关于借鉴欧盟政策加强个人信息跨境传输安全认证制度建设的建议

Suggestions on learning from EU policies to strengthen cross-border transfer of personal information for the construction of a security certification system

针对如何建设我国《个人信息保护法》第38条确立的个人信息跨境传输认证制度的问题,通过重点分析欧盟数据保护委员会发布的《将认证作为传输工具的指南》中的认证基本框架、对数据进出口方的监管、个人信息主体权利等关键内容,总结该指南关于认证的设计要点与重要结论,提出构建我国个人信息跨境传输安全认证制度的相关建议。

In view of the issue of how to build the certification system for cross-border transmission of personal information established by Article 38 of China's Personal Information Protection Law,this paper focuses on the key contents such as certification criteria,binding and enforceable commitments,and personal information subject rights in the Guidelines for Certification as a Transmission Tool issued by the EU Data Protection Commission,summarizes the design points and important conclusions of the guidelines,and puts forward relevant suggestions for building a security certification system for cross-border transmission of personal information in China.