2021年《中华人民共和国个人信息保护法》正式通过并施行,作为中国首部针对个 人信息保护的专门性立法,《个人信息保护法》构建了完整的个人信息保护框架,对于 保障个人信息自主与信息安全具有重要意义。其中,第47条确立了个人信息“删除权”, 规定了信息主体行使个人信息“删除权”的五种适用情况,并要求个人信息处理者履行删 除义务的例外情况。纵观《个人信息保护法》从起草到正式出台的整个制定过程,“删 除权”与“被遗忘权”之间的关系一直是备受关注与争议。此次立法暂未引入被遗忘权, 而是先行确立删除权,这一立法选择值得深思,需要对“删除权”与“被遗忘权”的关系进 行辨析,探索两者在个人信息立法中的地位。 本文介绍欧盟《一般数据保护条例》(GDPR)中“被遗忘权”立法背景,同时通过中国 《个人信息保护法》所规定的“删除权”与欧盟“被遗忘权”之间的对比,分析无论是在特 殊权利主体的保护、合法公开信息的处理、责任主体的界定和对权利冲突问题的权衡等 存在诸多不同。另外,中国“删除权”与欧盟“被遗忘权”相比,在人格尊严的保护和个人 信息传播途径规制上还存在明显的差距。因此,有必要将“被遗忘权”引入《个人信息保 护法》,实现两者的共融共存,并需要进一步探究如何克服本土化发展困境,制定出有 效、具体的完善方案,以此回应在个人信息删除权法定化的前提下,仍有必要引入“被 遗忘权”这一焦点争议。
In 2021, the Law of “the People’s Republic of China on the Protection of Personal Information” was passed and came into force. As China’s first special legislation on the protection of personal information, the Law on the Protection of Personal Information has built a complete framework for the protection of personal information, which is of great significance in safeguarding the autonomy and security of personal information. In particular, Article 47 establishes the “Right to delete of personal information”, sets out five applicable circumstances in which information subjects may exercise the right to delete of personal information, and requires exceptions to the obligation to delete for processors of personal information. Throughout the drafting process of the Personal Information Protection Act, the relationship between the “right to delete” and the“right to be forgotten” has been the subject of much attention and controversy. This article introduces the legislative background of the right to be forgotten in the EU “General Data Protection Regulation”(GDPR), and compares the similarities and differences between the “right to delete” under China’s Human Information Protection Law and the “right to be forgotten” in the EU. It is found that there are obvious gaps in the protection of human dignity and the regulation of the means of dissemination of personal information between the “right to delete” established in China and the “right to be forgotten” in the EU, in terms of the protection of special rights subjects, the handling of lawfully disclosed information, the definition of responsible subjects and the weighing of conflicting rights issues. Therefore, it puts forward the necessity of introducing the “right to be forgotten” into the “Personal Information Protection Law” and realizes the coexistence of the two, and further explores how to overcome the localization development dilemma and formulate effective and specific improvement measures,responds to the focal problem of whether and how to introduce the “right to be forgotten” under the premise of legalizing “the right to delete personal information”.