominent and pressing issue. The so-called "information friction" refers to the force in the information circle that is opposite to the information flow, affecting some agents in a specific environment to obtain, filter and block the information of other agents, reducing, changing and increasing information friction, and has a negative correlation with the readability of the personal information of the agent. The fewer information gaps between agents, the lower the expected level of privacy. While older information and communication technologies or equipment such as television and radio only reduce information friction, newer information and communication technologies may reduce or increase information friction. In modern society, privacy concerns caused by the reduction of information and communication technologies by information and communication technologies have been alleviated by anonymization. But big data technology and artificial intelligence technology can analyze anonymized information and repair deleted data, such as search engines that reflect people's concerns, which is both a value and a hidden danger. Once stored on the Internet, data cannot be deleted, and even anonymized information cannot be kept completely confidential. The AOL case in 2006 illustrates this problem. AOL researchers published a search log containing 20 million searches from 6.5 million users, all anonymously numbered, but based on the content of the information these users queried, it was easy to identify the queryer without even using big data technology. This data is being generated every day, and this situation is happening every day. Therefore, through several databases and different communication and information technologies, it is not a problem to obtain specific personal information without any communication with the individual. If surveillance software, malware, or technologies such as data mining and hacking are used, privacy boundaries will gradually disappear in the information society. Because there is no "private life scope" and "private social life scope" in the information society, everyone is in a digital community, which is a "global digital village without restrictions on privacy destruction". Therefore, privacy protection has the most core value in the current society where information technology is widely used.
III. The dilemma of applying personal information protection rules in medical behavior under big data technology
(1) The dilemma of consent rules
1. The source of value of the consent rule
According to the foregoing, the purpose of personal information protection is to protect privacy interests. Therefore, the consent rules in the personal information protection rules are also aimed at pursuing this value. The values of "personal dignity" and "personal freedom" of personality rights are embodied in personal information autonomy and freedom of information, and the structure of consent rules is also designed around these two value goals. Consent reflects the subject's information autonomy, so consent rules generally include: consent to acquisition, consent to use, consent to the method of use, and consent to post-use processing (right to deletion). The essence of consent lies in the embodiment of the principle of autonomy of the will of civil law, and consent represents the expression of intention to become effective, so the judgment of "consent" must be based on the "true expression of intention" as the standard. If we summarize the rules on the expression of true meaning in the Civil Code, it will be found that there are two aspects to the judgment of true meaning, one is "true intention", that is, there is a true intention and is willing to be bound by the content, and the other is "making true intention", that is, there is no revocable or hidden situation. The former is the judgment that the meaning indicates the appearance of the act, and the latter is the judgment of the intrinsic intention of the actor. In terms of consent, the legal evaluation criterion of the former is the objectification of the form of consent, and the legal evaluation criterion of the latter is the subjective will of the consenter, that is, "informed consent". The Mainland Personal Information Protection Law also adopts this structure for the construction of consent rules. However, for the general and special structure adopted by the method of consent, consent is the general principle, and for the method of consent, the method of consent for sensitive information is specially stipulated, that is, "separate consent and written consent". For "informed consent", the mainland personal information protection law establishes a more detailed code of conduct to determine the meaning of "truth". The requirement is "adequate" for the standard of knowledge and "written or oral" for the form of knowledge. Article 17 of the law requires that individuals be "informed truthfully, accurately and completely in conspicuous and clear language". Moreover, the article also establishes standards for judging whether the meaning of consent is "genuine", that is, establishes the code of conduct for "informed notification content", including such as processor information, the purpose and method of processing personal information, the type of personal information processed, and the informed content of the retention period. However, there are lags and limitations in adjusting the processing of personal information through general codes of conduct. The PIPL is a general norm that applies to the rapidly changing application of information technology, and it is difficult to make a forward-looking prediction, nor can it summarize and extract many abstract general norms of information technology utilization behavior. Moreover, the goal of privacy protection under the Personal Information Protection Law should not be at the expense of technological progress and damage to public interests required by society, and there is such an institutional dilemma in the protection of personal information in medical affairs. Therefore, the realization of the fundamental purpose of personal information protection also depends on the concretization of legal norms and the perfection of the entire legal order.
