我国《民法典》采用“个人信息的处理”的概念以涵盖所有与个人信息相关的活动，与以往立法上的“收集、使用”或“收集、处理”等表述相比更具有合理性与科学性，也符合国际立法上的通行作法。2021年颁布的我国《个人信息保护法》（以下简称《个保法》）延续了《民法典》的规定。《个保法》还规定了个人信息的共同处理，并将其界定为“共同决定个人信息的处理目的和处理方式”的行为。笔者认为，个人信息共同处理其实是指数个个人信息处理者对个人信息处理目的和处理的方式达成合意或者对此存在意思联络。个人信息共同处理可能侵害个人信息权益，也可能侵害个人的隐私权、姓名权、肖像权等人格权。个人信息共同处理侵害的是个人信息权益且属于《个保法》的调整范围的，共同处理者侵权责任的归责原则应适用《个保法》第69条第1款的过错推定原则；当侵害的是隐私权等人格权时，或者侵害的是个人信息权益但属于《个保法》排除适用的情形，侵权责任的归责原则应适用《民法典》第1165条第1款的一般过错原则。《个保法》第20条第2款规定共同处理者“应当依法承担连带责任”，该条的引致性规范是《民法典》第1168条至第1172条的规定，但据此规定，共同处理者应当承担连带责任或者按份责任。笔者认为，为了更好地保护个人信息权益，应删除《个保法》第20条第2款中的“依法”一词，使得该条成为独立的请求权基础。此外，在解释论上，应当将精神损害纳入到个人信息侵权损害赔偿责任的范围，并对精神损害做适当的扩张解释，即将包括精神上的焦虑、恐惧、不安等根据具体情况都认定为精神损害；并且，将个人的合理“预防成本”认定为“财产损失”。最后，对共同处理者内部的责任分摊及追偿问题，应直接适用《民法典》第178条第2款及第520条的规定加以解决。

China Civil Code adopts the concept of "processing of personal information" to cover all activities related to personal information, which is more reasonable and scientific than the expressions of "collection and use" or "collection and processing" in the previous legislation. " China Personal Information Protection Act (CPIPA), enacted in 2021, follows the provisions of the Civil Code. In addition to individual processor, CPIPA also defines the joint processing of personal information as the act of jointly determining the purpose and method of processing personal information. In my opinion, Joint processing of personal information means that two or more personal information processors have reached an agreement on the purpose and method of personal information processing or have contact with each other. Joint processing of personal information may infringe personal information rights and personal rights such as privacy rights, name rights and portrait rights. If the joint processing of personal information infringes upon personal information rights and interests and falls within the adjustment scope of the CPIPA, the joint processing of tort liability imputation principle should apply the fault presumption principle of Article 69 (1) of the CPIPA. When the infringement is the right of privacy and other personal rights, or the infringement is the personal information rights and interests, but does not apply to the CPIPA, the tort liability principle should apply to the Article 1165(1) of Civil Code of the general fault liability principle. Article 20 (2) of the CPIPA stipulates that joint processing of personal information infringes upon personal information rights and interests and causes damage shall be jointly and severally liable according to Article 1168 to Article 1172 of the Civil Code, but according to the provisions of the joint handling of the joint liability or joint liability. I think that in order to better protect the rights and interests of personal information, the word "according to law" in the second paragraph of article 20 of the CPIPA should be deleted，in order to make this article an independent basis for the right of claim. In addition, in the theory of interpretation, the spiritual damage should be included in the scope of personal information tort damage compensation liability, and the spiritual damage to do a proper expansion of interpretation, that is, including mental anxiety, fear, anxiety, according to the specific situation are identified as mental damage; Moreover, reasonable "prevention costs" for individuals are recognized as "property losses." Finally, the problem of apportionment of liability and recovery within the joint contractors should be solved by directly applying the provisions of Article 178 (2) and Article 520 of the Civil Code.