关键词: 个人信息处理, 行为规则, 信托, 类型化, 行为模式

Abstract: Given that personal information processing involves a variety of different behaviors throughout the process of information flow and that the risks of specific information processing behaviors change as processing scenes vary, the difficulty of forming a unified standard of rules of behavior increases. To formulate a unified standard, it is necessary to correct the misleading orientation that the current rules of behavior for personal information processing lack classification so as to reconstruct the trust relationship between individuals and personal information processors. In formulating rules of behavior for personal information processing, we should take the ways of realizing the validity of legal rules as the standard of classification while taking into consideration the content and scope of specific fiduciary duties in information relationships. The rules of behavior should include three types: should-do mode, not-to-do mode and can-do mode. The interpretation of the typology of the rules of behavior for personal information processing in The Personal Information Protection Law of China should see that throughout the process of information processing, personal information processors should take the obligations of notification and security protection under the should-do mode, meet the automatic decision-making requirements under the not-to-do mode and make flexible, scene-based guidance and incentive measures under the can-do mode, thus forming a multi-law co-governance under rules, standards and industrial conventions.

Key words: personal information processing, rules of behavior, trust, classification, behavioral mode