Abstract: While digital platform provides tremendous convenience for public production and daily life, security risks such as personal information leakage and misuse have simultaneously escalated. As a new tier in governance structures, guiding digital platform to strike a balance between information protection and data openness is crucial for advancing the modernization of cyberspace governance systems and enhancing governance capacity. Examining digital platform from the perspective of data controllers, this paper explores the generative logic of personal information security risks through a threetiered framework: unauthorized collection, unregulated processing and improper application. The paper proposes coping strategies including refining “informed consent” operational details to stabilize the privacy policy framework of platform, strengthening the application of data desensitization technologies to standardize the automated decisionmaking processes of platform, and improving the information provision and disclosure mechanisms to enhance the internal information management of platform, so as to achieve a balance between personal information protection and the release of the value of data elements.

Key words: digital platform, personal information protection, security risk, technical governance, platform obligation

摘要： 数字平台在为社会公众生产生活提供极大便利的同时，个人信息泄露、滥用等安全风险也随之上升.作为治理结构中的新层级，如何引导数字平台把控好信息保护与数据开放的尺度，对于推进网络空间治理体系和治理能力现代化至关重要.从数据处理者的视角审视数字平台，围绕采集失序、处理失控、应用失范3个递进层面揭示个人信息安全风险的生成逻辑，并提出优化“告知同意”操作内容、稳固平台隐私政策框架、强化数据脱敏技术运用、规范平台自动化决策流程、完善信息提供披露机制、加强平台内部信息管理等应对策略，以期实现个人信息安全保护与数据要素价值释放的平衡统一.

关键词: 数字平台, 个人信息保护, 安全风险, 技术治理, 平台义务