个人信息保护制度的风险路径及其路径风险（On the Risk-oriented Approach and Its Risk in Establishing the Personal Information Protection Regime）: 以荷兰数字治理及SyRI案为例（The Digital Governance in the Netherlands and the SyRI Case as an Example）

Abstract

The digital governance in the Netherlands has mainly gone through two phases: in the developing phase, it concretized the EU’s dual-track strategy, which combines technical development and fundamental rights protection by forming a united data system and drafting a framework for trustworthy artificial intelligence. In this way, the context for the risk-oriented approach has been created. In the developed phases, the SyRI case is the first realistic application of the risk-oriented approach. More significantly, this case reveals the revolutionary changes of risk analysis in terms of grouping, identifying, and reasoning caused by sophisticated algorithms, which eventually shift the risk-oriented approach from preventive to preemptive. The Dutch experience in both phases could provide insights into improving China’s personal information protection regime. Particularly, a more holistic perspective and synergistic tools should be considered when addressing the overall challenges posed by the transition of the risk-oriented approach to the traditional legal system.