Application Dilemmas and Institutional Improvements of the Crime of Infringing Citizens' Personal Information in the Context of Big Data
Authors
Jiaqi Qu
Criminal Justice School, Zhongnan University of Economics and Law, Wuhan, China
Author
Keywords:
big data, criminal law, data compliance, judicial application, personal information, information infringement
Abstract
Under the conditions of big data, the crime of infringing citizens' personal information has become significantly more difficult to apply in judicial practice because personal information is increasingly collected, aggregated, transferred, and reused across diverse platforms, institutions, and complex data-processing chains. This paper systematically examines the application dilemmas of this specific crime within the framework of Chinese criminal law, focusing primarily on the inherent tension between strict legal certainty and the dynamic, complex realities of modern data circulation. It argues that while existing quantity-based standards remain necessary for baseline adjudication, they are fundamentally insufficient to address nuanced cases involving highly sensitive information, authorised access followed by unauthorised secondary use, malicious insider leakage, sophisticated technical circumvention, doxxing databases, and severe downstream fraud. By adopting a rigorous methodology encompassing normative analysis, structured case observation, and limited case coding, this paper critically analyses typical cases recently released by the Supreme People's Court. These include medical data leakage, railway passenger-information sale, illegal acquisition of education records, doxxing through social-engineering databases, and fraud based on HPV vaccine-reservation information. The study ultimately finds that judicial reasoning must urgently move beyond a single quantity standard and adopt a comprehensive, multi-dimensional assessment based on information type, data source, conduct method, actor responsibility, and harmful consequence. It further proposes actionable institutional improvements concerning personal-information identification, seriousness assessment, administrative-criminal boundary clarification, evidence review, and corporate compliance governance.
