With the increasingly prominent value of personal information in the information age, the situation of personal information protection is also showing a diversified trend: on the one hand, the legal norms for personal information protection are becoming more and more complete, and the protection of personal information is becoming more and more refined and perfect; On the other hand, the protection of personal information is intertwined with the rational use of personal information and often conflicts with it. Specific types of personal information protection still need improvement, as evidenced by the theoretical disputes and practical difficulties in disclosing personal information protection. Reasonably determining the boundary of criminal intervention in the protection of public personal information not only fully utilizes the circulation value of public personal information, but also avoids personal and property damage based on public personal information. Existing claims and analysis of criminal law protection for the disclosure of personal information: (1) Analysis of the theory of secondary authorization. The theory of secondary authorization advocates that those who provide publicly disclosed personal information to others should obtain secondary authorization from the information rights holder, otherwise it may still constitute a crime. It is generally believed that the substantive legal basis for the theory of secondary authorization is the provision in Article 3, paragraph 2 of the Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Application of Law in Handling Criminal Cases Involving the Infringement of Citizens' Personal Information (hereinafter referred to as the "Interpretation"): "Providing lawfully collected citizens' personal information to others without the consent of the recipient constitutes the provision of 'providing citizens' personal information' under Article 253-1 of the Criminal Law." The provisions of the Civil Code and the Personal Information Protection Law on the processing of public personal information actually fill the regulatory vacuum for the protection of such information, so that the regulation of illegal processing of such information does not need to apply the provisions of Article 3, paragraph 2 of the Interpretation in a timely manner, and thus does not need to apply the provisions of Article 3, paragraph 2 of the Interpretation. Apply the 'secondary authorization' rule. （2） The analysis of the purposive theory suggests that the purpose and use of processing public personal information should be comprehensively considered to determine whether the behavior constitutes a crime. Specifically, only those who "clearly violate the purpose of information disclosure", "significantly change the purpose of information use", and "use publicly available personal information to commit illegal or criminal acts that may endanger the personal or property safety of citizens" constitute crimes. The examination approach of purposiveness theory has the following problems: firstly, purposive theorists have not clarified that purposive examination is the substantive legal basis for determining whether the handling of public personal information should bear criminal responsibility standards; Secondly, there are logical flaws in the criteria for judging purposefulness; Finally, the criterion of purposive judgment faces operational difficulties in judicial practice. Therefore, determining the criminal regulatory boundaries for handling public personal information solely based on purposive judgments may not lead to reasonable conclusions in certain situations. （3） The theory of information self-determination advocates that rights holders still have the right to self-determination in disclosing personal information. Specifically, personal information should be disclosed with the individual's informed consent; When subsequent processing activities deviate from the originally disclosed purpose or use, the information subject has the right to restrict or refuse the processing of that personal information. The theory of information self-determination has the following issues: firstly, the exercise of the right of refusal by the information rights holder is not based on the premise that personal information has been unreasonably processed. Even if personal information is processed within a reasonable range, the information rights holder has the right to refuse; Secondly, the theory of personal information self-determination does not reflect the differences in protection and differential protection between different types of publicly available personal information; Thirdly, although the rule of "having a significant impact on the interests of the information subject" also complies with the relevant provisions of the prerequisite law, this condition stacking lacks both doctrinal systematicity and content coherence. In summary, the establishment of the boundary of criminal law protection for the disclosure of personal information is contingent upon the categorization of the disclosure of personal information. On the premise that the preconditions for illegal activities have been determined, seeking the integration of pre-existing legal provisions and criminal law norms is the appropriate approach to explore the reasonable boundary of criminal law protection for the disclosure of personal information. The prerequisite for criminal law protection of disclosure of personal information: the main controversy over the classification of disclosure of personal information is: firstly, whether the classification of disclosure of personal information should adopt the standard of willingness to disclose or the standard of degree of disclosure; Secondly, should illegally disclosed personal information be protected as a type of information. Regarding the first question, the degree of information disclosure should not be used as a criterion for categorizing personal information. Firstly, the way and degree of personal information disclosure generally depend on the willingness of the information rights holder to disclose it; Secondly, the standard of personal willingness to disclose information is closely related to the exercise of personal information self-determination, and the degree of information disclosure is an objective manifestation of the exercise of personal information self-determination by the information rights holder. The standard of willingness to disclose can reflect the degree to which the information rights holder exercises their right to self-determination of personal information, and can serve as a standard for classifying the disclosure of personal information. Regarding the second question, compared to the voluntary and lawful disclosure of personal information by information rights holders, illegally disclosed personal information is more vulnerable to infringement and more likely to result in serious consequences such as personal injury or property damage to information rights holders. In this sense, the necessity of protecting illegally disclosed personal information is even higher than that of personal information that is in a non-public state. Therefore, illegally disclosed personal information is the natural object of typification of disclosed