人工智能视域下的信息规制——基于隐私场景理论的激励与规范
|
摘要
人工智能与互联网、大数据的加速融合诱发新型社会风险,提出了信息规制的新诉求。总结信息规制的相对性、公共性特征,反思信息自决机制,应当基于利益平衡的立场,适恰地处理信息领域个人利益与公共利益的紧张关系。隐私场景理论为处理这种紧张关系提供了进路,强调信息的适当流通,建构了信息规范的四项参数,反对信息类型的二分法,提供了特定场景中"适当"的分析工具。激励与规范的视域下,应当从基于使用场景与敏感程度的同意规则,差异化应用场景,以及法律、标准、协议、代码的规范体系,技术自我规制四方面探索场景理论的应用。
The accelerated integration of artificial intelligence with the Internet and big data has caused new social risks and hence there has been the need for information regulation. Reviewing the relativity and publicity of information regulation and reflecting on the mechanism for information self-determination should be based on the balance of interests and properly handling the tension between personal interests and public interests in the information field. The theory of privacy scenarios provides support for dealing with this tension, which underscores the appropriate flow of information, constructs the four parameters for information regulation, opposes the dichotomy concerning information types, and provides an "appropriate" analysis tool for the specific scenarios.From the perspective of incentives and norms, we should explore the application of the scenario theory in the four areas: the agreement rules based on the usage scenarios and the sensitivity degree, the differentiated application scenarios, the legal, standards,protocols, and code specification systems, and technical self-regulation.
The accelerated integration of artificial intelligence with the Internet and big data has caused new social risks and hence there has been the need for information regulation. Reviewing the relativity and publicity of information regulation and reflecting on the mechanism for information self-determination should be based on the balance of interests and properly handling the tension between personal interests and public interests in the information field. The theory of privacy scenarios provides support for dealing with this tension, which underscores the appropriate flow of information, constructs the four parameters for information regulation, opposes the dichotomy concerning information types, and provides an "appropriate" analysis tool for the specific scenarios.From the perspective of incentives and norms, we should explore the application of the scenario theory in the four areas: the agreement rules based on the usage scenarios and the sensitivity degree, the differentiated application scenarios, the legal, standards,protocols, and code specification systems, and technical self-regulation.
引文
[1]Peter Huber,"Safety and The Second Best:The Hazards of Public Risk Management in the Courts",Columbia Law Review, 1985, 2, pp. 277-337.
[2]樊鹏:《利维坦遭遇独角兽:新技术的政治影响》,《文化纵横》,2018年第8期。
[3]Miles Brundage, Shahar Avin et al.,"The Malicious Use of Artificial Intelligence:Forecasting, Prevention, and Mitigation", https://arxiv.org/abs/1802.07228, October 3,2018.
[4]王利明:《亟需法学研究和立法工作予以关注——人工智能时代提出的法律问题》,《北京日报》,2018年7月30日,第13版
[5]朱某称其利用百度搜索引擎搜索“减肥”“丰胸”“人工流产”等词,浏览相关的内容后,在一些网站上就会出现上述广告。朱某主张,百度网讯公司利用网络技术,未经其知情和选择,记录和跟踪了其搜索的关键词,将其兴趣爱好、生活学习工作特点等显露在相关网站上,对其浏览的网页进行广告投放,侵犯了隐私权。一审法院认为,网络活动踪迹属于个人隐私,百度网讯公司利用cookie技术收集朱某信息,侵犯了朱某的隐私权。二审法院认为,百度网讯公司在提供个性化推荐服务中运用网络技术收集、利用的是未能与网络用户个人身份对应识别的数据信息,该数据信息的匿名化特征不符合“个人信息”的可识别性要求。推荐服务只发生在服务器与特定浏览器之间,没有对外公开其网络活动轨迹及偏好,未强制网络用户必须接受个性化推荐服务,提供了退出机制,未侵犯网络用户的选择权和知情权。
[6][8]Paul.M.Schwartz, Daniel.J.Solove,"The PII Problem:Privacy and a new concept of personally identifiable information", New York University Law Review, 2011, 86(12), pp. 1814-1894.