2. Dilemma in the application of consent rules in medical matters
According to the types of information classified under the Personal Information Protection Law, personal information generated by medical affairs is sensitive information. Therefore, the form of "consent" to the acquisition of medical affairs information can only be in written form, including electronic written form. The regulations on the protection of personal information in various countries require prior consent for sensitive information, and such prior consent is "informed consent". Access to information must therefore be preceded by consultation and full disclosure, which meets the "informed" standard. This obviously greatly increases the cost of information negotiation. For medical affairs, especially medical behavior in emergency situations, the importance and timeliness of patient information acquisition is self-evident. The process of prior consent to access to information will undoubtedly cause delays in treatment. The value of the right to life and health in emergencies is clearly greater than the value of the right to privacy, and doctors cannot be prevented from providing medical care because they do not obtain patient information without obtaining their consent. In fact, from the perspective of medical contract interpretation, the doctor's consultation to obtain patient information does not require the patient's consent, which is the right of the doctor's diagnosis and treatment contract, and it is also the patient's obligation to inform and is the consent under the implied contract. The current "express consent" rule for personal information privacy protection undoubtedly conflicts with the internal order of medical behavior, and will form a dilemma in the application of laws on obtaining medical affairs information.
Even if the medical care provider is exempted from the obligation to obtain "prior consent", the "post-facto consent" of the medical recipient may not be realized. The contradiction between the complexity of medicine and the limited knowledge of information rights holders will not only lead to the loss of the validity of consent, but also lead to the easy rejection of "post-recognition consent". For example, a patient may refuse to provide or provide false information that may not be relevant to the medical treatment they received, but in fact this information is important for diagnosis, and in the event of a medical deviation, the patient is likely to refuse "post-facto consent" in order to avoid responsibility. Even some ordinary physiological data information may lead to the refusal of consent. It is already a common phenomenon that the "informed consent principle" of personal information protection will make it more difficult to obtain medical information. For example, the draft Privacy Data Security Act calls the standard for "express consent" "affirmative express consent," which refers to "an individual's specific, informed, and unambiguous authorization for an act or practice," and the disclosure of the act requesting consent is required to be written in "easy-to-understand language, including a prominent title that enables a reasonable person to identify and understand the act." This requires that medical institutions should enable patients to fully understand the connotation of medical information acquisition, which will undoubtedly greatly increase the difficulty of information negotiation and reduce the possibility of consent.
In addition, medical data information has important scientific basis value for discovering medical technology defects, improving the level of medical technology, and improving the effect of medical technology. However, the ex post facto use of this information is uncertain. The information subject has become a non-stakeholder after the fact, and his "consent" to the use of information is based on public morality rather than a legal obligation, especially if the medical effect of the information subject does not meet expectations, which is more likely to lead to the refusal of consent. The use of big data technology adds to this contradiction. Due to the high complexity of the human body, big data technology is often associated with some data that was previously considered irrelevant by traditional research, because people's physical and mental health are affected by a series of multiple factors, and each factor has its own independent consequences, but once each independent factor is combined with other factors, it will have completely different consequences from independent effects. The internal mechanisms and consequences of these combinations cannot be confirmed in current diagnosis and treatment, as many studies can only account for a small number of influencing variables. The machine algorithm of big data technology will analyze the factors that cannot be covered by the human research institute, which will improve the probability of success in discovering pathogenesis and treatment methods. However, the efficiency and progress of the use of big data technology are hindered by the selfishness of the protection of private interests. It is difficult to explain the necessity of obtaining big data information to the information subject, and the availability and effect of the information cannot be foreseen, so the intention of the prior consenter can be revoked. That is, there is a possibility that after knowing the results of data utilization, based on their own interests, the ideologies will revoke their consent by claiming that the meaning is wrong on the grounds of incomprehension and unknowability of data use, which will lead to the revocation of big data information utilization, resulting in the consequences of the revocation of legal acts under civil law, which is very detrimental to the scientific research and development of big data medical care.
(2) The dilemma of anonymity
1. Purpose of anonymity – elimination of identifiability
Anonymization is the core method of realizing the protection of privacy interests in the personal information protection mechanism, and modern society has evolved to use anonymity to protect privacy, which is both the result of the development of communication technology and the result of confrontation with communication technology. Anonymization is only a means, the purpose of anonymity is to eliminate identification, when a judgment involving privacy protection information processing, only to adopt anonymity, does not automatically be regarded as meeting the rights protection norms, but should be based on whether to meet the elimination of identification as the judgment standard. Therefore, the requirements of the Mainland Personal Information Protection Law for information security measures are not "anonymity" but "de-identification". The European Data Protection Directive (GDPR) also requires "anonymity" to be "isolated from identifiable information to ensure that it is not identified or identifiable".
