数据跨境中个人信息与重要数据转化机制分析
Analysis of the Transformation Mechanism of Personal Information and Important Data in the Context of Cross-Border Data Flows
摘要: 随着信息科技发展,数据成为全球竞争中的战略资源与重要生产要素,其跨境流动在带来经济效益的同时,也对国家安全构成挑战。我国此前通过《网络安全法》《数据安全法》《个人信息保护法》及配套规定,构建了以安全为导向的强监管体系,涵盖维护国家安全与公共利益的数据出境管理制度,以及保护个人利益的个人信息出境监管制度。2024年3月《促进和规范数据跨境流动规定》(跨境新规)的实施,标志着我国数据跨境监管从严格管控转向“安全与便利兼顾”的阶段。该新规确立个人信息出境监管豁免制度,对特定情形下的数据出境安全评估、个人信息出境标准合同及个人信息保护认证给予出境前监管豁免。但因个人信息与重要数据的关系尚未明晰,二者转化条件及判断标准存在争议,监管豁免制度引发了对安全失衡的担忧。本文将通过梳理制度层面对个人信息与重要数据的关系定位及转化条件的相关规定,分析学界在二者转化机制研究中的未明晰之处,并借鉴域外经验,探讨可行的个人信息向重要数据的转化识别机制,以保障数据出境监管豁免制度在最大阈值内实现数据跨境流通自由,同时不触及国家安全保障红线。
Abstract: With the advancement of information technology, data has emerged as a strategic resource and a critical factor of production in global competition. While cross-border data flows generate significant economic benefits, they also present challenges to national security. China has established a robust regulatory framework centered on security through the “Cybersecurity Law”, the “Data Security Law”, the “Personal Information Protection Law”, and their implementing regulations. This framework encompasses a data export control system designed to safeguard national security and public interests, as well as a supervision mechanism for personal information exports aimed at protecting individual rights. The implementation of the “Regulations on Promoting and Regulating Cross-Border Data Flows” in March 2024 signifies a pivotal shift in China’s approach to cross-border data regulation—from a model emphasizing strict control to one that seeks to balance security with facilitation. The new regulations introduce an exemption mechanism for personal information exports, allowing pre-export regulatory relief from security assessments, standard contractual clauses, and personal information protection certification under specified conditions. However, due to the lack of clarity regarding the relationship between personal information and important data, uncertainties persist concerning the criteria for classification and the conditions under which such data categories may be converted. As a result, concerns have arisen about potential imbalances in the regulatory framework. This article aims to systematically examine institutional provisions concerning the definition and conversion criteria between personal information and important data, identify ambiguities in existing academic discussions on transformation mechanisms, and draw upon international regulatory practices to propose a feasible identification and conversion framework. The objective is to ensure that the regulatory exemption regime for data outbound flows facilitates maximum openness for cross-border data circulation while strictly adhering to the boundaries of national security.
参考文献
|
[1]
|
刘金瑞. 数据跨境双轨制下个人信息出境监管豁免制度的适用与完善[J]. 财经法学, 2024(5): 23-40.
|
|
[2]
|
苏宇. 风险预防原则的结构化阐释[J]. 法学研究, 2021, 43(1): 35-53.
|
|
[3]
|
张建文. 对作为独立数据类型的“重要数据”的发生史与本体论考察[J]. 上海政法学院学报(法治论丛), 2025, 40(1): 53-64.
|
|
[4]
|
批量个人信息是重要数据吗? 左晓栋: 伪命题, 不应强行关联[N]. 南方都市报, 2011-07-04(01). https://m.163.com/dy/article/HBFI1SRP05129QAF.html?spss=adap_pc
|
|
[5]
|
刘金瑞. 我国重要数据认定制度的探索与完善[J]. 中国应用法学, 2024(1): 189-200.
|
|
[6]
|
郭春镇, 候天赐. 个人信息跨境流动的界定困境及其判定框架[J]. 中国法律评论, 2022(6): 86-106.
|
|
[7]
|
郭壬癸, 胡延杰. 重要数据出境安全评估制度的偏离与修正[J]. 科技与法律(中英文), 2024(1): 43-53.
|
|
[8]
|
Wu, Z., Huang, Y., Wang, L., Wang, X. and Tan, T. (2017) A Comprehensive Study on Cross-View Gait Based Human Identification with Deep CNNs. IEEE Transactions on Pattern Analysis and Machine Intelligence, 39, 209-226. [Google Scholar] [CrossRef] [PubMed]
|