CHINA LEGAL SCIENCE 2021年第3期|人机互动境遇下劳动者个人信息保护的挑战与回应
日期:21-06-17 来源: 作者:zzs
CHALLENGES AND RESPONSES TO THE PROTECTION OF WORKERS’ PERSONAL INFORMATION IN THE CONTEXT OF HUMAN-COMPUTER INTERACTION Wei Guangping With the development of artificial intelligence and big data, communication, monitoring, identification and other technologies are constantly iterative and upgraded, human-computer interaction application scenarios gradually deepen, accelerating the development of individual data manifestations. The recognition technology for human movement from simple sensory recognition development to human-computer interaction based on technological progress and big data development, through wearable technology and sensor technology to achieve human-computer interaction, to achieve the monitoring of people in work scenarios. Based on the development of deep sensing technology, a rule-based algorithm for human-computer interaction is proposed. Human-computer interaction based on video scenes has become a new direction for human motion research, and deep learning algorithms for human-computer interaction have improved the accuracy of human-computer interaction, gradually shifting to human-computer interaction on real and complex natural scenes. The future human civilization, manifesting itself in the form of artificial intelligence, or human-machine civilization, has a non-biological character. In the World Artificial Intelligence Safety High-Level Dialogue 2020, the Cyber Research Institute and Guanan Information jointly released the Artificial Intelligence Data Security Risk and Governance Report, pointing out that data privacy, data quality and data protection have become important data security challenges in the development and application of artificial intelligence systems. The collection of workers’ data at work by technological means can easily translate into the processing of workers’ personal information, which has an impact on the protection of workers’ personal information. The author believes that with the help of modern technological means such as wearable technology and sensor technology, human-computer interaction can be realized, key points of work can be tracked and recorded, and visualized data can be formed through recognition algorithms to show the whole process of work, thus realizing the monitoring of employers on workers and posing risks to the protection of workers’ personal information. The personal information of workers studied in this paper refers to the human-computer interaction situation brought about by the development of technology, which generates data including verbal text, images, videos and other forms of recorded personal data in the work situation and these data are processed. Relevant research in the academic world includes scholarly studies on the conflict and protection between the supervisory and management rights of employers and the privacy rights of workers in the intelligent era. Scholars have used social media as a research perspective to study the protection of workers’ privacy in China through a comparative approach. Scholars conduct research on the current state of research on the protection of workers’ privacy. Scholarly research on the protection of workers’ data is mostly focused on the perspective of labor privacy. There are relatively few studies on the protection of workers’ personal information under the human-computer interaction of technological development. The author attempts to respond to the challenge of protecting workers’ personal information in the context of human-computer interaction from a collective perspective. I. CHALLENGES TO THE PROTECTION OF WORKERS’ PERSONAL INFORMATION IN THE CONTEXT OF HUMAN-COMPUTER INTERACTION Human-machine interaction poses a challenge to the protection of workers’ personal information, which is reflected in the unclear boundary between the protection of workers’ personal information and their related rights, the asymmetric disadvantaged position of workers’ personal information in the hands of employers, and the tendency to strengthen the commoditization of workers’ attributes and the increased risk of personal information leakage. A. Blurred Boundaries between the Protection of Workers’ Personal Information and Their Related Rights The challenge of blurring the boundaries between workers’ personal information, data, and privacy in the context of human-computer interaction is related to the fact that theoretical research on personal information protection is in its infancy. The academic community has different understandings of the meaning of the information subject, which directly affects whether or not the worker is the subject of personal information. Some scholars believe that personal information is attached to the human dignity and free interests of the information subject. Some scholars also believe that, according to the relationship between the data and the subject, the subject can be divided into data-generating subjects and data-acquiring subjects; the data subject’s full name is data-generating subjects, and the need for personal data rights is to protect their personal data; and information subjects, which include data information subjects (i.e., data-acquiring subjects) and non-data information subjects, lawfully obtained and transformed into personal information by the right to personal information protection. In addition, academics have studied the right attributes of privacy, personal data and personal information protection, and believe that a distinction should be made between traditional rights such as personal data, personal information protection and privacy. Personal information protection differs from the traditional right to privacy in that it is a single-directional protection of rights and needs to be considered from both the protection and use aspects. The law recognizes the civil rights of natural persons to personal data. Whether the name of the right is the right to personal information or other names is irrelevant. What is important is to clarify the content of the right and distinguish it from the existing civil rights as a separate category of civil rights alongside the right to privacy. The interests guaranteed by the right to personal information and the right to privacy have different natures, so they are