大數據偵查通過計算機技術對存儲于網絡與計算機系統中的海量數據進行收集、共享、清洗、對比和挖掘,從而發現犯罪線索、證據信息或者犯罪嫌疑人。大數據偵查主要包括目標驅動型、比對驅動型與事件驅動型三種行為樣態,在犯罪預防預測和犯罪偵破領域均有實踐應用。大數據偵查對一些基本權利和法律價值構成挑戰,有必要對其進行法律控制。然而,傳統的法律規范框架存在滯后性,對大數據偵查的法律屬性界定模糊,區分數據內容與元數據具有局限性,偵查啟動門檻虛置,已然犯罪與未然犯罪界限模糊。對大數據偵查進行法律控制,可采取偵查規范和數據規范的雙重路徑。在偵查規范方面,應遵循合法性原則、比例原則,加強外部監督和司法監督。在數據規范方面,建議適度引入個人信息保護方面的法律原則和機制,包括確立目的合法與特定原則,賦予信息主體的知悉權與更正權,建立信息安全與數據質量控制機制,以及個人信息使用的監督與救濟程序。

Through the use of computer technology to collect,share,screen,compare and unearth data stored online and in computer systems,big data investigations can locate clues,evidence or suspects.Such investigations have three main modes:the goaldriven,the comparison-driven,and event-driven.These are of practical use in crime prevention and prediction and in the field of detection.As big data investigations challenge some basic rights and legal values,they have to be brought under legal control.However,the traditional framework of legal norms lags behind.Definition of the legal properties of big data investigations is unclear;there are limits to differentiating data contents from metadata;the threshold for launching criminal proceedings exists in name only;and the boundary line between ascertained offense and unaccomplished crime is also unclear.Dual approaches can be adopted for gaining legal control of big data investigations:detection standards and data standards.With detection standards,we should follow the principles of legality and proportionality and strengthen external and judicial oversight.With data standards,we propose introducing appropriate legal principles and mechanisms for protecting personal information,including establishing legitimate aims and specific principles,giving data subjects the right to know and the right to make changes,and setting up arrangements for information security and data quality control,together with procedures for supervision of the use of personal information and relief procedures.