2. Medical information eliminates the dilemma of identifiability
Medical relationship is the relationship formed between a special individual of a natural person and a medical institution regarding special medical matters. Remedies and proofs based on the performance of medical obligations in a medical relationship sometimes fail to achieve anonymity and pseudonymity. There is no identical natural individual, each case is unique, diagnosis and treatment must be centered on specific individuals, whether it is modern telemedicine or traditional diagnosis and treatment, are based on the special physiological conditions of the individual, so it must be identifiable, complete anonymity is impossible. For example, medical imaging results must be directed to a specific individual patient. Although big data can perform statistics, calculations, analysis and processing of anonymous data, it is often the medical data of specific individuals that really play a role in scientific research and medical reference value. For researchers, the more personalized the data and information is valuable if they want to prove some correlation. In addition, the requirements of medical efficiency and the requirements of medical institution management cannot be anonymized. For example, "continuous medicine" requires follow-up management and continuous information acquisition of patients, and personalization is the prerequisite for the expected realization of medical effects, so "continuous medicine" can only increase the identifiability of patient information, not eliminate it. In addition, the sharing of medical resources is an effective way to improve medical efficiency and reduce social costs, and it is also a development trend. However, as mentioned above, modern society has brought the risk of privacy leakage due to the convenience of information sharing brought by the development of information technology, so modern society has chosen anonymity to reduce this risk. The non-identifiable requirement of anonymization will hinder the realization of the purpose of medical information sharing, which leads to the dilemma of the application of anonymization requirements in the medical field.
Personalized medicine under the application of big data technology will make anonymization more challenging. Eric predicted in Future Healthcare that big data medical census technology can "aggregate and integrate multiple layers of information to create personal Google Maps (GIS), and the GIS combination of countless people is becoming a basic application of future medicine." He divided this personal medical information data system (GIS) into phenome, physiome, genome, anatome, proteome, epigenome, and exposome. He believes that these GIS type groups offer great possibilities for building a new model of highly personalized medicine, "each of us can make important medical choices based on GIS information." Individual GIS will eventually be transmitted through individual small wireless sensing devices, and new patterns of data streaming will make ownership of this information clearer. The kind of personalized medical system information that he conceived and is now beginning to practice, even if each data is anonymized, is impossible to eliminate identification once it becomes a combination of systems. As a result, he acknowledges that "the digital trail we leave behind every day can reveal more information that we don't know, which could become a privacy nightmare, but it could also become a healthier, more prosperous world." ”
Even if it is not personalized medicine with big data, general genetic biometrics will make anonymous de-identification functions ineffective. For example, rare diseases, special individual genes, anonymization can not eliminate identifiability. Names are the methods used by subjects to achieve social identification, and are the product of human social evolution. However, the biometric identification method used in medical treatment is the use of natural phenomena, and the recognition effect is more effective than the name from the scientific sense. Each individual natural person has unique biological characteristics, and accurate identification is more conducive to medical treatment. As the aforementioned AOL case demonstrates, it is possible to identify a specific individual as long as "the information relates to that individual." Substantial advances in computer technology and a large number of applications will make it easy and quick to make the information in data identifiable by connecting and fusing disparate data sources."
(3) The dilemma of security and supervision
1. Ambiguity of the concept of safety and damage
Safety is a concept corresponding to danger, and in the normative field of rights protection, safety is generally understood as the avoidance and elimination of danger. Danger refers to the likelihood of damage occurring, so safety and danger are result-oriented, so the safety assurance norm should logically be a result-oriented norm. Since safety is associated with damage, the result of the damage should be the criterion for judgment. The concept of damage itself has a variety of different understandings, the natural damage theory is considered to be "the unfavorable property or other legal benefits, including positive damage, performance and reliance interests in property and non-property", and the natural damage theory is based on the difference theory, that is, "the loss of the injured person, right or legal interest is infringed, and the situation before the occurrence of the damage is compared with the situation after the occurrence of the damage fact. However, both the natural damage theory and the difference theory have been criticized as "overly complicated and contrary to fairness and justice in terms of the total amount of property", so there is an objective theory of damage and a normative theory of damage. Both of these revisionist doctrines attempt to establish objective criteria for assessing damage. Any civil law doctrine of injury presupposes the existence of tangible loss. Thus, even non-property rights, such as personality rights, can conclude damage. However, if personal information, an intangible object, is said to be harmful as a means of rights and interests, there must be a premise of comparing the difference in the status of the information. There is no difference in the state of information, no matter how it flows, there is no "damage" problem in the information itself. Therefore, it does not make logical sense to judge the issue of security or damage based on the state of information alone. As mentioned above, the infringement of evaluative personality rights is the use of personal information, so there is no security protection problem in personal information itself, but a security issue in which the "use of personal information" causes damage to personality rights.