two different personality rights. The essence of competing rights is that an act in a particular situation harms multiple interests at the same time, and different interests are occasionally harmed by the same act, which will not upset the boundaries between these interests and will not affect the independence of the relevant rights. The distinction between the meanings of personal data and personal information in the Chinese legal language is of little significance, and the Civil Code confirms the legal status of personal information. For the time being, there is no definitive answer to the attribution and definition of the rights between their personal information, personal data, and privacy rights in the protection of workers’ data, which leads to the blurring of the boundaries of the rights to the protection of workers’ personal information, and the blurring of legal provisions makes it difficult to protect workers’ personal information through justice, and also brings about legal inequality in which workers are in a weaker position compared to the employers. B. Workers’ Vulnerability and Unequal Rights Due to Information Asymmetry In a situation of human-computer interaction, where the personal information of workers is handled by the employers, the information available to them and the employers is such asymmetry that the employers’ control over the workers’ personal information is actually increased and the workers are at a disadvantage. The prerequisite for the protection of the right to personal information is the existence of a continuous unequal information relationship. The development of technology, such as 5G, cloud storage and wearable technology, has increased the form and the speed of human-computer communication, accelerating the collection of worker data in workplace situations through communication, monitoring, real-time collaboration and other technologies. Take professional athletes as an example, in order to improve monitoring and data entry, Luneng Football School equipped with Australia’s Catapult wearable devices, which in line with FIFA IMS certification can be worn in official matches, to achieve the monitoring of professional athletes training results. It is important to acknowledge that technological developments in human-computer interaction improve workers’ performance and productivity and human-computer interaction devices for professional athletes can reduce injuries and improve performance. The interactive technology can not only improve worker performance and safety, but also allow employers to perform biometric analysis for more than just health and wellness purposes. Workers’ working status, conditions of employment, personal benefits, pay, rest and vacation rights, and other rights will all be affected by the personal information that employers have on their data-processed workers. The asymmetry of personal information held by workers and employers in the context of human-computer interaction leads to inequalities arising from the disadvantaged position of workers. C. Increased Commoditization of Workers and the Risk of Personal Information Leakage The big data has a predictive role that makes it a commodity and liquid. Michael Lewis’s book, The Magic Ball, criticizes the inefficiency of statistical methods of prediction through typicality, and suggests ways in which judgments can be made through data to reach goals at a low cost. The nature of data has a direct impact on the processing of workers’ personal information by employers, elevating the commoditized nature of workers and increasing the risk of leakage of the personal information. The work space and workplace time in the digital age break the physical sense of limitations. The employer’s command and management of workers based on the processing of personal information is essentially dependent on the employer through the workers’ economic income, thus increasing the employer’s control over the workers and bringing about a ‘new type of labor alienation’. Workers’ personal information has the dichotomy of ‘subjectivity’ and ‘openness’, and the mobility of personal information in the Internet era. The legal basis for the protection of personal information rights is diverse, with both individual and social circulation attributes. The fluidity of personal privacy in social media determines the inevitable trend of workers’ privacy rights being violated. The social mobility attributes of personal information increase the commodification of workers and the risk of workers’ personal information being infringed. The exploitation of personal information can potentially yield economic gains, and the information is undoubtedly of economic interest when used in contract negotiations. At the same time, the protection of workers’ personal information is passive in nature, and the risk of workers’ commoditization and leakage of the personal information is lower than that of employers’ active monitoring. In the protection of workers’ personal information, workers’ rights to mobilize are blurred, and the inequality is caused by their disadvantaged position. The risk of workers’ commoditization is based on the difference in action, and it is necessary to seek legal regulation and protection at the Chinese legal level. II. LEGAL POSITIONING DIFFICULTIES IN THE PROTECTION OF WORKERS’ PERSONAL INFORMATION IN CHINA The legal provisions for the protection of workers’ personal information as a whole are unclear in the legal positioning. Most of the provisions for the protection of workers’ personal information are in principle and lack operability. In particular, the legal provisions on the protection of workers’ personal information need to be further refined in terms of their definition. A. Vague Connotations of Personal Information Need to Be Refined The provisions of the Civil Code for the protection of personal information can be seen as the foundational provisions for the private law protection of personal information, which treats personal information and the right to privacy as parallel rights in private law; however, there is also the problem of the vague scope of the definition of personal information, which requires further refinement to meet the normative requirements of the law. The legal protection of a natural person’s personal information independent