香港个人资料隐私保护之经验——兼论我国个人资料保护法之制定

个人信息作为信息的一种,具有与信息相同的特征。个人资料属于现代隐私的外延,指的是可以识别出个人的所有资料。我国香港特别行政区已于1996年12月实施了《个人资料(私隐)条例》。在实施的十年间,法院与香港个人资料私隐专员公署分别做出了一些司法原则和执行决定,很值得我国在制定《个人资料保护法》时加以参考与借鉴。     

Privacy protection as a case study in personal rights protection in Israeli law

Personality rights, by nature, reflect the culture and values of society. Thus, it is interesting to look back on the road that Israeli law has traveled since the early 1980s, when the right to privacy as such had no trace of protection in Israeli private law, through to the present, when it is protected by both the Protection of Privacy Law and the Basic Law: Human Dignity and Liberty. Current Israeli case law, which shows that the balance between privacy and free speech in cases of publication of private information leans toward privacy, can be partially explained by historical, religious and cultural reasons. The increased privacy litigation in Israel forms part of an ever-growing protection of other personality rights in Israeli law, thus serving as a good example of this expanding trend.     

Ownership of personal data in the Internet of Things

This article analyses, defines, and refines the concepts of ownership and personal data to explore their compatibility in the context of EU law. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, this article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future work in this area and inform regulatory and policy debates.     

Opening up personal data protection: A conceptual controversy

The existence of a fundamental right to the protection of personal data in European Union (EU) law is nowadays undisputed. Established in the EU Charter of Fundamental Rights in 2000, it is increasingly permeating EU secondary law, and is expected to play a key role in the future EU personal data protection landscape. The right's reinforced visibility has rendered manifest the co-existence of two possible and contrasting interpretations as to what it come to mean. If some envision it as a primarily permissive right, enabling the processing of such data under certain conditions, others picture it as having a prohibitive nature, implying that any processing of data is a limitation of the right, be it legitimate or illegitimate. This paper investigates existing tensions between different understandings of the right to the protection of personal data, and explores the assumptions and conceptual legacies underlying both approaches. It traces their historical lineages, and, focusing on the right to personal data protection as established by the EU Charter, analyses the different arguments that can ground contrasted readings of its Article 8. It also reviews the conceptualisations of personal data protection as present in the literature, and finally contrasts all these perspectives with the construal of the right by the EU Court of Justice.     

Aims,methods and achievements in European data protection1

The protection of personal data represents one of recent most emerging legal issues. On one hand, the privacy and the discretion of individuals are challenged by various new means of data collection and communication. On the other hand, the growth and development of the information economy is heavily dependent on the level of freedom of business units in gathering, processing and distribution of various kinds of information. In this short notice, we will try to summarize the experience with the data protection laws with respect to their basic teleology.     

布莱克斯通与美国财产法的个人绝对财产权观

布莱克斯通在其《英国法释义》中充分阐述了他的自然法学说,并在继承洛克个人自然财产权理论的基础上,提出了个人绝对财产权观念。且认为这种绝对财产权来源于"占有",进而提出劳动—占有理论。布莱克斯通的这种基于融入劳动的占有即产生个人绝对自然财产权的理论,对美国财产法自然权利理论的形成具有重大而深远的影响,并直接培植了美国财产法理念中的个人绝对财产权观。     

奥林匹克标志的知识产权保护初探

保护好奥林匹克标志的知识产权,既是我国在《第29届奥林匹克运动会主办城市合同》中对国际奥委会的一项承诺,是评价承办2008年奥运会成功与否的一个重要标准,也是对我国知识产权保护制度、法治环境及中国政府行政执法能力进行综合评价的重要因素.目前我国已就此项工作构建起了包括著作权法、商标法、专利法、《奥林匹克标志保护条例》、《北京市奥林匹克知识产权保护规定》等法律法规,以及各级人民法院知识产权庭在内的法律保障体系.本文在对奥林匹克标志知识产权保护领域的若干概念进行简略释义的基础上,对国内外保护奥林匹克标志知识产权保护相关理论、立法与实践作了较为详细的剖析,从而对即将举办的2008年北京奥运会提供法律方面的支持.     

