|
Abstract The processor of personal information is the primary party responsible for personal
information protection. In order to contribute to the implementation of this primary responsibility, the
Personal Information Protection Law stipulates that data platforms shall appoint personal information
protection officers, establish personal information protection compliance systems according to state
regulations, and establish an independent body composed mainly of outside members to supervise
personal information protection circumstances. The intervention of the state in the organizational
structure of data platforms promotes the formation of a new regulatory model for personal information
protection compliance, which has important research value in analyzing the theoretical basis and
intervention limits of this regulatory model. The research first adopts normative analysis methods to
categorize the reshaping of the organizational structure of data platform by the state, and then explores
in an innovative manner the limits and logic of the organizational obligations by using the principles of
proportionality and consistency derived from the empirical research results.
Due to the fact that external behavioral norms cannot guarantee the utilisation, on the part of data
platforms, of their cognitive advantages to achieve risk management in personal information protection,
the state puts into practice the organizational norms to develop the internalization of corporate
compliance with personal information protection. In the process of continuous intervention in the
autonomy of data platform operations, private intervention obligations lack explanatory capacity as a
consequence of the focus on the relationship of responsibility. This is mainly influenced by the fact that
traditional state intervention is substantial and specific, while the reshaping of corporate rational
structures by legislators is realised by impacting the decision-making process of enterprises in order to
change their future decision-making logics. The classical principle of proportionality is developed on
empirical predictions. By examining the shaping of the organizational structure of data platforms by
legislators with the assistance of this traditional fundamental rights protection mechanism, it can be
observed that it lacks the delicate regulatory power that once existed when state intervention was direct.
In terms of legitimate purposes, the goals listed by legislators are very abstract. Since it is not yet clear
how organizational norms work and to what extent they truly deliver public interest, it is difficult to
measure in an accurate way the utility of intervention measures in promoting legitimate purposes. In
order to better examine the obstructive effects caused by the state’s reshaping of corporate rational
structures, content examination should start from the objective dimension of fundamental rights and
strengthen it with the requirement of consistency. This means that the organizational structure
requirements proposed by the state for data platforms on the basis of risk pathways must not only
undermine the cognitive potential of enterprises, thereby hindering their own logic, but also ensure that
the actions of enterprise organizations are guided by personal information protection. According to the
requirement of consistency, it is advisable that lawmakers make supplementary provisions on the
organizational obligations that data platforms should undertake in the Personal Information Protection Law. The transformation of the risk regulatory model presents challenges to the review tools oftraditional administrative law, and contemporary administrative law should conduct more in-depth
and all-inclusive research on the institutional arrangements for coordinating different participants with
different behavioral logics. After all, compared with directly regulating external behaviors of enterprises,
realizing the public interest by regulating their internal organizational structures places
higher demands on legislators.
|
|
Published: 22 May 2024
|
|
|
|