of the right to privacy began with the General Principles of Civil Law, which came into effect in 2017. Book IV of the Civil Code, the Personality Rights, includes the right to privacy and the protection of personal information alongside personality rights, while expanding the scope of personal information protection to include ‘email addresses, health information, and whereabouts information’, and stipulating that personal information that includes ‘private information’ is subject to the provisions of the right to privacy. This has resulted in a blurring of the connotation of the concept. It is precisely because of this blurring of connotative boundaries that the right to privacy and the right to personal information have a relationship that is both overlapping and distinct, resulting in the application of the provisions on privacy to personal information as ‘private information’. The deficiencies of the Civil Code are that in data protection, the personal information and data are not clearly defined, the scope is unclear, the legal boundaries are blurred, and the principle private law provisions do not provide effective protection for workers’ personal information. B. Lack of Operability of Laws and Regulations on the Protection of Workers’ Personal Information Throughout China’s labor law system, safety law system and civil law regulations, most of the legal provisions for the protection of workers’ personal information are principled in nature and lack operative legal norms for the protection of personal information. In particular, there is a lack of protection of workers’ rights to personal information in labor laws and regulations, especially with regard to the obligations of employers to protect workers’ personal information. The provisions on workers’ right to information in the labor legal system are not sufficient to counteract the risk of leakage of workers’ personal information caused by the leakage of personal data under the human-computer interaction. In contrast, the provisions of the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law on the subject of the obligation to collect and use personal information do not extend to the rights and obligations between workers’ personal information and employers, which have special characteristics. Moreover, the cybersecurity law has the problem of disconnection between legal requirements and information control with respect to internal governance mechanisms, criminal law sanctions and other legal means, and norms of responsibility and behavior. As a result, the legal regime for information and security is difficult to enforce in terms of the relationship between rights and obligations in the protection of workers’ personal information, and there are shortcomings in terms of the correspondence between rights and obligations, the operationalization and enforcement of the law. Article 1035 of the Civil Code, which provides the processing of personal information, is more open and reflects the fact that the subject of obligations is not specified. Extending the requirements applicable to specific obligated subjects to general obligated subjects would be absurd and inconsistent with common sense. In addition, Book IV of the Civil Code only determines the rights of personal information, and lacks specific civil liability for infringement of personal information, so the rights and responsibilities of the legal system cannot be correlated one to another, and the proper operation of the law cannot be guaranteed. The phrase ‘violates the law or agreement’ is more like a principle provision, lacking corresponding legal responsibility. C. Lack of Availability of Legal Systems for Collective Bargaining and Inadequate Interconnection of Legal Systems The legal system of collective bargaining for the protection of workers’ personal information is not sufficiently provided, making it difficult for workers to seek protection of the personal information through collective bargaining; at the same time, the provisions on ‘data’ and ‘information’ in China’s data legal system are not sufficiently enforced. The interconnection of the territorial validity levels needs to be further improved. Compared to the protection of workers’ personal information in the actual management of employers, there is a lack of legal regulation of workers’ collective bargaining. The handling of workers’ personal information does not seem to be guaranteed through the employer’s duty to inform, and in the absence of asymmetric information between workers and employers, the extent and scope of the handling of personal information may be far beyond the workers’ knowledge and the employer’s notification. And the absence of a legal system for collective bargaining leads to a lack of clarity in the responsibility for the infringement of workers’ personal information, resulting in a lack of collective responsibility for the protection of workers’ personal information. At the same time, China’s data security legal system has the problem of interconnection between territorial data rights and different levels of data rights provisions to avoid territorial restrictions on data and personal information protection. The legislative objective of the Data Security Law (Draft) is to safeguard the interface with personal information protection from the perspective of national security, as well as ‘data’, ‘important data’, and ‘information’. A clear definition of what is meant is an issue that the draft needs to respond to. The Data Security Law (Draft) defines ‘data’ as ‘a record of information in electronic or non-electronic form’. In the Shenzhen Special Economic Zone Data Regulations (Draft for Public Comments), the regulations define data as ‘descriptions and generalizations about objects (such as facts, events, things, processes or ideas), and materials that can be processed or reinterpreted through automated means’, and stipulate that ‘natural persons, legal persons and unincorporated organizations’ are defined as ‘the persons who have the right to use the data’. Organizations enjoy data rights in accordance with laws, regulations and the provisions of regulations, and the concept of data rights as ‘the right of the right holder to independent decision, control, processing, income, interest damage compensation for specific data