制定隱私政策是網絡服務提供者自律的重要工具,也是網絡服務提供者應對個人信息保護立法,確保其用戶個人信息收集、利用行為符合法律規定的重要方式。經用戶同意的隱私政策將在用戶與網絡服務提供者之間成立合同關系,在個人信息收集、利用方面具有取得用戶授權的效力,此類隱私政策的變更在性質上屬于合同變更,應當取得用戶同意,否則對用戶不產生拘束力。未經用戶同意的隱私政策屬于純粹的企業自律規則,無法在網絡服務提供者與用戶之間成立合同關系,在用戶個人信息收集、利用方面并不具有取得用戶授權的效力,此類隱私政策的變更無須取得用戶的同意,變更后的隱私政策對用戶不產生拘束力。

The formulation of privacy policy is an important self-regulation tool of network service providers as well as a crucial way for network service providers to deal with legislation in personal information protection and ensure that the collection and utilization of their users’ personal information are in accordance with law. The privacy policy agreed by the users will establish a contractual relationship between the users and the network service provider, and obtain the validity of authorization from the users in the collection and utilization of personal information. The change of such privacy policies is a contract modification in nature and should be agreed by the users; otherwise, it will not be legally binding for the users. The privacy policy without users’ consent is a pure self-regulation rule of the enterprise, and it is impossible to establish any contractual relationship between the network service provider and the users, also can not obtain the validity of authorization from the user in the collection and utilization of personal information. The change of such policies does not require the users’ consent, and the changed privacy policy is not legally binding for the users.