摘要
我国的数据出境安全评估制度已经确立,也将付诸实施。但因为该制度中对“关键基础设施”“重要数据”等概念的界定过于宽泛,将会导致数据出境安全评估过于频繁,从而影响数据流动乃至数字贸易的快速发展。且因为该制度尚处于探索初期,配套细则尚不完善。按照目前的设置,数据出境安全评估参与机构之间的关系划分也有待于在实践中进一步予以明确和协调。面对这些问题,有必要进一步限缩“关键基础设施”“重要数据”的范围,用好认证和标准合同等其他方式保障个人信息的自由流动和安全保障,可以尝试设立白名单制度,也要尝试着在适当时期与包括CPTPP和DEPA在内的国际条约规则相协调。
China’s security assessment system for outbound data transfer has been established and will be implemented.However,because the definitions of“critical infrastructure”and“important data”in the system are too broad,it will lead to high frequency of security assessments for outbound data transfer,thus affecting the rapid development of data flow and even digital trade.And because the system is still in its infancy,the supporting rules are not yet perfect.According to the current settings,the division of the relationship between the institutions involved in the security assessment system for outbound data transfer also needs to be further clarified and coordinated in practice.Faced with these problems,it is necessary to further narrow the scope of“critical infrastructure”and“important data”,and make good use of certification and standard contracts to ensure the free flow and security of personal information.It is possible to try to establish a whitelist system,and to harmonize with international treaty rules including CPTPP and DEPA in due course.
出处
《上海政法学院学报(法治论丛)》
2023年第3期126-137,共12页
Journal of Shanghai University of Political Science & Law(The Rule of Law Forum)
基金
2020年度国家社会科学基金重大项目“建立健全我国网络综合治理体系研究”的阶段性研究成果,项目编号:20ZDA062
关键词
关键信息基础设施
重要数据
个人信息
数据出境
安全评估
critical information infrastructure
important data
personal information
outbound data transfer
security assessment
作者简介
马光,浙江大学光华法学院副教授。
