数据泄露情况下的严格责任与过失

IF 0.9 3区 社会学 Q3 ECONOMICS
Jooyong Jun , Jeong-Yoo Kim
{"title":"数据泄露情况下的严格责任与过失","authors":"Jooyong Jun ,&nbsp;Jeong-Yoo Kim","doi":"10.1016/j.irle.2024.106218","DOIUrl":null,"url":null,"abstract":"<div><p>This study compares the efficiency of the strict liability and negligence rules in the case of a data breach. Contrary to standard results, we demonstrate that the strict liability rule cannot induce the efficient activity and care levels of a data controller. This is mainly due to possible positive externalities from data breaches, unlike in usual tort cases. We show that the negligence rule is more efficient than the strict liability rule if the positive externality is sufficiently large. The main insight is carried over to the case where a data controller uses a data processor to process personal information before selling it in the market. If hackers are explicitly introduced into the model, the care level of the data controller increases with the hacking activity, whereas the latter level decreases with the former. In this model, if the hacker’s gain is sufficiently small, the negligence rule can be made more efficient by adjusting due care to a harsher level than the equilibrium care level under strict liability to reduce hacking activity, although a pure strategy equilibrium may not exist for some due care levels.</p></div>","PeriodicalId":47202,"journal":{"name":"International Review of Law and Economics","volume":"79 ","pages":"Article 106218"},"PeriodicalIF":0.9000,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Strict liability versus negligence in the case of data breach\",\"authors\":\"Jooyong Jun ,&nbsp;Jeong-Yoo Kim\",\"doi\":\"10.1016/j.irle.2024.106218\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>This study compares the efficiency of the strict liability and negligence rules in the case of a data breach. Contrary to standard results, we demonstrate that the strict liability rule cannot induce the efficient activity and care levels of a data controller. This is mainly due to possible positive externalities from data breaches, unlike in usual tort cases. We show that the negligence rule is more efficient than the strict liability rule if the positive externality is sufficiently large. The main insight is carried over to the case where a data controller uses a data processor to process personal information before selling it in the market. If hackers are explicitly introduced into the model, the care level of the data controller increases with the hacking activity, whereas the latter level decreases with the former. In this model, if the hacker’s gain is sufficiently small, the negligence rule can be made more efficient by adjusting due care to a harsher level than the equilibrium care level under strict liability to reduce hacking activity, although a pure strategy equilibrium may not exist for some due care levels.</p></div>\",\"PeriodicalId\":47202,\"journal\":{\"name\":\"International Review of Law and Economics\",\"volume\":\"79 \",\"pages\":\"Article 106218\"},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2024-08-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Review of Law and Economics\",\"FirstCategoryId\":\"96\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0144818824000383\",\"RegionNum\":3,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"ECONOMICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Review of Law and Economics","FirstCategoryId":"96","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0144818824000383","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ECONOMICS","Score":null,"Total":0}
引用次数: 0

摘要

本研究比较了数据泄露情况下严格责任规则和过失规则的效率。与标准结果相反,我们证明了严格责任规则不能促使数据控制者有效地开展活动和提高关注水平。这主要是由于数据泄露可能带来的正外部性,这与通常的侵权案件不同。我们证明,如果正外部性足够大,过失规则比严格责任规则更有效。我们的主要见解也适用于数据控制者使用数据处理者处理个人信息后再在市场上出售的情况。如果在模型中明确引入黑客,数据控制者的关注程度会随着黑客活动的增加而增加,而后者的关注程度会随着黑客活动的增加而减少。在这个模型中,如果黑客的收益足够小,可以通过将适当注意调整到比严格责任下的均衡注意水平更苛刻的水平,使过失规则更有效率,从而减少黑客活动,尽管对于某些适当注意水平,可能不存在纯策略均衡。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Strict liability versus negligence in the case of data breach

This study compares the efficiency of the strict liability and negligence rules in the case of a data breach. Contrary to standard results, we demonstrate that the strict liability rule cannot induce the efficient activity and care levels of a data controller. This is mainly due to possible positive externalities from data breaches, unlike in usual tort cases. We show that the negligence rule is more efficient than the strict liability rule if the positive externality is sufficiently large. The main insight is carried over to the case where a data controller uses a data processor to process personal information before selling it in the market. If hackers are explicitly introduced into the model, the care level of the data controller increases with the hacking activity, whereas the latter level decreases with the former. In this model, if the hacker’s gain is sufficiently small, the negligence rule can be made more efficient by adjusting due care to a harsher level than the equilibrium care level under strict liability to reduce hacking activity, although a pure strategy equilibrium may not exist for some due care levels.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
2.60
自引率
18.20%
发文量
38
审稿时长
48 days
期刊介绍: The International Review of Law and Economics provides a forum for interdisciplinary research at the interface of law and economics. IRLE is international in scope and audience and particularly welcomes both theoretical and empirical papers on comparative law and economics, globalization and legal harmonization, and the endogenous emergence of legal institutions, in addition to more traditional legal topics.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信