我国数据安全法益保护:域外经验与立法路径

Legal Interest Protection of Data Security in China: Overseas Experience and Legislation

数据作为人工智能时代所有新兴技术由概念化走向商业化的核心要素,自然成为世界各国立法领域中的焦点议题。数据安全法益包含数据的保密性、完整性和有用性等内容,它们不仅指引刑事立法和司法,而且也成为佐证数据安全应当被予以独立保护的重要理由。检视域外典型的3种立法保护模式,不难发现它们虽存在形式上的差异,但本质上都将数据本身的独立刑法保护作为立法动因,不断细化数据犯罪的类型。相比之下,我国《刑法》立法理念更新缓慢,依旧坚守以“计算机信息系统”安全为核心的保护体系;处罚漏洞明显,致使对数据犯罪的规制既不全面也不协调;司法适用混乱,人为地造成了罪名适用上的障碍。未来我国刑事立法应当以数据的技术特征和数据安全法益的内容为原理,归纳出数据犯罪的类型,从侵入型、破坏型、获取型和监督管理型4个角度出发,积极构建独立且全面的刑法规制体系。

Data, the core element for all emerging technologies to evolve from concept to commercialization, is certainly a focus in legislation for all countries across the world. The legal interests of data security include the confidentiality, integrity and usefulness of data. They not only guide criminal legislation and judicature, but also become an important reason to prove that data security requires independent protection. Studying the three typical foreign legislative protection models, we find that they all, in essence, take the independent criminal law protection of data as the legislative motivation, and constantly specify types of data crimes despite differences in form. In comparison, China’s criminal law has many problems regarding the legislation of data security: the legislative concept is outdated, still clinging to the protection system centered on the security of “computer information system”;there are obvious loopholes in punishment, as a consequence the regulations regarding data crimes are neither comprehensive nor coordinated;the confusion in judicial application constitutes obstacles in the legal application of criminal charges. In the future, China’s criminal legislation should be based on the technical characteristics of data and the content of data security legal interests, specifying types of data crime. Besides, we should build an independent and comprehensive regulatory system of criminal law from four perspectives of invasion, destruction, acquisition, and supervisory administration.