[7] Frederik J. Zuiderveen Borgesius,"Singling out people without knowing their names-Behavioural targeting, pseudonymous data, and the new Data Protection Regulation", Computer Law&Security Review,2016, 32(2), pp. 256-271。
[9]PAUL O.,"Broken promises of privacy:responding to the surprising failure of anonymization", UCLA Law Review, 2010, 57(6), pp.1701-1777.
[10]参见《信息安全技术公共及商用服务信息系统个人信息保护指南》、《信息安全技术:个人信息安全规范》(GB/T 35273-2017)。
[11]如欧盟《一般数据保护条例》对用户画像、信息主体对信息的控制权利的规定。
[12]匿名化信息是否是个人信息的范畴,企业主张以能否识别特定个体作为判断标准。
[13][17][19][23]Helen Nissenbaum, Privacy in Context Technology, Policy, and the Integrity of Social Life, California:Stanford University Press, 2010, p.127,p.129, pp.140-144, pp.152-156.
[14][15]Michael Walzer, Spheres of Justice:A Defense of Pluralism and Equality, Basic Books, 1983,p.320, pp. 17-20.
[16]例如,电子商务平台通过分析用户的喜好信息进行个性化推送是符合适当性规范的,但是杂货铺的老板询问消费者家庭信息、工作信息、子女入学信息等,以及电影、读书、度假等生活信息,并把这些信息提供给了第三方,则违反了适当性规范,也违反了信息流通规范。
[18][20][26] Helen Nissenbaum,"Privacy as Contextual Integrity", Washington Law Review, 2004, 79,pp. 119-158.
[21]Paul M. Schwartz,"PrivacyandDemocracy in Cyberspace",VAND. L. REV., 1999, 52, p. 1607.
[22]Solveig Singleton,"Privacy as Censorship:A Skeptical View of Proposals To Regulate Privacy in the Private Sector", CATO POLICY ANALYSIS No. 295,(Cato Inst. 1998), http://www.cato.org/pubs/pas/pa-295.pdf.
[24]马长山:《智能互联网时代的法律变革》,《法学研究》,2018年第4期。
[25]Nick Wallace and Daniel Castro,"The Impact of the EU's New Data Protection Regulation on AI", October3, 2018, https://www.datainnovation.org/2018/03/theimpact-of-the-eus-new-data-protection-regulation-on-ai/.
[27]吴沈括、罗瑾裕:《人工智能安全的法律治理:围绕系统安全的检视》,《新疆师范大学学报(哲学社会科学版)》,2018年第7期。
[28]李晟:《略论人工智能语境下的法律转型》,《法学评论》,2018年第1期。
[29]张青波:《自我规制的规制:应对科技风险的法理与法制》,《华东政法大学学报》,2018年第1期。
[30]FUNG B C M, WANG K, CHEN R, et al.,"Privacy-preserving data publishing:a survey on recent developments",ACM Computing Surveys, 2010, 42(4),p. 14.
[31]张平:《大数据时代个人信息保护的立法选择》,《北京大学学报(哲学社会科学版)》,2017年第5期。
[2]樊鹏:《利维坦遭遇独角兽:新技术的政治影响》,《文化纵横》,2018年第8期。
[3]Miles Brundage, Shahar Avin et al.,"The Malicious Use of Artificial Intelligence:Forecasting, Prevention, and Mitigation", https://arxiv.org/abs/1802.07228, October 3,2018.