Therefore, it can be understood that the legislative intent of the Civil Code and the Personal Information Protection Law on the concept of "personal information security" is still "security of personal information processing", which refers to the possibility of not causing damage to personality rights due to personal information processing. For this reason, the second paragraph of article 1038 of the Civil Code is still a liability norm, because it establishes remedies for the consequences of the normative prohibited acts, rather than simply considering it illegal. This article stipulates that "information processors shall take technical measures and other necessary measures to ensure the security of personal information they collect and store, and prevent information leakage, alteration and loss", and "personal information security" here is result-oriented and should refer to "the security of personality rights and other rights and interests reflected in personal information".
2. The criteria for judging leakage are vague
Although the security of personal information is judged by the fact that "other personal rights and interests are mainly personality rights" is not harmed, the protection norms also list the types of prohibited acts, of which "leakage" is the main prohibited behavior. However, the concept of "disclosure" is not defined, and it is not clarified whether the object of disclosure is a specific third party or an unspecified third party. If the specific object of disclosure is not considered, in the context of "security assurance", "leakage" is obviously not intentional and should be caused by negligence. However, in the context of big data technology, "negligence leakage" will be inevitable. For medical institutions, it is impossible to be separated from the network, and as long as medical institutions have network information exchange with third parties other than doctors and patients, there is likely to be leakage. The data generated by anyone surfing the Internet will be remembered by the entire network, which is determined by the nature of the network. As mentioned above, any processing of information by "anonymity", "pseudonymity" or other "desensitization" means cannot guarantee complete de-identification. Even if there is no malicious intrusion or other intentional breach of security measures to obtain data, the data provided only through the "security measures" that has been taken can still have the effect of "leaking" privacy. Although the PIPL adopts the principle of presumption of fault for the liability of personal information processors for damages, it is uncertain whether the "fault" standard is only the content of the "personal information processor's obligations" stipulated in the PIPL, and the law is not specific to the "security" obligations of personal information processors, and it is impossible to establish specific security behavior norms for personal information processors in specific cases. The current development of big data technology is changing rapidly, and it is even impossible to determine an average technical standard for medical institutions as the standard of duty of care for medical institution information processors. Moreover, if according to the current characteristics of personal information protection property norms, "leakage" is a behavior-oriented norm, as long as leakage occurs, it constitutes fault and illegality, which will expose medical institutions under the background of big data to a huge "leakage risk". Measures and equipment to reduce medical management costs and patient waiting costs, such as online medical consultations and medical services at various medical institutions, will be neglected due to the risk of "leakage", and the efficiency of the utilization of these facilities will be seriously weakened. If the security precautions for big data leakage are increased, it will increase the cost of medical institutions, contradict the medical needs, reduce the efficiency of big data medical care, and make the most fundamental value of big data medical treatment cannot be reflected.