in accordance with the law’. It can be found that the definition of data in the Shenzhen Special Economic Zone Data Regulations (Draft) differs from the Data Security Law (Draft), and the geographical provisions actually further refine the legal regime for personal data protection. The legal definitions of information, data, and data rights in China’s data security legal system also create the problem of geographical differences in the interconnection and application of legal systems. In conclusion, from the legislative status of the protection of workers’ personal information in China, the legislative provisions for the protection of personal information are principled and scattered. Although the scope of protection may cover the main body of workers, it lacks specificity and specific legal responsibilities. In order to effectively respond to the challenges in the protection of workers’ personal information in the context of human-computer interaction, as well as the legal dilemma of the protection of workers’ personal information, there is an urgent need to resolve this dilemma.III. THE PROTECTION OF WORKERS’ PERSONAL INFORMATION HAS THE VALUE OF LABOR RIGHTS IN THE DIGITAL AGE The asymmetry in the personal information available between workers and employers and the inequality in the processing of that information place workers in a weaker position when negotiating their employment conditions with employers, which in essence threatens the right to work in the face of challenges to the protection of workers’ personal information. Researchers are divided on the concept and nature of labor rights, including the fact that labor rights have multiple spiritual connotations, including the concept of survival and development, the unification of material interests with personal and personal interests, and the need to realize an adjustment method that combines favorable protection with balance and coordination. The right to work is a complex system of rights, including collective and individual labor rights. The right to labor refers to the basic way for citizens with the ability to work to obtain secure work and property. The function of the right to labor includes the defense right of the state to realize the ‘obligation to respect’. The function of the right to labor includes the basic ways of self-realization of value and self-improvement. The right to labor is the way to realize the workers’ right to defense, as well as to guarantee the realization of labor remuneration and property rights. In other words, the right to labor is a prerequisite for the realization of other rights, and has a fundamental status and multiple value connotations. Different eras have different emphasis and focus on the right to work, and different value connotations, which leads to the need for institutional rules to match and adapt to them. From the Weimar Constitution of Germany in 1919, the right to labor was written into the constitution for the first time to promote the development of labor rights as a fundamental right norm. In the author’s view, the concept of labor rights as a product of the modern rule of law civilization of mankind, its value connotation is epochal, and the dynamic evolution of labor rights is the main reason for the academic differences. As a kind of compatible right, the labor right has the value connotation of the right to live and the right to freedom. The differences in theoretical research on the labor right do not require consensus understanding, but only need to clarify the research dimension in the process of research, which is conducive to promoting the rich development of Chinese labor right research in the Constitution and various departmental laws. The value of labor rights evolves dynamically, and understanding labor rights as basic rights of workers from a broad perspective can provide theoretical guidance for the protection of workers’ personal information and respond to the uncertainties brought by the interaction between human and machine in the protection of workers’ personal information.A. The Protection of Workers’ Personal Information Has the Value of the Right to Exist The asymmetry of workers’ personal information puts workers in a disadvantaged position, and their unequal status with employers leads to challenges to the right to exist, and the protection of workers’ personal information is in line with the value of the right to work. The right to labor in the modern sense arises from the requirement of an individual human right to subsistence. Thomas Jefferson, from the standpoint of the bourgeois democrats, proposed that the right to labor is a natural right, an important right of man, the connotation of which can be summarized as a natural and important right to the means of subsistence through labor and work, and its counterpart is the private right to land. According to Jefferson, land is a public resource on which human beings depend for their survival, and privatization of land needs to be accompanied by opportunities to work for those who fail to keep their private rights to land, i.e., those who lose their land must enjoy the basic right to work. In Jefferson’s thought, the right to work was seen as a complementary and alternative right to the loss of land ownership, and it can be said that the purpose of the right to work was essentially to preserve the right of human beings to live. The connotation of the right to work has developed into a collection of rights, and has the status of fundamental rights. According to the different subjects of rights, labor rights are divided into individual labor rights and collective labor rights. Collective labor rights, as an important area of human rights, are promoted by countries through constitutional provisions to promote the construction of the framework system of the labor law, so as to protect the collective labor rights of workers to amend the freedom of contract of individualism. The protection of workers’ personal information in the context of human-computer interaction should also be based on the revision of individualism in the context of collective labor rights and the use of the power of collective bargaining to ensure the realization of workers’ labor rights. It is assumed that there is an ethics of association by which the members of the society