长期以来，囿于国家安全利益与侦查密行主义的制约，个人信息保护未能得到侦查程序应有的关注。《个人信息保护法》的出台推动了个人信息保护从私法、实体法领域向公法、程序法领域延伸，保护个人信息成为刑事侦查的时代命题。在侦查中保护个人信息是为了实现数字化时代打击犯罪与保障人权的动态平衡，制约数据权力，捍卫新型的信息自决利益。对此，应当诉诸权利保护与权力保护两种方式。然而，在侦查中，个人信息保护不仅面临理论依据不明、运行逻辑不清、时代转型不力的权利困境，还存在数据主义主导、数据监控扩张、数据权力膨胀的权力隐忧。我国侦查制度呈现出个人信息权利保护的间接性，权力保护的依附性、混合性。立法规范通过保密义务条款、技术保真条款、权力行使条款、隐私保护条款间接保护个人信息权利。并且，相关程序造成个人信息分析行为、个人信息存储行为与搜查个人信息欠缺独立性，还致使任意侦查与强制侦查、回溯性侦查与即时性侦查、特定性侦查与不特定性侦查的不当混合。相反，域外侦查制度呈现出个人信息权利保护的直接性，权力保护的独立性、比例性。美国通过隐私权为个人信息提供了直接的权利保护，欧盟则诉诸隐私权与个人数据受保护权。此外，域外侦查制度不仅确立了个人信息分析行为、个人信息存储行为与搜查个人信息的独立地位，也区分了任意侦查与强制侦查、回溯性侦查与即时性侦查、特定性侦查与不特定性侦查。我国侦查中的个人信息保护制度应当进行重构。在权利保护方面，应当正确认识个人信息权与隐私权之间范围交叉、权能补益与层级递进的逻辑关系，建立“个人信息权—隐私权”的层级化权利构造。并且，应当赋予信息主体知情权、决定权、更正权、删除权、免受算法自动化决策权与算法解释权，在特定情况下可以限制相关权利。在权力保护方面，应当引入并调适信息分类制度、合法性基础、信息他用制度与保存期限制度。同时，将一般信息、隐私信息分别与任意侦查、强制侦查相对应，调整调取程序，正视搜查程序，创设分析程序，改造技术侦查程序，建构“调取—搜查—分析—监控”的层级化个人信息处理程序。

For a long time, due to the restriction of national security interests and investigative secrecy, the protection of personal information has not received the due attention of investigative procedures. The promulgation of the "Personal Information Protection Law" has promoted the extension of personal information protection from the field of private law and substantive law to the field of public law and procedural law. The protection of personal information has become the era proposition of criminal investigation. The purpose of protecting personal information in investigation is to achieve the dynamic balance between combating crime and protecting human rights in the digital era, restrict data power and defend the interests of new information self-determination. In this regard, we should resort to two ways: right protection and power protection. However, in the investigation, the protection of personal information not only faces the right dilemma of unclear theoretical basis, unclear operation logic and ineffective transformation of the times, but also has the power worries of dataism, data monitoring expansion and data power expansion. China's investigation system shows the indirectness of the protection of personal information rights, the dependence and hybridity of power protection. Legislation regulates the indirect protection of personal information rights through confidentiality obligation clauses, technical fidelity clauses, power exercise clauses and privacy protection clauses. Moreover, the relevant procedures lead to the lack of independence of personal information analysis , personal information storage and searching personal information, and also lead to the improper mixing of arbitrary investigation and compulsory investigation, retrospective investigation and prospective investigation, specific investigation and non-specific investigation. On the contrary, the extraterritorial investigation system shows the directness of the protection of personal information rights and the independence and proportion of power protection. The United States provides direct right protection for personal information through the right to privacy, while the European Union appeals to the right to privacy and the right to protect personal data. In addition, the extraterritorial investigation system not only establishes the independent status of personal information analysis, personal information storage and searching personal information, but also distinguishes between arbitrary investigation and compulsory investigation, retrospective investigation and prospective investigation, specific investigation and non-specific investigation.China's personal information protection system in investigation should be reconstructed. In terms of rights protection, it is necessary to correctly understand the logical relationship between the right to personal information and the right to privacy:the overlapping scope,power benefits and hierarchical progression, and establish a hierarchical right structure of "personal information right - right to privacy". Moreover, the information subject should be given the right to know, the right to make decisions, the right to correct, the right to delete, the right to avoid algorithm automation decision-making and the right to algorithm interpretation, and the relevant rights can be restricted under specific circumstances. In terms of power protection, we should introduce and adjust the information classification system, legitimacy basis, information alternative use system and retention period system. At the same time, the general information and private information should be corresponding to arbitrary investigation and compulsory investigation respectively, adjust the retrieval procedure, face up to the investigation procedure, create an analysis procedure, transform the technical investigation procedure,and construct a hierarchy of "retrieve-search-analysis-monitoring" personal information processing procedures.