3. Ambiguous regulatory standards
First, there is no clear independent regulatory entity. The PIPL only establishes a regulatory mechanism for internet platform enterprises of a certain scale, requiring the establishment of regulatory bodies. However, the supervision of medical institutions has traditionally been constructed from the value of public health security, and the function of regulatory agencies is to prevent public health safety risks, and there is no special supervision for personal information security. The vast majority of medical institutions do not meet the requirements for the composition of large-scale Internet platforms in the Personal Information Protection Law, so their regulatory authorities can only be ordinary personal information processing regulators, that is, the national internet information authorities, and there is no special regulatory entity. As a result, the supervision is not targeted enough, and the uniqueness of personal information protection in medical services is not established. For example, medical institutions provide overseas patient diagnosis and treatment information in the process of cross-border remote consultation and cross-border referral, as well as multinational pharmaceutical enterprises provide research information to overseas parent companies in the process of drug research and development, and overseas medical device manufacturers read relevant information during remote maintenance of devices, according to the relevant regulatory requirements of Chapter III "Cross-border Personal Information" of the Personal Information Protection Law. One of the following conditions shall be met: (1) operators of critical information facilities and personal information processors handling personal information that reach the amount specified by the state internet information department, and truly need to provide information overseas (in principle, such information should be stored within the mainland), shall pass a security assessment organized by the state internet information department; (2) Conduct personal information protection certification by professional institutions in accordance with the provisions of the state internet information department; (3) Conclude a contract with the overseas recipient in accordance with the standard contract formulated by the state internet information department, stipulating the rights and obligations of both parties. However, there are currently no specific operating specifications for security assessment and personal information protection certification. The state internet information department is not an expert in the medical field, and its supervision cannot exceed the general norms of the Personal Information Protection Law, and it cannot treat medical institutions with special regulatory norms that meet professional and technical requirements.
Second, regulatory norms are not uniform. Due to different types of information, the cross-border transmission and processing of information in the field of medicine and health may also be regulated by industry laws and regulations such as the Provisions on the Management of Medical Institutions, the Measures for the Management of Population Health Information (for Trial Implementation), and the Regulations on the Management of Human Genetic Resources. These norms related to medical information supervision often conflict and overlap, and the rules need to be coordinated and unified when applied. However, the objectives of each regulatory rule are different, and when the medical personal information is processed, the different regulatory objectives lead to different application of regulatory rules, and the same information involves multiple areas of supervision, which will form regulatory conflicts and overlaps. On the one hand, it reduces the efficiency of supervision, and on the other hand, it increases the cost of information processing. More importantly, these regulations are all regulatory models for the physical space, and cannot be fully applied to the cyberspace, and these regulations are not suitable for information processing behaviors that mainly occur in cyberspace.
Finally, there is inconsistency in the application of regulatory technology. Due to the inconsistency between network technology application subjects and network security protection subjects, different technical standards are often chosen for the same information processing problems. The resulting mismatch and incongruity of technology makes regulation or subordinate to the technology of information processing application or the technology of information processing application, and the result is the confusion of medical behavior implementers in information processing. In addition, the high intensity of the frequency and quantity of information provided by the regulated party also brings the risk of leakage, the regulatory entity is also the information processor, and the regulatory relationship also brings uncertainty about information liability.
IV. Solving the Dilemma of Personal Information Protection in Medical Behavior under Big Data Technology
(1) Clarify the legal relationship for the protection of personal information in medical conduct
1. Object object
The objects of personal information rights and interests in medical acts include general protected information, that is, all identifiable information, and general sensitive information. For medical behavior information, no personal information can be illegally transferred. These protected specialized information such as: medical history, family history, condition, health status, adverse drug reactions, biological indicator information, physical defects, genetic defects, genetic test results, physical examination results, treatment process, treatment methods, treatment effects, etc. (from the beginning of the patient's entry into a medical institution, whether it is to be questioned to actively provide information, or to receive information obtained by testing, the information formed throughout the process of medical diagnosis and treatment, and even subsequent follow-up observation information, are sensitive information). Among them, the focus is on strengthening protection information, such as psychiatric information and immunization information, which shall be protected by applying line-oriented property norms.
The legal relationship for the protection of medical personal information also involves the use and management relationship of specialized information carriers, including: medical records, test reports, records, clinical experiment data, imaging materials, medical equipment storage, electronic archives, and paper archives. The management of databases, cloud platforms, storage, processors, servers, etc. under the application of Internet technology shall judge the standard of good managers' duty of care based on the management and utilization of the information carrier.
2. Basic content of medical-legal relationship
One of the main features of the legal relationship of medical behavior is that its basic principles are universally followed worldwide. Under the general implied rules of medical contracts, a medical professional is required to provide professional services that meet the standards of care of other professionals in the same field. The duty of care of medical professionals is expressed and applied in a special way. In the absence of a specific commitment, the patient or the person receiving the medical service generally understands and expects that the person engaged in the activity within the scope of the professional work will use the skills, knowledge and attention that other persons of the same standard of practice in the relevant medical field of the specialty usually have. Traditionally, the doctor's duty of care standard is a professional standard, which only examines compliance with medical standards or medical practices in a field, and as long as the physician complies with that standard or practice, there is no fault in complying with that standard or practice, regardless of how risky or unnecessary the standard or practice is. This is not only the basic principle adopted by the legislation of the Tort Liability Rules of the Mainland Civil Code, but also the standard that all countries currently follow.