are united with each other in a cooperative system which is seen to be for the good of all, and is regulated by a common conception of justice, but those who are in this system of social cooperation are to uphold the just rules of the association and maintain the development of the cooperative system. B. The Protection of Workers’ Personal Information Has the Value of Freedom of Expression Since the founding of the US in 1776, American society has experienced the War of Independence, the Industrial Revolution, and the Civil War, all of which contributed to the evolution of labor relations, during which personal dependence was weakened and emancipation became the direction for the development of labor relations. The US labor law in the 20th Century has undergone a direction of development in labor relations from identity to freedom. The trend of social development is the gradual weakening of the actual control of employers over workers. As a result, the liberty value implication of labor rights is gradually amplified. The right to freedom develops on the basis of social rights, and follows the development of the right to freedom of self-determination of the citizens of the country, and is an expression of the right to exist to a higher stage of development. The right to liberty is the right to demand the state’s inaction in the context of national liberty, while the right to society is primarily the right to demand the state’s action in the context of social protection and assistance to weak economies. Both the right to freedom and the right to society are centered on the relationship to the state, but the substance of the law expressed in the two is different. The value of the right to freedom of labor requires the protection of workers’ personal information, which must be guaranteed by the power of social organizations and the role played by collective organizations of a social nature. A well-organized society contains many social unions, and the idea of social unions is used to construct the basic structure of society in such a way that the achievement of a just system becomes a common goal for all members, and the form of the system itself is seen as a characteristic of the good. In short, by analyzing the value of the connotation of labor rights in the protection of workers’ personal information and establishing a theoretical path to protect workers’ labor rights, we can clarify the legal position of workers’ personal information and achieve good social effects of legal protection. The right to work focuses on responding to the value of human existence and freedom, which is consistent with the need to protect the right to exist in the protection of workers’ personal information on the basis of vulnerability and inequality of rights, as well as workers’ demand for the right to freedom in the processing of their personal information. IV. LEGAL MEASURES FOR THE PROTECTION OF WORKERS’ PERSONAL INFORMATION IN THE CONTEXT OF HUMAN-COMPUTER INTERACTION To meet the challenge of protecting workers’ personal information, China needs to establish a theoretical foundation for collective labor rights and legislate for more collective responsibility based on a study of the development of US law and collective bargaining by labor unions. At the same time, China needs to establish the legal principle of informed consent for the collection of workers’ personal information and limit the scope of protection on the basis of self-classification of workers’ personal information. A. Utilizing the Role of Workers’ Voluntary Associations in Collective Bargaining on Behalf of Workers In the context of human-computer interaction, through the protection of workers’ collective labor rights, to promote the protection of the personal information rights, it is necessary to play the role of collective bargaining between representatives of workers’ social groups and employers. Collective labor rights emerged as a way to compensate for the inadequacy of individual labor rights. The institutional design of the National Labor Relations Act, which was drafted in the US to protect the right of employees to organize collectively, takes into account the privacy concerns of the average employee rather than looking at the conditions necessary to preserve the union organization, and can curb the potential influence of employer’s oversight on collective action. The collective labor rights of American workers are achieved primarily through collective bargaining, and they have a defined status as employees who can ally themselves and join labor organizations that serve their interests. In the case of professional athletes, for example, the relationships between professional athletes and their teams in North American professional sports leagues are governed by collective bargaining agreements negotiated between the individual unions and the respective federations. The collection and ownership of identifying data may be included in collective bargaining agreements, and union representatives should prioritize the regulation and protection of professional athletes’ biometric data. There are extensive collective bargaining agreements in US professional sports, and by 2024 all professional sports leagues will have new collective bargaining agreements in place to ensure the best interests of professional athletes through collective bargaining agreements, especially the potential impact on their privacy. Collective bargaining is a universal and vital right of union organizing. Professional athletes should not only own and control the use of their biometric data, but also have clear rights protected by privacy, labor, and employment laws and principles; the legal issues of ownership, commercialization of biometric data collected under wearable technology are resolved through union-initiated collective bargaining. China’s protection of workers’ personal information is still at an early stage of development, and the protection of workers’ personal information requires the collective responsibility of workers’ unions and other social organizations. In the US, wearable technology is widely used by professional sports leagues in professional sports, and each US state has relevant laws and regulations, so it is necessary to learn from the experience of the US in protecting workers’ personal