personal information. Therefore, it is advisable to classify the disclosure of personal information into active disclosure, passive disclosure, and illegal disclosure based on the disclosure intention of the information rights holder. Proactively disclosed personal information includes information that the rights holder voluntarily discloses or discloses with the consent of the rights holder; Passive disclosure of personal information mainly refers to information that is publicly disclosed in accordance with laws and regulations; Illegal disclosure of personal information refers to information that has been made public without the consent of the information rights holder and without legitimate reasons. The boundary of criminal law protection for the disclosure of personal information: Based on the integration of prerequisite law and criminal law, the Civil Code and the Personal Information Protection Law have established rules for "reasonable processing", "explicit refusal", and "significant impact" in the handling of the disclosure of personal information. From a qualitative perspective, the rule of "reasonable handling" is an obligatory norm, while the rules of "explicit rejection" and "significant impact" are prohibitive norms. Obligatory norms indicate how the actor should behave, while prohibitive norms indicate that the subject should not take certain actions and are usually accompanied by responsibility. Firstly, behaviors that violate the rule of "reasonable handling" do not have the potential to infringe upon legal interests. Under the semantics of the "reasonable handling" rule, the understanding of the "resulting outcome" should be limited to situations where it has not yet had a significant impact on individual rights and interests. The reasonable understanding of "processing within a reasonable scope" is based on a reasonable purpose, adopting appropriate methods to process personal information, and the processing behavior does not have a significant impact on individual rights and interests. For both active and passive disclosure of personal information, if the right holder does not explicitly refuse, it shall be deemed that the right holder has "generally agreed" to the information processing behavior. The act of unreasonable processing in violation of the "reasonable processing" rule does not infringe on the right to self-determination of personal information and does not involve criminal responsibility, and does not require punishment; For illegally disclosed personal information, the rights holder has not exercised their right to self-determination over personal information and can be protected according to the infringement of undisclosed personal information. The act of illegally processing such information can still constitute the crime of infringing on citizens' personal information. Secondly, actions that violate the prohibitive rule of "explicit refusal" infringe upon the legal interests of personal information self-determination. Article 27 of the Personal Information Protection Law stipulates that an individual's explicit refusal is a prohibitive requirement for processing public personal information, which affirms the right of the right holder to refuse the processing of their public personal information by others. For the reasonable handling of public personal information by the perpetrator, it can be considered that the right holder has fully exercised their right to self-determination of personal information. As long as the information processor processes public personal information according to default rules, it will not infringe on the right holder's right to self-determination of personal information. The clear refusal of the right holder is their negation of the default rules. When the information right holder clearly expresses their refusal, it is equivalent to their "withdrawal of consent". Unless the information processor has other legitimate reasons for processing personal information, their processing activities will no longer have a legal basis. For passive disclosure of personal information, the rights holder has limited exercise of their right to self-determination of personal information. If the rights holder explicitly refuses, it can be considered that they have retained the exercise of their right to self-determination of personal information. At this point, if the information processor continues to process the publicly available personal information, it may still infringe upon the legal interests of personal information self-determination. Thirdly, acts that violate the prohibitive rule of "significant impact" infringe upon the legal interests of citizens' information security. The Personal Information Protection Law sets prohibitive rules for the processing of publicly available personal information that do not have a significant impact on individual rights and interests. Regardless of whether the perpetrator voluntarily or passively discloses personal information, as long as the rights holder does not explicitly refuse, the processing of such information will not infringe on the legal interests of personal information self-determination. However, if the information processing behavior may harm the significant interests of the rights holder, that is, if the processing of public personal information causes significant damage to the personal and property safety of citizens or has a significant risk of damage, then the personal information processing behavior may still constitute a crime of infringing on citizens' personal information security legal interests. The disclosure of personal information in the conclusion not only demonstrates its circulation efficiency, but also carries the risk of personal and property infringement on the information rights holder due to its identifiable characteristics. Therefore, on the one hand, it is still necessary to regulate the illegal handling of public personal information through criminal means, and on the other hand, the protection of public personal information in criminal law should be restrained. The appropriate approach is to seek the boundary of criminal law protection for the disclosure of personal information between the integration of pre-existing law and criminal law: the act of simply and unreasonably handling the disclosure of personal information does not involve the crime of infringing on the legal interests of citizens' personal information, but can lead to civil and administrative liability; The violation of the prohibitive rule of the prerequisite law of "clear refusal by the right holder" may lead to the infringement of the legal interests of personal information self-determination; Violation of the prohibitive rules of pre-existing laws that do not have a significant impact on the rights and interests of rights holders may lead to infringement of citizens' information security legal interests. This approach can not only achieve the integration of pre-existing legal norms and criminal legal norms, but also achieve the coordination of criminal responsibility, civil responsibility, and administrative responsibility on the basis of adhering to the modesty of criminal law. It is an appropriate solution for the criminal law protection of public personal information. (New Society)