3. Principles for the processing of personal information for medical services
First, the principle of autonomy. Subjects receiving medical treatment have the right to decide what to do to their bodies and to refuse medical treatment, even if it is necessary for their lives. Consent to misrepresentation of material facts is also invalid. Second, the principle of informed consent. Unless the information subject is incompetent, they have the right to receive substantive information about any proposed medical procedure. The principle of attribution is the standard of fault, that is, fault liability, and the fault to be proved is not a medical act but an undisclosed fault. The disclosure standard is that the information is important enough to affect the independent decision and choice of the receiving entity. However, the causation test still applies, and even if the disclosure obligation is breached, it is not liable unless a reasonable person would refuse. Finally, the principle of necessity. If the acquisition of medical information is necessary for treatment, and if you agree to receive medical treatment, you should agree to provide information. The disclosure of information processing should also take into account the cost of disclosure, and should not be given excessive disclosure standards. General disclosures include: medical standards, officially recognized risks, important information that doctors should know, substantive information that affects rational patient decisions about medical procedures, prognosis, experience and probability of success, physician motivation and financial benefits.
(2) Results-oriented norms apply to privacy protection
As discussed above, the pursuit of the core interests of personal information protection is only the right to privacy, and other basic rights and interests arising from the use of personal information do not need to be specially adjusted by personal information protection norms, because there are special laws and regulations to apply. Similarly, the protection of personal information in medical acts should be aimed at privacy protection. And insist on the personality right attribute of privacy. The Personal Information Protection Law shall not be applied in accordance with the exclusive claim model of property rights. Therefore, the processing and use of personal information in medical acts should adopt a result-oriented normative model of responsibility, and only if there are consequences of privacy infringement, the medical institution or medical personal information processor will bear responsibility. As mentioned above, consent rules and anonymity rules in the context of big data technology can only obtain a relative effect, and for the public interest needs of the development of medical technology, personal information subjects cannot claim the prohibition of the use and use of personal information on the basis of exclusive claims for property rights without providing evidence to prove the consequences of infringement of privacy rights.
(3) The principle of open consent
The principle of developmental consent is now gaining traction. The effectiveness of personal information rights and interests subjects' autonomy and autonomy in information processing shall be substantially improved, and shall not be subject to complex and incomprehensible written consent documents. The written consent documents provided by medical service establishments to service recipients shall be easy to understand, short in format, and based on one-time consent. Special provisions in complex situations are permissible, but medical institutions should not be subject to mandatory obligations. The processing and use of personal information for medical research purposes should be exempted from the restriction of written consent in accordance with the European GDPR. Real-world research in the field of medicine and health is divided into prospective research and retrospective research, among which retrospective research collects and uses historical patient diagnosis and treatment information from available medical data sources, but often faces the problem of difficulty in obtaining informed consent of patients. The Guidelines for Information Security Technology, Health and Medical Data Security, which came into effect on July 1, 2021, already provide for exceptions and exemptions to informed consent for real-world research. Sponsors can conduct research based on the patient's broad informed consent, that is, "if the patient has not previously signed the broad informed consent, the sponsor can still apply for exemption from informed consent based on the difficulty of retrospective patient retrospectiveness". Although the level of this norm is not high, it embodies the scientific idea of medical information norms, and the value pursuit of this norm should be used in the interpretation and concretization of personal information protection laws and administrative regulations in specific cases.
In addition, open consent should also include open consent for secondary or multiple use. The value of medical information lies in the scientific discoveries after deep excavation, but it is difficult for patients or other information subjects to understand the process and consequences of this use. Therefore, a broad principle of propriety should be established, i.e., as long as it is beneficial to public health is good for individuals, as long as it is beneficial to relevant groups of medical treatment is good for individuals, as long as it is beneficial to other medical targets is good for individuals, because all people will benefit based on medical progress. This is particularly important in epidemiological studies.