information. In the US, professional sports leagues play a significant role in protecting the personal information rights of workers as employees, mainly because professional sports leagues seek the consent of professional sports league associations for the processing of workers’ personal information in accordance with the purposes for which it is required. Organizations such as the NFL, the NFL Players Association, and others play an important role in that they must seek permission from the NFL Players Association if the NFL wishes to use the information recorded through any of the sensors in the field for medical purposes; At the same time, the NFL Players Association has an agreement with a company to the effect of allowing workers to sell their data, thus enabling them to fight the NFL. The rights of the Association of Professional Sports Leagues are not limited to informed consent to the use of workers’ personal information by sports leagues and the ability to enter into data sales with the third parties. Professional sports federations in the US are able to negotiate the collection of personal information on behalf of their workers when they enter into collective bargaining agreements with professional sports federations. Social organizations need to take more responsibility for the protection of personal information. For example, the NBA’s Wearables Committee has the right to review and approve the use of wearables by players, and share data only for workers’ health and tactical purposes. A governance framework for data use at the normative level, with a shift towards collective control and responsibility, should balance the risk-benefit ratio between data users and data subjects, and protect individuals from bearing downstream costs (i.e., the harm caused by data use). Collective bargaining by social organizations on behalf of individual workers is more effective in preventing the illegal use of workers’ personal information than bargaining between individual workers and their employers. It must be recognized that collective bargaining agreements between professional sports associations and sports leagues in the US only partially provide the protection of personal information. Professional sports leagues in the US manage and protect the collection of biometric information of professional athletes through the collective bargaining agreements with players’ unions, but the collective bargaining agreements of professional football leagues contain only one clause that specifically addresses the use of wearable technology, requiring workers to use wearable devices in training-related situations and games, allowing teams to collect biometric information and to communicate with coaches and other relevant personnel. Sharing allows leagues to publicly disclose performance metrics based on workers’ physiological tests without the consent of the players’ union. The level of protection provided by agreements between different US professional sports leagues and professional sports associations varies widely. However, professional sports associations still play their role of representing workers and fighting for more workers’ rights and interests in labor-management negotiations. In the era of data as a factor of production, the need for industrialization, informatization, and commercialization calls for the value of data circulation. B. Legal Principles of Scenario-based Consent for the Collection of Information on Workers Workers should be informed of the collection of their personal information, and obtaining their consent is a basic prerequisite for the handling of their personal information; At the same time, the disadvantaged position of workers results in unequal access to information between them and their employers, and it is necessary to establish a scenario-based legal principle of informed consent for the collection of workers’ information. There is a consensus that the collector of personal information should inform the subject of the information collected. When collecting personal information, the information industry should give sufficient notice to the subject of the information about the personal information being collected, processed and used, and obtain the explicit consent of the subject of the information. ‘The collection and use of personal information in the act is essentially the information subjects’ permission to collect and use this within a certain range of their personal information. The collector and user of the information do not have exclusive rights to personal information, and should collect and use personal information within the scope of the permission of the information rights holder.’ In response to the potential negative impact of the collection of biometric data, the union has reached significant limits on the collection and use of biometric data in collective bargaining. Employers should provide full disclosure of their use of biometric data, duration, and how the employer plans to protect the data in order to avoid selling the data to the third parties without consent. At the same time, informed consent for the collection of workers’ personal information should establish the principle of scenario-based protection in order to address the differences in the collection and use of workers’ personal information in different scenarios in the smart age. Privacy information is multi-domain, and personal information in public and private places has different levels of protection. Creating a new system to protect information privacy should follow the principle of dynamic negotiation. Similar views exist among foreign scholars in studying the imbalance of rights in industrial relations, granting more protective rights to the worker’s side, advocating the passage of the Employee Privacy Protection Act to ensure that employee surveillance is limited to the workplace and job tasks, and limiting access to employee health data by employers and the third parties. There is an inherent tension between the idea that society should protect people from potentially severe effects of an unchecked market system and the notion of freedom of contract, where not all contracts have equal relative magnitude and risk distribution, requiring dynamically informed consent and risk-taking. Negotiated consent between employers for