摘要
当前,我国数据本地化要求主要包括对于关键信息基础设施生成数据的境内存储和安全评估、特定行业数据的境内存储与安全评估,以及个人信息保护法中的个人信息出境合法性要求。上述制度需与我国已加入的RCEP和未来可能加入的CPTPP电子商务规则相协调。前两类数据本地化要求分别服务于我国基础设施安全与情报安全,也能够符合RCEP与CPTPP“安全例外”的要求。个人信息保护法中个人信息出境的合法性审查应适用公共政策例外,其中最难以证明的“必要性”要件,可通过强调我国确立个人信息保护水准的政策空间加以解决。此外,对于可能引发数据本地化措施合法性争议的行业,我国还可在条约谈判中通过“不符措施清单”避免争议产生。
Currently,China’s data localization requirements include the data local storage concerning critical information infrastructure and security evaluation;local storage and security evaluation of data in specific fields;as well as requirements for personal data before they can be transferred overseas by China’s Personal Data Protection Law.These requirements need to reconcile with RCEP,which China has joined,and CPTPP,which China considers to join. The former two requirements serve the security of China’s infrastructure and intelligence,and therefore should qualify for security exceptions under both RCEP and CPTPP. The legal requirements under China’s Personal Data Protection Law might qualify under public policy exceptions,and the only obstacle,that is,the element“necessity”,could be overcome by emphasizing China’s policy space of setting up its own criterion of personal information protection. Moreover,as to industries that are most likely to incur the dispute concerning the legality of data localization,China could avoid the risks by drafting“non-conforming lists”in treaty negotiations.
出处
《国际经济法学刊》
2022年第2期29-40,共12页
Journal of International Economic Law
基金
国家社科基金后期资助项目“国际数字经济规则建构中的个人信息保护研究”(21FFXB073)
吉林大学劳动关系专项研究课题“国际贸易规则重构对职工权益实现影响研究”(2021LD010)的阶段性研究成果。
