中国跨境数据流动规制体系的CPTPP合规性研究

China’s Legal Framework on Cross-border Data Flow and its Compliance With the CPTPP Requirements

中国已正式申请加入CPTPP,但国内外始终存在质疑,认为中国的跨境数据流动制度不符合CPTPP规则。近年来,中国通过设立数据出境安全评估、网络安全审查、关键信息基础设施等机制逐步完善跨境数据流动制度框架。中国的跨境数据流动制度并非如外界一般认为的普遍设置数据本地化要求或禁止数据出境,制度总体符合CPTPP规则,或可以援引例外规则进行抗辩。与美欧相比,中国的重要数据和数据出境安全评估机制是对现行跨境数据流动制度的创新和必要补充。数据跨境安全网关对外国部分网站的整体屏蔽在加入CPTPP谈判中宜单独处理。

China has officially applied to accede to the CPTPP.Suspicions abound,however,inside and outside China,that its institution on cross-border data flow is unable to pass muster the CPTPP requirements.Based on the recently promulgated rules and regulations,this paper attempts to lay out the big picture of the institution on cross-border data flow in China,summarize the restrictive measures therein and analyze its compliance with the CPTPP legal requirements.The conclusion is,in general,China does not require data localization and China’s institution on cross-border data flow does not contradict to the CPTPP.Moreover,the new mechanisms on the important data and security assessment of data export are innovative and complementary to the current institutions on cross-border data flow as applied in the United States and the European Union.The measure with cross-border data gateway that blocks foreign websites is advised to be addressed separately in the CPTPP accession negotiation.