the processing of workers’ personal information needs to be combined with the regulation in specific scenarios to ensure that the processing of workers’ personal information is in the commercial interests of employers while protecting workers’ privacy. On the one hand, the protection of workers’ personal information under labor-management relations needs to be carried out on the basis of informed consent of workers, i.e., the protection of workers’ personal information requires the establishment of a consensual agreement in order to achieve substantive justice under the social law. The employer, as the subject of the obligation to protect workers’ personal information, must fully respect the agreement reached between the two parties based on labor-management consultation. The right to privacy of workers is a right that can be partially waived, and workers can reach a consensual agreement with the enterprise based on their own will to impose certain restrictions on their own privacy. On the other hand, workers’ personal information needs to establish the protection concept of digital scenarios and implement legal responsibility attribution through scenario-based standards. The protection of human rights in the digital age requires stepping out of the traditional thinking of physical space and establishing the concept and principle of scenario-based protection in due course. By providing empowerment and inclined protection in specific scenarios rather than general empowerment, individual citizens will be able to effectively protect their own information and related rights and interests. Enterprises, government agencies and society will also be able to realize the reasonable use of personal information. The negotiated consent of workers’ personal information processing needs to confirm the relationship of rights and obligations between the two parties through the scenarios, the economic interest of employers in the processing of workers’ personal information, and the loss and impact of personal information disclosure on workers’ change with scenarios. For example, in a scenario where the employer’s processing of workers’ personal information is used in labor negotiations, the law should strictly regulate the consent to the negotiation of personal information. The value of justice will also be demonstrated and accepted for consideration in such customized scenarios. While basic principles of justice still play a guiding role, many specific justice trade-offs need to be completed based on customized scenarios, which becomes an important driving force and support for social governance in the era of the smart Internet. The lack of scenario-based standards for workers’ negotiated consent may become an exemption clause for employers in employment contracts, and to what extent it can play a role in protecting workers’ personal information rights needs to be rethought. In the context of the collection of workers’ personal information by wearable technology, the consent of workers in labor-management agreements is based on subordinate characteristics, which may not be the real workers’ personal will. There are two situations, which are the obstacle that may be forced and the consent that is unknowing. Even in the case of informed consent after the collection of workers’ personal information, it is difficult for workers to be informed of the actual handling of their personal information, and to know how their personal information will be handled and whether their rights will be violated because of the risk of commercialization and illegal use of their personal information. Workers agree that there are barriers to the protection of personal information, including rules for interpreting formal terms and conditions, provisions for material misunderstanding, and provisions for coercion. Therefore, the protection of workers’ personal information needs to be based on the standards of the scenario in the digital era, and provide legal protection for the negotiated consent between workers and employers through the subordination of labor relations in the scenario. C. Realization of Substantive Equality of Legal Rights by Limiting the Scope of Collection of Personal Information The collection of workers’ personal information is limited to a certain scope, and legal protection of workers’ personal information is typified to the extent necessary to achieve substantive equality of legal rights between workers and employers. The legal regulation of the scope of workers’ personal information can be referred to as the principle of necessary limitation in the protection of workers’ privacy. The access to and use of workers’ private information should have necessary legal limits of scope, and the employer assumes the duty of care and protection of workers’ privacy. The type of protection of workers’ personal information is based on the classification standard of personal information of natural persons, combined with special information reflecting physical status such as biometric information of workers, and comprehensive analysis of workers’ personal information. The classification criteria for personal information of natural persons are based on the criteria of whether or not a specific natural person can be directly identified, sensitivity, and the identity of the information subject, among which sensitive personal information should include medical and health information, sex life and sexual orientation information, identification numbers, and personal biometric information. Research on the protection of workers’ personal information in China is at an early stage, and there is a need to establish legal principles of classification and limitation and to set specific directions for the development of a sophisticated legal system. Through extra-territorial observations, foreign laws are not perfect for personal information, privacy and other legal regulations, and American case law shows that the National Labor Relations Act has weak legal protection for personal privacy. However, the statutes on biometric data in US law are even more surprising, reflecting the legal principle of classification and protection of personal information. The US states of Illinois, Texas, Washington, and California have enacted statutes governing the collection of motion-identifying