The rapid development of deepfake technology has infringed upon personal privacy in the form of the disclosure and misuse of personal information, infringement upon the peace of people's life, and damage to personal image and reputation. The disclosure and misuse of personal information should be analysed from the perspectives of personal use and commercial use of information data; infringement upon the peace of people's life should be examined from the perspectives of fraud and harassment, and malicious pursuit using deepfake technology; and damage to personal image and reputation should be discussed from the two levels of initial damage to personal image and reputation and aggravated damage to personal reputation after dissemination through the media. Article 1032 of the Civil Code clearly defines the scope of privacy protection as the peace of people's private life, private space, private activities and private information, as well as the infringement of privacy rights through means such as spying, intrusion, disclosure and publication, which reflects the legislative inertia to strengthen the protection of privacy and personal information. Article 1032 of the Civil Code, the Personal Information Protection Law, the Provisions on the Administration of Deep Synthesis of Internet-based Information Services, and other laws and regulations together form the current personal privacy protection system. However, existing laws do not provide specific explanations for key terms such as 'leakage', 'intrusion' and 'damage', which leads to uncertainty in the application of the law and makes it difficult to effectively protect personal privacy in actual operations. At the same time, there is a lack of clear definitions of the scenarios and specific standards of behaviour that the technology may involve, which has exacerbated public concerns about personal privacy security. Strengthening legal protection against deepfake technology requires refining legal concepts and drawing on knowledge from comparative law: 'leakage' can be considered the illegal acquisition and dissemination of unauthorised data and information, 'intrusion' can be defined as behaviour that disrupts the normal order of others and causes mental distress, and 'damage' can be understood as behaviour that causes negative evaluation or loss to the image, reputation or property of others. The legislative department should take the lead and cooperate with the Ministry of Industry and Information Technology in formulating specific standards for evaluating behaviour. The deterrent effect of the law should be strengthened by refining relevant legal provisions in the Civil Code and the Personal Information Protection Law and increasing the penalties for violations of the law. This will better balance technological development and personal privacy protection and improve China's personal privacy protection system.
Read full abstract