摘要
我国《个人信息保护法》第69条规定了在发生个人信息侵权时,个人信息处理者应当如何承担侵权责任,但并未规定委托处理个人信息中委托人和受托人要如何承担侵权责任的问题。尤其是并非个人信息处理者的受托人能否成为责任主体成了主要争议点。判断受托人能否转化为责任主体并承担侵权责任的标准,不应是“能否自主决定处理目的和处理方式”这一表现形式,而应当是“对个人信息侵权具有控制力”。只有这样才能解决诸如云计算等复杂情形下,受托人虽未突破委托人决定的处理目的和处理方式,却造成侵权结果,责任应该如何承担的困境。
Article 69 of China’s Personal Information Protection Law stipulates how personal information processors should bear tort liability in the event of personal information infringement,but it does not address how the principal and the agent involved in the entrusted processing of personal information should bear tort liability.In particular,whether an agent who is not a personal information processor can become a liable party has become a major point of contention.The standard for determining whether the agent can transform into a liable party and bear tort liability should not be based on the formal criterion of“whether they can independently decide the purpose and method of processing”,but rather on“whether they have control over the infringement of personal information”.Only by adopting this standard can we resolve the dilemma regarding how liability should be borne in complex situations,such as cloud computing,where the agent,despite not exceeding the processing purposes and methods determined by the principal,causes an infringement.
作者
范家祺
FAN Jiaqi(College of Philosophy and Law and Politics,Shanghai Normal University,200000,Shanghai,China)
出处
《特区经济》
2025年第5期136-139,共4页
Special Zone Economy
关键词
委托处理个人信息
侵权责任
个人信息处理者
Entrusted Processing of Personal Information
Tort Liability
Personal Information Processor
