刑事合规视野下数据犯罪的治理路径

Governance Path of Data Crime from the Perspective of Criminal Compliance

在数据安全犯罪的刑事治理中,企业面临因严重违反数据安全规制或不履行网络服务提供者监管义务所导致的刑事法律风险,而刑事合规对防范和化解这一风险具有积极作用。刑事合规分为多种类型,遵循数据分级与刑事合规的宽免性挂钩、行政合规与刑事合规实现体系融合、兼顾对外合规与对内合规、实现全流程数据合规的原则。在刑事合规视野下,数据犯罪有两条治理路径:一是通过企业内部刑事合规风险防控及框架设计,可实现前端治理;二是通过司法机关以外部刑事合规排除企业行为的犯罪性,可实现末端治理。

In the criminal governance of data security,data enterprises face criminal legal risks caused by serious violations of data security regulations or failure to fulfill the regulatory obligations of network service providers,and criminal compliance plays a positive role in preventing and resolving this risk.Criminal compliance can be divided into many types,following the principles such as data classification and criminal compliance’s leniency,administrative compliance and criminal compliance’s system integration,giving consideration to external compliance and internal compliance,and achieving wholeprocess data compliance.From the perspective of criminal compliance,there are two governance paths for data crime:first,the front-end governance can be achieved through the internal criminal compliance risk prevention and control and framework design;second,the end-of-pipe governance can be achieved with the elimination of the criminality of enterprise behavior by external criminal compliance.