data, among which the Illinois Biometric Information Privacy Act is the most influential one. The Illinois Biometric Information Privacy Act imposes obligations on employers to protect employee privacy and data ownership, requires employee consent for the collection and use of such data, and establishes data security measures that reflect industry standards of reasonable care. Workers have a legitimate expectation that their personal information will not be infringed, and the law should make the necessary qualifications on a typological basis and reserve some space for collective bargaining between workers’ social groups and employers.D. Protection Paths that Give Equal Weight to Public and Private Law The protection of workers’ personal information requires a protection path that places equal emphasis on both public and private law, and is an inevitable trend in the modern legal system for interaction and integration between public and private law. The protection of personal information under the civil law is different from that under the public law, which lays the foundation for the legitimacy of personal information protection and provides a basic legal basis for personal information protection legislation. Private law has limitations for the protection of personal information, and it is difficult to effectively regulate infringement of personal information by relying only on the protection path of private law. The efficiency of private remedies is weakened, and the protection of personal information plays more of a posteriori comforting role. For example, in response to the illegal disclosure and use of personal information, the China Internet Society was commissioned by the Ministry of Industry and Information Technology to set up the 12321 Network Undesirable and Spam Reporting and Acceptance Center, which according to the introduction, assists the Ministry of Industry and Information Technology in assuming the responsibility of reporting undesirable and spam information on the Internet, mobile phone networks, fixed telephone networks and other forms of information and communication networks and telecommunications services, receiving, investigating, analyzing and dealing with reports. However, to what extent are the reporting centres able to receive reports, in view of the specific provisions on the duties of the reporting agencies, the scope of the cases received, and the manner in which the reports are received. Can complaints received by the centre be effectively investigated and prosecuted? To what extent can the Reception Centre investigate and prosecute breaches of personal information? How should the validity of its investigative actions be determined? These questions cannot be answered clearly, and it is unclear to what extent private remedies for the disclosure of personal information can act as a check on the disclosure and misuse of information. The public law system better facilitates the circulation and development of data in the market, as a commodity that needs to circulate freely in the market, and the public law system guarantees the orderliness of this circulation. China needs to define and balance the protection of the rights and interests of individuals and data enterprises through private law, and strengthen human rights protection through public law to balance the protection of the digital rights and interests of individuals and enterprises under the framework of the rule of law. Personal information is regulated in the Cybersecurity Law, the Civil Code, etc., and it can be seen from the relevant definitions of each ministry’s laws that personal information is a concept with an inclusive connotation, and the protection path of both public and private law is also determined by its inclusiveness. The right to personal information is a cluster of rights, the scope of which is defined by legislation. The core of which is the right of the information subject to control their own information, including the right to know, the right to amend, the right to delete, the right to be portable, the right to be forgotten, etc. The new type of rights is a product of the era of decodification, with cross-legal departments, a mixture of diverse features, and the integration of public and private law. The construction of a system for the protection of workers’ personal information should adopt a legal path that gives equal importance to both public and private law. The public law system is the enactment of various regulatory laws or regulations regulating personal data, and the private law empowerment is the protection of personal data in the era of big data through the private law system; if the right to privacy is understood only as a negative right not to be infringed upon, without the empowerment that can be used positively and self-determined, the data industry will not be able to develop. V. CONCLUSION In the context of human-computer interaction, technology is accelerating the collection of workers’ personal information. Although issues related to personal information, workers’ data, and the protection of workers’ privacy are gradually gaining attention in academic circles, there is still a lack of theoretical research on the protection of workers’ personal information, which is reflected in the insufficient supply of norms and the lack of linkage effect between norms in institutional practice. In this regard, the legal regulation of the protection of workers’ personal information is one of the key research priorities in the academic sector. According to the theory of collective labor rights, the construction of the legal system for the protection of workers’ personal information should be based on the perspective of collective responsibility, play the role of collective bargaining through social organizations, and establish a path of protection that is coordinated between the legal principle of scenario-based consent and a limited scope on the basis of typology. At the same time, the protection of workers’ personal information requires a combination of public and private law. The right to work as a theoretical guide for the protection of workers’ personal information is only the beginning; social groups must play a role in ensuring that workers’ rights to their personal information are protected and remedied by law.
