开讲学者：Daniel J. Solove （美国乔治华盛顿大学法学院讲席教授、TeachPrivacy公司创始人）

主持人：彭錞 （4494.c威尼斯院长助理、助理教授）

开讲学者简介：

  Daniel J. Solove教授作为世界领先的隐私法专家之一，著有10多本专著、教科书以及50多篇论文，其论文发表于《哈佛法律评论》《耶鲁法律杂志》《斯坦福法律评论》和《哥伦比亚法律评论》等杂志。他最新出版的书是《BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press, March 2022) (with Woodrow Hartzog)。Solove教授作为 "思想领袖 "在LinkedIn写作专栏，拥有超过100万的粉丝。他还经常在Privacy+Security博客上发表博文。

  Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School.  He is also the founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, law firms, healthcare institutions, schools, and other organizations.  One of the world’s leading experts in privacy law, Solove is the author of 10+ books and textbooks and 50+ articles. His most recent book is BREACHED!: WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press, March 2022) (with Woodrow Hartzog). His articles have appeared in the Harvard Law Review, Yale Law Journal, Stanford Law Review, and Columbia Law Review, among others.  Professor Solove writes at LinkedIn as of its “thought leaders,” and he has more than 1 million followers.  He more routinely blogs at Privacy+Security Blog.

讲座摘要：

  个人的隐私权一般被认为是信息隐私法和数据保护法的核心。欧盟GDPR确立了一套最全面的隐私权利束，包括查阅权、更正权、删除权、限制处理权、可携权、反对权和免受自动化决策权。世界各地的隐私法律都以不同形式规定了这些权利。 

  在本次讲座中，Solove教授将指出尽管权利是隐私监管的重要组成部分，但权利往往力有不逮。权利只能赋予个人少量的权力。归根结底，权利最多只能扮演支持性的角色，是一个更为宏大架构中的一小部分。权利不能作为隐私保护的堡垒有三个原因。首先，当许多隐私问题具有系统性时，权利让个人承担了太多的责任。第二，个人缺乏时间和专业知识来做出关于隐私的困难决定，而且随着处理数据的组织数量增加，权利实际上无法被大规模行使。第三，仅仅关注原子化的个人是无法保护隐私的。许多人的个人数据是相互关联的，人们对自己数据的决定会影响其他人的隐私。提供隐私权的主要目标是为个人提供对其个人数据的控制。然而，有效的隐私保护不仅要促进个人控制，还应让个人数据的收集、分析和传输活动受到约束。隐私权无法实现后一个目标；就是在前一个目标上，隐私权也失败了。  

  本讲座内容基于Solove教授发表于《圣母大学法律评论》98期的文章《隐私权的局限》。

  Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of。rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure, right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms.  

In this lecture, I will contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than they are capable of doing. Rights can only give individuals a small amount of power. Ultimately, rights are at most capable of being a supporting actor, a small component of a much larger architecture. I advance three reasons why rights cannot serve as the bulwark of privacy protection. First, rights put too much onus on individuals when many privacy problems are systematic. Second, individuals lack the time and expertise to make difficult decisions about privacy, and rights cannot practically be exercised at scale with the number of organizations than process people’s data. Third, privacy cannot be protected by focusing solely on the atomistic individual. The personal data of many people is interrelated, and people’s decisions about their own data have implications for the privacy of other people. The main goal of providing privacy rights aims to provide individuals with control over their personal data.  However, effective privacy protection involves not just facilitating individual control, but also bringing the collection, processing, and transfer of personal data under control. Privacy rights are not designed to achieve the latter goal; and they fail at the former goal.  

This lecture is based on Professor Solove’s article, The Limitations of Privacy Rights, 98 Notre Dame Law Review __ (forthcoming 2023). 

讲座海报：