大数据背景下个人生物识别信息安全的法律规制

个人生物识别信息具有个人数据的唯一性、程序识别性、可复制性、损害的不可逆性及信息的关联性等特征。在大数据背景下,个人生物识别信息的广泛应用会带来严重的生物信息安全风险,其滥用可造成隐私权、平等权和财产权等权益受到侵犯,需要立法进行全方位规制。我国目前个人生物信息的相关立法存在总体位阶较低且内容分散、保护范围狭窄、权利义务边界不清、法律责任不明晰等缺陷,应当采取渐进式专门立法的思路,完善现有相关部门法关于个人生物信息的规制内容,构建层次分明、内外协调的个人生物识别信息安全保护的法律体系。     

Security policies and the weakening of personal data protection in the European Union

In recent years, the reinforcement of security policies alongside the expansion of information systems for law enforcement and crime prevention entailed growing restrictions to personal data protection principles and procedural rights in the European Union. This paper seeks to elucidate this trend, while matching it with an EU institutional discourse based on balancing and proportionality. Indeed, EU institutions regularly present security measures and fundamental rights as somewhat symmetric values to be easily conciliated through balancing and proportionality. Considering the raising of the protection of personal data to the status of a fundamental right by the Charter of Fundamental Rights, its effect on a possible rebalancing of the values at stake is discussed. Yet, we conclude, for the time being, the potential for just and democratic solutions provided by the ideas of balancing and proportionality does not appear to be properly used.     

国际知识产权保护和我国面临的挑战

在全球化中知识产权保护不断强化、中央提出建设创新型国家的大背景下,我国的知识产权保护面临着挑战和机遇。基于对世界上主要国家、地区知识产权制度与相关国际条约及其对我国的影响之考察,对各国及国际的知识产权保护中值得借鉴之处的分析,我们应当做的是:一方面利用知识产权制度业已形成的高端保护推动国民在高新技术与文化产品领域搞创造与创作这个“流”,另一方面积极促成新的知识产权制度来保护我们目前可能处优势的传统知识及生物多样化这个“源”。这样,才更有利于加快我国向“知识经济”与和谐社会发展的进程。     

iCLIC Data Mining and Data Sharing workshop: The present and future of data mining and data sharing in the EU

Held at Southampton University's Highfield campus and hosted by iCLIC, an interdisciplinary core on Law, the Internet and Culture, the Data Mining and Data Sharing workshop brought together attendees and speakers from industry, government, academia and a range of disciplines alike. The workshop comprised two sessions, each with a keynote and an associated panel. The first session was chaired by Eleonora Rosati and dealt with copyright and database rights, data mining and data sharing. The second session, chaired by Sophie Stalla-Bourdillon, focussed on data protection, data mining and data sharing. The following report covers both sessions, associated panel discussions and the subsequent question and answer sessions.     

论少数人权利的国际保护

少数人权利的保护是国际人权法的重要内容,承认并尊重少数人权利也是当今众多国家的国际义务。文章从解悉少数人权利保护的国际公约入手,全面论述了少数人权利保护的内容,并提出了我国法律在少数人权利保护方面应当做出的适时调整与完善。     

非公经济产权之刑法保护:缺陷与改进

随着社会主义市场经济的不断发展与完善,全面而自由的市场竞争机制已成为社会经济发展的重要动力。然而,由于我国经济体制的特殊性,市场经济取代计划经济后,相应的法律制度并未随之修正,立法与司法对非公有制经济仍存在歧视性对待。司法实践中对非公经济财产处置乱象的问题仍然存在,并严重威胁非公经济主体的持续经营。从产权保护理论来讲,平等保护各经济主体的财产权利是消除"制度壁垒"的有效方式,应建立平等的犯罪构成要件以及合理的刑罚结构,明确界定涉案财物的范围,提升对非公有制财产权利的保护力度。规范司法工作人员的办案程序,依照法律规定的权限、程序处置涉案财物并建立相应的权利人申诉与救济措施,将平等保护原则贯穿于法律制定、实施的整个过程中,切实保障非公有制经济的合法产权,才能使社会主义经济良性发展。     

全球化环境中的知识产权保护——全球化与知识产权保护国际会议综述

全球化环境下知识产权保护存在很多值得探讨的问题。由中国政法大学民商经济法学院举办、中国政法大学民商经济法学院知识产权法研究所承办、美国Kenyon&Kenyon LLP和National Economic Research Associates,Inc.提供赞助的全球化与知识产权保护国际会议于2007年1月20—21在北京召开,近二百名国内外知识产权专家学者探讨了全球化环境下知识产权保护的一系列问题。本次会议对于推动国内外知识产权理论与实践问题的研究具有深远意义。     

Investigating the legal protection of data,information and knowledge under the EU data protection regime

