摘要
欧洲是中国互联网企业发展的重要市场,GDPR第3条极大地扩大了其域外效力,直接把中国企业纳入GDPR管辖之下。在数据跨境场景下,跨境数据流动规则和域外效力制度对于“域外的欧盟数据”起到双重保障,二者结合对涉欧中国互联网企业产生巨大挑战,企业需要在GDPR下合规经营。国家层面,中国需要在制度层面建设域外效力法治体系,并注重法院在域外效力规则构建中的作用。企业层面,中国涉欧的互联网企业需结合自身情况做出经营策略选择,判断自己是否属于GDPR的域外管辖范围,遵守适用于其业务的GDPR具体规则,并积极利用标准数据保护条款(SCCs)方式以及有约束力的企业规则体系应对GDPR下的合规要求。
In Europe,the extraterritorial effect of the GDPR has been greatly expanded,which directly builds an extraterritorial jurisdiction over Chinese internet enterprises.In the case of cross-border transfer of personal data,cross-border data flow rules play an alternative role in protecting EU data.Eu-related Chinese Internet companies face with great challenges brought by the combination of the two rules,which need to operate in compliance with GDPR.China should establish extraterritorial effect rules and emphasize the role of the court in building the extraterritorial effect rules.EU-related Chinese Internet companies should make business choices based on their own conditions,determine whether they fall within the extraterritorial jurisdiction of GDPR,comply with the specific GDPR rules applicable to their business and consider SCCs and BCRs to meet compliance requirements under GDPR.
作者
董京波
苏希春
DONG Jing-bo;SU Xi-chun(International Law School,China University of Political Science and Law,Beijing 100088,China)
出处
《湖南大学学报(社会科学版)》
CSSCI
北大核心
2022年第4期113-122,共10页
Journal of Hunan University(Social Sciences)
基金
中国政法大学科研创新项目(20ZFY82002),中央高校基本科研业务费专项资金资助
北京市社会科学基金项目:大数据时代用户数据利益的法律保护(15FXA007)。
关键词
GDPR
域外效力
设立标准
目标指向标准
跨境数据流动规则
涉欧互联网企业
GDPR
Extraterritorial effect
Establishment criteria
Targeting criteria
Cross-border data flow rules
European-related Internet companies