[Purpose/Significance] The library is an important personal information processor in the digital age, and compliance is the prerequisite for its information processing and service provison. The analysis of its compliance status, problems and causes can provide countermeasures for compliant handling of personal information of libraries in China.[Method/Process] By analyzing the privacy policies, instructions for application of certificates and other documents on the official websites of 31 provincial and municipal libraries in China, this paper found that libraries lacked notification of processing contents, the provision of obtaining consent was not consistent, the special provision for handling information of child users was lacking, and the legality of "exceptions" was questionable and the grounds for exemptions from liability might be invalid. This is because the awareness of library compliance was generally weak, the autonomous role of industry organizations was insufficient, and compliance talents were scarce.[Result/Conclusion] It is recommended that libraries adopt the model of joint governance of multiple subjects, differentiate scenarios to fulfill the obligation of notification, formulate special rules for handling child user information, reasonably limit the scope of exceptions, clarify the boundaries of exemptions from liability, and build a risk assessment mechanism to better fulfill the compliance obligations of libraries and protect the rights and interests of user information.
Chen Xiangling
,
Xiao Dongmei
,
Yang Zhong
. Research on the Compliance Obligations of Libraries in Handling Personal Information[J]. Library and Information Service, 2022
, 66(17)
: 69
-80
.
DOI: 10.13266/j.issn.0252-3116.2022.17.007
[1] 龙卫球.中华人民共和国个人信息保护法释义[M].北京:中国法制出版社,2021.
[2] 梅傲,勾明凤.《中华人民共和国民法典》背景下公共图书馆用户个人信息保护的缺失及完善[J].图书馆理论与实践,2021(5):29-34.
[3] 孙道锐.用户个人信息侵权保护的完善——兼论《公共图书馆法》相关规定的修改[J].新世纪图书馆,2020(11):10-16.
[4] 陆康,刘慧,任贝贝.大数据时代我国图书馆隐私管理研究[J].图书馆建设,2021(11):1-12.
[5] 童云峰,金洁.图书馆数字化时代读者个人信息刑法保护的限度[J].图书馆学研究,2021(18):31-38.
[6] 李仪,陶乃航.高校图书馆用户个人信息处理的困境及其应对机制[J].图书馆论坛,2021,41(7):108-115.
[7] 闫舟舟,詹庆东.媒介融合视角下高校图书馆参考咨询服务流程再造研究[J].图书情报工作,2021,65(3):61-66.
[8] 程啸.论个人信息处理者的告知义务[J].上海政法学院学报(法治论丛),2021,36(5):67-80.
[9] 程啸.个人信息保护法理解与适用[M].北京:中国法制出版社,2021.
[10] 赵文慧,赵润娣.图书馆数据开放服务中用户隐私保护问题探讨[J].图书馆学研究,2020(13):64-67.
[11] KERR O S.Norms of computer trespass[J].Columbia law review,2015,116(3):1143-1184.
[12] 王福,康健.基于可信第三方的图书情报机构个性化信息推送研究[J].图书情报工作,2015,59(3):85-89.
[13] 单轸,邵波.基于新一代服务平台的高校图书馆业务流程重组设计与评估研究[J].图书馆学研究,2021(6):27-35.
[14] MACELI M G. Encouraging patron adoption of privacy-protection technologies:challenges for public libraries[J].IFLA journal,2018,44(3):195-202.
[15] 范秀红.RFID智能技术在图书馆中应用研究[J].图书馆学刊,2016,38(9):110-113.
[16] WU Z Y.An Radio-frequency identification security authentication mechanism for Internet of things applications[J].International journal of distributed sensor networks,2019,15(7):1-10.
[17] 赵莹.模块化理念下基于图书馆小数据的用户服务研究[J].图书馆工作与研究,2019(8):77-81,107.
[18] 张忠林,王玲.区块链技术在图书馆的应用场景分析[J].图书与情报,2018(6):110-112.
[19] 陶成煦.图书馆参与政府数据开放的角色定位与路径探析[J].图书馆工作与研究,2021(4):16-22.
[20] 刘学涛,李月.大数据时代被遗忘权本土化的考量——兼以与个人信息删除权的比较为视角[J].科技与法律,2020(2):78-88.
[21] 舍恩伯格.删除:大数据取舍之道[M].袁杰,译.杭州:浙江人民出版社,2013.
[22] 杨芳.个人信息自决权理论及其检讨——兼论个人信息保护法之保护客体[J].比较法研究,2015(6):22-33.
[23] 程啸.论《个人信息保护法》中的删除权[J].社会科学辑刊,2022(1):103-113,209.
