数据主权安全风险的国际治理体系与我国路径研究

Research on the International Governance System of Data Sovereignty Security Risk and Its References

数据主权与国家安全、综合国力紧密相关,当前数据主权面临多重风险,如何保障数据主权安全、抵御主权安全风险成为国家发展亟待回答的关键问题。文章从数据全生命周期视角综合厘定数据主权在生成与存储、跨境流转、利用与服务、外部环境四层维度的风险,明晰数据主权现实保障需求与关键问题。在风险明晰的基础上,充分调研针对以上四层维度风险的国际数据主权治理实践,发现在实践中通常将数据生成与存储、跨境流转风险两维度同步治理,同时将此两维度与数据利用与服务、外部环境区分治理。由此总结以数据分级分类、充分性认定、"长臂管辖"等为核心的数据生成与存储、跨境流转维度治理路径,以数据实体与技术管辖、场景理论与风险评估等为核心的数据利用与服务维度治理路径,以国际合作、数据发展的网络攻击与数据霸权治理维度路径,并结合我国国情提出发展建议,力图为我国数据主权风险应对与实践路径探讨提供借鉴。

Data sovereignty is tightly related to national security and comprehensive national power.Currently,data sovereignty faces multiple risks,and how to safeguard data sovereignty and resist sovereignty security risks has become a key question in need of urgent answers for national development.This paper,from the perspective of the full life cycle of data,comprehensively identifies the risks to data sovereignty in four dimensions,namely,data generation and storage,cross-border flow,utilization and services,and external environment,and clarifies the realistic needs and key issues in data sovereignty protection.On the basis of the clarification of risks,the international data sovereignty governance practices in respect of the four abovementioned dimensions of risks are fully investigated,and it is found that in normal practices,the two dimensions,data generation and storage and cross-border flow risks,are governed simultaneously,while governed separately from data utilization and services and the external environment.Thus,three governance routes are suggested:that of data generation and storage,and cross-border circulation centered on data classification,adequacy determination,"long arm jurisdiction",etc;that of data utilization and service centered on entity and technology jurisdiction,scenario theory,risk assessment,etc.;and that of cyber attack and data hegemony centered on international cooperation and data development.Meanwhile,some development suggestions are drawn according to China’s national conditions,in an attempt to provide some references for the countermeasures and routes in respect of data sovereignty risk governance.