Information science distinguishes between the semantic forms/intangibles of data, information and knowledge. Data (e.g. an attribute of a data record in a relational database) does not have any meaning by itself. Information is data brought into context (e.g. data related to its primary key), and knowledge is the collection of information for useful intent (e.g. a database). This paper investigates the mapping of semantic forms in information science (i.e. data, information, knowledge) to correlative concepts in information law (primarily data protection legislation) with a view to investigating how such semantic forms are legally protected. The paper first proposes a data, information, knowledge, rules (DIKR) hierarchy in the context of relational database theory, and interprets this hierarchy with respect to data protection concepts. The paper then gives an in-depth discussion of the elements of the DIKR hierarchy (data, information, knowledge, deduced knowledge, induced knowledge) and how they relate to the EU Data Protection Directive 95/46/EC. These relationships are summarized in the form of a two dimensional correlation matrix. Finally the paper discusses how the semantic forms identified are protected under the EU Data Protection Directive, and gives insightful observations about the connection between information law and information science.     

Protecting the privacy and security of sensitive customer data in the cloud

The global ubiquity of cloud computing may expose consumers' sensitive personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers' trust by ensuring adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. From an information privacy perspective, this article analyses how well the regulatory frameworks in place in Europe and the United States help protect the privacy and security of sensitive consumer data in the cloud. It makes suggestions for regulatory reform to protect sensitive information in cloud computing environments and to remove regulatory constraints that limit the growth of this vibrant new industry.     

An international legal framework for data protection: Issues and prospects

The processing of personal data across national borders by both governments and the private sector has increased exponentially in recent years, as has the need for legal protections for personal data. This article examines calls for a global legal framework for data protection, and in particular suggestions that have been made in this regard by the International Law Commission and various national data protection authorities. It first examines the scope of a potential legal framework, and proceeds to analyze the status of data protection in international law. The article then considers the various options through which an international framework could be enacted, before drawing some conclusions about the form and scope such a framework could take, the institutions that could coordinate the work on it, and whether the time is ripe for a multinational convention on data protection.     

A walk in to the cloud and cloudy it remains: The challenges and prospects of ‘processing’ and ‘transferring’ personal data

Cloud computing is an information technology technique that promises greater efficiency and reduced-cost to consumers, businesses and public institutions. However, to the extent it has brought better efficiency and minimal cost, the emergence of cloud computing has posed a significant regulatory challenge on the application of data protection rules particularly on the regime regulating cross-border data flow. The Data Protection Directive (DPD), which dates back to 1995, is at odds with some of the basic technological and business-related features of the cloud. As a result, it is claimed that the Directive hardly offers any help in using the legal bases to ‘process’ and ‘transfer’ data as well as to determine when a transfer to a third country occurs in cloud computing. Despite such assertions, the paper argues that the ECJ's Bodil Lindqvist decision can to a certain extent help to delineate circumstances where transfer should and should not occur in the cloud. Concomitantly, the paper demonstrates that controllers can still make the most of the available possibilities in justifying their ‘processing’ as well as ‘transferring’ of data to a third country in cloud arrangements. In doing so, the paper also portrays the challenges that arise down the road. All legal perspectives are largely drawn from EU level though examples are given from member states and other jurisdictions when relevant.     

论“虚拟财产”

虚拟财产是在网络环境下以电子数据为载体的财产,是个人财产的一种特殊形式,它具有传统财产的法律属性.法律对虚拟财产的保护有利于现代财产制度的完善和健全,从而促进社会的稳定和发展.     

A comparison of data protection legislation and policies across the EU

Although the protection of personal data is harmonized within the EU by Directive 95/46/EC and will be further harmonized by the General Data Protection Regulation (GDPR) in 2018, there are significant differences in the ways in which EU member states implemented the protection of privacy and personal data in national laws, policies, and practices. This paper presents the main findings of a research project that compares the protection of privacy and personal data in eight EU member states: France, Germany, the UK, Ireland, Romania, Italy, Sweden, and the Netherlands. The comparison focuses on five major themes: awareness and trust, government policies for personal data protection, the applicable laws and regulations, implementation of those laws and regulations, and supervision and enforcement.The comparison of privacy and data protection regimes across the EU shows some remarkable findings, revealing which countries are frontrunners and which countries are lagging behind on specific aspects. For instance, the roles of and interplay between governments, civil rights organizations, and data protections authorities vary from country to country. Furthermore, with regard to privacy and data protection there are differences in the intensity and scope of political debates, information campaigns, media attention, and public debate. New concepts like privacy impact assessments, privacy by design, data breach notifications and big data are on the agenda in some but not in all countries. Significant differences exist in (the levels of) enforcement by the different data protection authorities, due to different legal competencies, available budgets and personnel, policies, and cultural factors.