[4]王利明:《亟需法学研究和立法工作予以关注——人工智能时代提出的法律问题》,《北京日报》,2018年7月30日,第13版
[5]朱某称其利用百度搜索引擎搜索“减肥”“丰胸”“人工流产”等词,浏览相关的内容后,在一些网站上就会出现上述广告。朱某主张,百度网讯公司利用网络技术,未经其知情和选择,记录和跟踪了其搜索的关键词,将其兴趣爱好、生活学习工作特点等显露在相关网站上,对其浏览的网页进行广告投放,侵犯了隐私权。一审法院认为,网络活动踪迹属于个人隐私,百度网讯公司利用cookie技术收集朱某信息,侵犯了朱某的隐私权。二审法院认为,百度网讯公司在提供个性化推荐服务中运用网络技术收集、利用的是未能与网络用户个人身份对应识别的数据信息,该数据信息的匿名化特征不符合“个人信息”的可识别性要求。推荐服务只发生在服务器与特定浏览器之间,没有对外公开其网络活动轨迹及偏好,未强制网络用户必须接受个性化推荐服务,提供了退出机制,未侵犯网络用户的选择权和知情权。
[6][8]Paul.M.Schwartz, Daniel.J.Solove,"The PII Problem:Privacy and a new concept of personally identifiable information", New York University Law Review, 2011, 86(12), pp. 1814-1894.
[7] Frederik J. Zuiderveen Borgesius,"Singling out people without knowing their names-Behavioural targeting, pseudonymous data, and the new Data Protection Regulation", Computer Law&Security Review,2016, 32(2), pp. 256-271。
[9]PAUL O.,"Broken promises of privacy:responding to the surprising failure of anonymization", UCLA Law Review, 2010, 57(6), pp.1701-1777.
[10]参见《信息安全技术公共及商用服务信息系统个人信息保护指南》、《信息安全技术:个人信息安全规范》(GB/T 35273-2017)。
[11]如欧盟《一般数据保护条例》对用户画像、信息主体对信息的控制权利的规定。
[12]匿名化信息是否是个人信息的范畴,企业主张以能否识别特定个体作为判断标准。
[13][17][19][23]Helen Nissenbaum, Privacy in Context Technology, Policy, and the Integrity of Social Life, California:Stanford University Press, 2010, p.127,p.129, pp.140-144, pp.152-156.
[14][15]Michael Walzer, Spheres of Justice:A Defense of Pluralism and Equality, Basic Books, 1983,p.320, pp. 17-20.
[16]例如,电子商务平台通过分析用户的喜好信息进行个性化推送是符合适当性规范的,但是杂货铺的老板询问消费者家庭信息、工作信息、子女入学信息等,以及电影、读书、度假等生活信息,并把这些信息提供给了第三方,则违反了适当性规范,也违反了信息流通规范。
[18][20][26] Helen Nissenbaum,"Privacy as Contextual Integrity", Washington Law Review, 2004, 79,pp. 119-158.
[21]Paul M. Schwartz,"PrivacyandDemocracy in Cyberspace",VAND. L. REV., 1999, 52, p. 1607.
[22]Solveig Singleton,"Privacy as Censorship:A Skeptical View of Proposals To Regulate Privacy in the Private Sector", CATO POLICY ANALYSIS No. 295,(Cato Inst. 1998), http://www.cato.org/pubs/pas/pa-295.pdf.
[24]马长山:《智能互联网时代的法律变革》,《法学研究》,2018年第4期。
[25]Nick Wallace and Daniel Castro,"The Impact of the EU's New Data Protection Regulation on AI", October3, 2018, https://www.datainnovation.org/2018/03/theimpact-of-the-eus-new-data-protection-regulation-on-ai/.
[27]吴沈括、罗瑾裕:《人工智能安全的法律治理:围绕系统安全的检视》,《新疆师范大学学报(哲学社会科学版)》,2018年第7期。
[28]李晟:《略论人工智能语境下的法律转型》,《法学评论》,2018年第1期。
[29]张青波:《自我规制的规制:应对科技风险的法理与法制》,《华东政法大学学报》,2018年第1期。
[30]FUNG B C M, WANG K, CHEN R, et al.,"Privacy-preserving data publishing:a survey on recent developments",ACM Computing Surveys, 2010, 42(4),p. 14.
[31]张平:《大数据时代个人信息保护的立法选择》,《北京大学学报(哲学社会科学版)》,2017年第5期。