摘要
2018年5月,欧盟《一般数据保护条例》(GDPR)正式生效,极大地改变了有关数据保护的国际法律格局。此后,如何正确理解和适用GDPR成为学术界和实务界关注的焦点问题。而就非欧盟国家而言,尤为关注GDPR的域外效力。在这个意义上,正确理解和澄清规定了GDPR适用的地域范围的第3条的含义就成为至为关键的研究议题。然而众所周知,对于GDPR的解释和实施,欧洲数据保护委员会(EDPB)及其前身——第29条工作组——所发布的指南最为权威。2018年11月16日,欧洲数据保护委员会发布了《关于〈一般数据保护条例〉适用的地域范围的指南》(征求意见稿),经广泛征求公众意见,并于2019年11月12日发布了修订后的正式官方版本,十分详尽地阐释和澄清了确定GDPR适用的地域范围的标准。在全球经济和互联网愈发开放融合的背景下,GDPR也将对中国的相关数据保护实践产生重大影响。中国的跨国企业等主体在启动GDPR合规项目时,首先需要评估的事项就是哪些数据处理活动将受到GDPR的约束。正如欧洲数据保护委员会所说,本指南对于欧盟境内外的数据控制者和处理者非常重要,他们可以据此评估其是否需要遵守GDPR。
In May 2018,the EU’s General Data Protection Regulation(GDPR)came into effect,which greatly changed the international legal pattern.Since then,how to correctly interpret and apply GDPR has become the focus of attention in academia and practice.For non-EU countries,particular attention is paid to the extraterritorial effectiveness of GDPR.In this sense,a proper interpretation and clarification of the meaning of Article 3,which defines the territorial scope to which the GDPR applies,has become a crucial research topic.However,it is well known that for the interpretation and implementation of the GDPR,the European Data Protection Board(EDPB)and its predecessor,the Article 29 Working Group,have issued the most authoritative guidelines.On November 16,2018,EDPB issued Guidelines 3/2018 on the Territorial Scope of the GDPR(Article 3)(Adoption of the Guidelines for publication consultation),which was widely put forward for public consultation,and the revised official was released on November 12,2019 Version,which elaborates and clarifies the criteria for determining the territorial scope to which the GDPR applies.In the context of the increasingly open and integrated global economy and the Internet,GDPR will also have a significant impact on China’s relevant date protection practices.The main thing those Chinese multinational corporations and other entities need to evaluate when starting a GDPR compliance project is which data processing activities will be subject to GDPR.As stated by the EDPB,this guideline is very important for data controllers and processors within and outside the EU to assess whether they need to comply with GDPR.
出处
《经贸法律评论》
2020年第2期135-158,共24页
Business and Economic Law Review
基金
科技部司法专项“公共安全风险防控与应急技术装备”课题四“法律援助律师服务质量评价模型与智能推荐技术”(项目批准号:2018YFC0830904).
关键词
GDPR
适用的地域范围
机构标准
目标标准
代表
GDPR
Territorial Scope
Establishment Criterion
Targeting Criterion
Representative
作者简介
敖海静,法学博士,中国人民大学法学院博士后,讲师。
