Abstract: Purpose/Significance Big data helps prevent and control the COVID-19 epidemic, and the risk of excessive collection, illegal use and large-scale leakage of personal information also increases. Therefore, the use of personal information under the digital epidemic prevention and control urgently needs to accelerate the construction of the law. Design/Methodology Firstly, through empirical analysis, it can be found that the irregular collection and use of personal information in digital epidemic prevention and control will lead to the formation of a “monitoring society”. Secondly, through normative analysis, it is found that there are problems such as simplification and fragmentation of personal information collection subjects, collection and utilization methods, and necessary procedures in digital epidemic prevention and control. Thirdly, the value analysis of the legal risks at the factual and normative levels shows that there is a value imbalance between the use and protection of personal information. Finally, guided by the problem, the legal model of personal information utilization in digital epidemic prevention and control is explored. Conclusions/Findings In the context of digital epidemic prevention and control, the legalization of the use of personal information needs to be carried out from both substantive elements and procedural elements. Firstly, in terms of substantive elements, it is necessary to implement “responsibility” to shape “reverse control”, establish the “utilization-based” protection principle, and establish a hierarchical management system for personal information. Secondly, in terms of procedural elements, based on information life cycle to establish notification procedures in the collection phase, information review procedures in the storage phase, and consent procedures and anonymization procedures in the disclosure phase.