关于《个人信息和重要数据出境安全评估办法(征求意见稿)》的意见建议

Comments and Proposals regarding the Provision on the Security Assessment for Personal Information and Important Data to Be Transmitted Abroad(Draft)

《征求意见稿》尝试构建适用所有网络运营者的个人信息和重要数据出境安全评估制度,不符合我国《国家安全法》、《网络安全法》的立法本意,忽视了确保网络安全与促进产业发展的平衡;界定的出境安全评估"数据"的范围过于宽泛,在一定程度上混淆了我国的"关键信息基础设施个人信息和重要数据出境管制"和域外一般探讨的"个人数据跨境流通规制"。建议"评估办法"将数据出境安全评估的范围仅限于"关键信息基础设施运营者"在我国境内收集和产生的"个人信息和重要数据",其他个人信息和数据的跨境管制问题留待后续研究和立法解决。

The Draft formulates a general security assessment framework for personal information and important data to be transmitted abroad of all network operators. These provisions do not accord with National Security Law and Cybersecurity Law and neglect the balance between cybersecurity and industry development. The scope of security assessment for data to be transmitted abroad is too broad, as thus the draft to some extent confuses the regulation on personal information and important data to be transmitted abroad of critical information infrastructure （CI1） and the restriction on cross-border personal data transfers. This paper proposes that the scope of security assessment for data to be transmitted abroad should limited to the personal information and important data generated or collected by CII operators and the regulation of other personal information and data to be transmitted abroad would be provided in other laws or provisions based on further research.