(4) Eliminate the relativization principle of recognizability
As mentioned earlier, anonymity or pseudonyms under big data technology cannot be completely eliminated and identified. Therefore, the norms of security obligations of medical service personal information processors should adopt behavior-oriented norms, and the behavioral standards should be based on the average technical level foreseeable at the time of information processing. First, the absolute principle of anonymity. Any unauthorized and anonymous access to the aforementioned medical sensitive information is obtained by a third party, which is deemed to constitute an invasion of privacy and the service provider is at fault, and shall bear tort liability. Second, the obligation to ensure safety and security under average technical standards. Medical service institutions shall establish and maintain an internal environment for information and data security, possess and implement management techniques, organizational techniques and risk assessment techniques that meet average technical standards, and allocate and organize personnel who can fulfill security obligations. When information security hazards occur or are likely to occur, technical means and security measures can be used in a timely manner to stop the occurrence of the danger or minimize the damage. Third, the duty of care under the intervention of third parties. There are two aspects of third-party intervention in data security, one is data transactions with third parties, and the other is the use of third-party technology to achieve information processing. In principle, medical institutions are not exempt from liability for the consequences of infringement of personal information rights and interests caused by the intervention of a third party. Exemption is only possible if the medical institution proves that it has fulfilled its duty of care. The standards of care of medical institutions shall be determined according to the role of medical institutions in information processing. Reference may be made to the types of roles established in the Provisions of the Supreme People's Court on Several Issues Concerning the Application of Law in the Trial of Civil Dispute Cases Involving the Use of Information Networks to Infringe on Personal Rights and Interests, including network service providers and reprinters. If the medical institution is a network service provider, consider its duty of care according to the following factors: (1) whether the infringing network information is manually or automatically handled by means of recommendation, ranking, selection, editing, collation, modification, etc.; (2) the ability to manage information, as well as the nature and method of the services provided and the possibility of infringement; (3) The type and obvious extent of infringement of personal rights and interests by the network information; (4) The degree of social impact of the network information or the number of views within a certain period of time; (5) the technical possibility of taking measures to prevent infringement and whether corresponding reasonable measures have been taken. If it is a reprinter, its duty of care shall be considered according to the following factors: (1) the duty of care undertaken by the reprinting entity that is appropriate to its nature and scope of influence; (2) The obvious degree to which the reproduced information infringes on the personal rights and interests of others; (3) Whether the reprinted information has been substantially modified, whether the title of the article has been added or modified, resulting in serious inconsistency with the content and the possibility of misleading the public. Finally, public interest exemptions and unforeseeable exemptions. Speeches at seminars and academic exchange conferences that improve public health, such as medical research and medical technology research and development, shall be exempted from liability if the use of personal information is not identifiable. If security protection measures such as anonymity or desensitization are adopted, and the person is identifiable through hacking technology or big data mining technology beyond foreseeable technology, it shall be regarded as no fault and exempted from liability.
(5) Establish different regulatory rules for privacy protection in accordance with different stages of information production
Information production under big data technology is divided into four stages: data generation, data storage, data management and data transaction. According to the theory of information friction, "the less information friction in the information circle, the faster the stripped information flows, and the easier it is to seize, steal and use this information for illegal purposes". The fastest but difficult and effective way to solve this problem is to reduce the flow of information and block the information circle, but this can only hurt the current technological development. "A better approach is to protect the personally identifiable information in question through some non-arbitrary label composition characteristic data, while ensuring that there is less information friction that benefits everyone." This method is the authentication of individual-specific information, which can only be used if the person is authenticated. Therefore, the choice of means of regulation is very important. Medical information security supervision should not rigidly apply the supervision of physical space into a virtual network, which can only form information blocking. In fact, in the data generation stage, the security facilities of the internal data system of the entire medical service organization are sufficient to protect data security, including encryption, anonymization, password coding, firewalls and specific protocols, as long as these technical means are available, there is no need to set up additional supervision mechanisms. At the data storage stage, precautionary measures shall be taken in accordance with the norms of the Personal Information Protection Law and the Data Security Law to prevent information from being improperly obtained. The regulatory mechanism at this stage should be based on assessment, inspection and correction, with the aim of detecting risks in advance. In the data management stage, it is a combination of underlying intelligent rules and manual supervision rules. At this stage, many data management behaviors require relevant user authentication and management to control data mining, sharing, pairing, combination and other data processing and use. The data transaction stage is external supervision, which should belong to the supervision of the information market, and for the supervision for the purpose of privacy protection, the supervision at this stage should adopt technology neutrality and "red flag standards". Where specific personal information or identifiable consequences occur, the transaction shall be promptly discovered and prohibited.