“數據出境豁免”規(guī)則下數據出境安全評估的演變與完善
網絡安全與數據治理
白佳寧
遼寧大學法學院
摘要: “數據出境豁免”規(guī)則通過提高數據安全評估制度的適用門檻、設置數據出境安全評估的豁免情形對數據出境安全評估制度產生了重要影響。然而“數據出境豁免”規(guī)則的設置在概念范疇、豁免事由的證成以及規(guī)范目的符合性等問題上并未完全理順適用邏輯,這在一定程度上影響數據安全評估制度更好地發(fā)揮其效用。為此,通過反思“數據出境豁免”規(guī)則可能對數據安全評估制度造成的適用性困惑,將“數據出境豁免”規(guī)則與歐盟GDPR“克減規(guī)則”進行比較并探尋借鑒意義,從價值層面審視制度定位并通過體系化解釋適恰上位法規(guī)范目的,從定性和定量雙重維度考量豁免事由,加強“數據出境豁免”規(guī)則與國家數據分級分類制度之間的制度銜接。
中圖分類號:D922.1;D93/97文獻標識碼:ADOI:10.19358/j.issn.2097-1788.2025.03.009
引用格式:白佳寧. “數據出境豁免”規(guī)則下數據出境安全評估的演變與完善[J].網絡安全與數據治理,2025,44(3):54-58,76.
引用格式:白佳寧. “數據出境豁免”規(guī)則下數據出境安全評估的演變與完善[J].網絡安全與數據治理,2025,44(3):54-58,76.
Evolution and normative solution of the application of data exit security assessment system under the rule of "data exemption"
Bai Jianing
Liaoning University
Abstract: “The "data exemption" rule has an important impact on the data exit security assessment system by raising the application threshold of the data exit security assessment system and setting the exemption situation of the data exit security assessment system. However, the setting of the "data exemption" rule has not completely straightened out the applicable logic in the concept category of exemption, the justification of exemption reasons and the conformity of normative purposes, which will inevitably affect the data security assessment system to play its role better.This article reflects on the confusion about the applicability of the "data exemption" rule to the data security assessment system by comparing the "data exemption" rule with the "derogation rule" of the GDPR of the European Union. This article examines the normative purpose of the superior law.Optimization suggestions are given from the aspects of qualitative and quantitative considerations to add preconditions for data transit exemption.The connection should be strengthened between the data exemption rule and the national data classification system.
Key words : data exemption rules; national security; data exit security assessment system; derogation rules; data classification system
引言
2024年3 月 22 日,中華人民共和國國家互聯網信息辦公室(以下簡稱“國家網信辦”)正式公布了《促進和規(guī)范數據跨境流動規(guī)定》(以下簡稱“《規(guī)定》”)。《規(guī)定》的出臺意味著,我國在立法層面對過去強數據監(jiān)管模式下的數據出境安全評估制度進行一定程度上的“松綁”,順應了數據便利化流動、數據治理“減負增效”的總體趨勢。[1]《規(guī)定》是現行數據出境法律法規(guī)中適用范圍條款的補充規(guī)定,在把握保護國家安全和公共利益的基本原則之上,平衡監(jiān)管力度與數字創(chuàng)新、跨境貿易發(fā)展。其中新增的 “數據出境豁免規(guī)則”備受矚目,即一定數量的數據在特定數據出境場景下可以免予適用數據出境安全評估等數據出境安全監(jiān)管措施,從而使有跨境業(yè)務需求的企業(yè)更高效便捷地進行數字貿易活動。“數據出境豁免”規(guī)則在豁免事由、豁免內容及豁免邊界等問題上并未完全理順適用的邏輯。本文從“數據出境豁免”規(guī)則對數據安全評估制度的影響為起點,通過與歐盟《通用數據保護條例》(以下簡稱“GDPR”)“克減規(guī)則”的比較和對數據安全評估制度的價值分析,反思新規(guī)中“數據出境豁免”規(guī)則可能對數據安全評估制度造成的適用性困惑,針對“數據出境豁免”規(guī)則給出完善建議。
本文詳細內容請下載:
http://ihrv.cn/resource/share/2000006378
作者信息:
白佳寧
(遼寧大學法學院,遼寧沈陽110036)
此內容為AET網站原創(chuàng),未經授權禁止轉載。