[24] 金松,张立彬.图书馆大数据:权利界分、因应之道与风险破解[J].情报理论与实践,2020,43(3):44-52.
[25] 法律声明[EB/OL].[2022-03-10].https://www.zjlib.cn/.
[26] 云南省图书馆版权声明[EB/OL].[2022-03-10].http://www.ynlib.cn/Item/76022.aspx.
[27] (内蒙古图书馆网站平台)使用条款和隐私政策[EB/OL].[2022-03-10].http://www.nmglib.com/.
[28] 广东省立中山图书馆(广东省古籍保护中心)网上办卡协议[EB/OL].[2022-03-10].https://bz.zslib.com.cn/.
[29] 广西图书馆在线实名注册使用协议[EB/OL].[2022-03-10].http://202.103.233.138:8080/InDigLib/phone/brower/re.
[30] 江西省网上办证读者须知[EB/OL].[2022-03-10].https://www.jxlibrary.net/contents/38/13.html.
[31] 刘万国,周秀霞,霍明月.基于ISO/IEC 27001:2013的高校图书馆信息安全管理体系构建研究[J].现代情报,2017,37(4):3-8,32.
[32] 共青团中央维护青少年权益部,中国互联网络信息中心.2020年全国未成年人互联网使用情况研究报告[R/OL].[2022-03-10].http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/qsnbg/202107/P020210720571098696248.pdf.
[33] 陈美,梁乙凯.开放政府数据隐私风险控制中个人数据匿名化研究[J].图书馆学研究,2021(11):66-71.
[34] 肖冬梅."后真相"背后的算法权力及其公法规制路径[J].行政法学研究,2020(4):3-17.
[35] WITT S.Evolution of the right to privacy within the American Library Association:1906-2002[J].Library trends,2016,65(4):639-658.
[36] 范为.大数据时代个人信息保护的路径重构[J].环球法律评论,2016(5):92-115.
[37] 吴高.人工智能时代公共数字文化服务个人隐私保护的困境与对策[J].图书馆学研究,2021(10):39-45,54.
[38] 田淑娴,许春漫.国外图书馆用户隐私保护指南文本分析与启示[J].图书情报工作,2015,59(18):61-66,116.
[39] 王怡,邵波.国内高校数字图书馆联盟发展现状:内涵缺失和结构重塑[J].图书馆学研究,2020(4):87-93.
[40] 吴拓,傅文奇.基于招聘信息的我国图书馆人才需求调查与分析[J].国家图书馆刊,2018,27(6):18-29.
[41] 黄如花.面向高质量发展的数据素养教育[J].图书馆建设,2020(6):26-29.
[42] 陈峰,王利荣.个人信息"知情同意权"的功能检视与完善进路[J].广西社会科学,2021(8):106-111.
[43] 郭戎晋.从个人资料保护立法谈cookie之定位、应用争议与规范课题[J].东吴法律学报,2020,32(1):69-103.
[44] Privacy policy[EB/OL].[2022-03-10].https://www.hcaptcha.com/privacy.
[45] 杨署东,谢卓君.跨境数据流动贸易规制之例外条款:定位、范式与反思[J].重庆大学学报(社会科学版),2021(11):1-15.
[46] 陈美,谭纬东.政府开放数据的隐私风险评估与防控:新西兰的经验[J].情报理论与实践,2020,43(5):110-114,90.
[47] 马晓亭,李凌.基于大数据的图书馆用户个性化隐私保护策略[J].现代情报,2014,34(3):60-62,67.
[48] DLA PIPER.Dataprotection lawsoftheworld[EB/OL].[2022-03-10].https://www.dlapip-erdataprotection.com/index.html?t=security&c=AU&c2=.
[49] 陆英.大数据安全防护方法与建议[J].计算机与网络,2019,45(7):50-51.
[50] 崔聪聪,许智鑫.数据保护影响评估制度:欧盟立法与中国方案[J].图书情报工作,2020,64(5):41-49.
[51] VENTRELLA E. The symbiotic relationship between privacy and security in the context of the general data protection regulation[J].ERA Forum,2020(20):455-469.
[52] AKREMI A, ROUACHED M. A comprehensive and holistic knowledge model for cloud p-rivacy protection[J].The journal of supercomputing,2021(6):1-33.
[53] ICO.Guidance on the rules on use of cookies and similar technologies[EB/OL].[2022-03-10].https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/.
[54] 莱斯格.代码2.0:网络空间中的法律[M].李旭,沈伟伟,译.北京:清华大学出版社,2018.
[55] DANIEL J S.The digital person:technology and privacy in the information age[M].New York:New York University Press,2006.
