数据交易安全刑事合规的“软法”治理及清单模式

The Soft Law Governance and List Approach for Data Transaction Security and Criminal Compliance

数据交易安全合规指参与数据交易活动的企业内外部各方主体进行的维护数据安全合规的治理活动。刑事治理是由各方主体参与的惩治和预防犯罪的过程,具有过程性。数据交易安全刑事合规是刑事治理的重要方面,可分为事前合规和事后合规两个阶段。《信息安全技术数据交易服务安全要求(征求意见稿)》和《上海数据交易所数据交易安全合规指引》及配套清单采取正面清单和负面清单的管理模式,列举了数据交易主体、数据安全管理体系、数据来源、数据产品可交易性等方面的合规要求。数据交易安全合规清单具有“软法”性质,“软法”与“硬法”相结合,形成企业刑事合规的规范体系。刑法根据数据交易主体及行为场景的差异,以不同的罪刑规范保护数据交易行为所涉及的多元法益。数据犯罪的空白罪状具有定罪指引作用,也为企业合规的开展留下了空间。在实践中应注重数据安全关联罪名适用与刑行衔接,将企业刑事合规融入刑事司法过程并与行政监管相协调。同时,积极发挥企业合规清单的刑事治理机能,构建和完善激励机制、滤罪机制、评估机制,实现合规清单治理的出罪机能与治本效果。

Data transaction security and compliance refer to the governance activities carried out by various parties involved in data transaction activities,both internal and external,to maintain data security and compliance.Criminal governance is a process of punishing and preventing crimes that involves the participation of various parties,and has a procedural nature.Data transaction security and criminal compliance are the important parts of criminal governance,which can be divided into two stages:pre compliance and post compliance.The draft of information security technology:security requirements for data transaction service,Shanghai Data Exchange Data Trading Security Compliance Guidelines,and supporting lists adopt a positive and negative list management mode,listing compliance requirements for data trading entities,data security management systems,legal data sources,and tradability of data products.The data transaction security compliance checklist has a soft law nature,combining soft law with hard law to form a regulatory system for corporate criminal compliance.The criminal law protection of data transaction security involves various related charges,and as a prerequisite law for data crimes,it has a convicting effect and leaves space for criminal compliance governance.In practice,attention should be paid to the application of charges related to data security and the connection between criminal and enforcement,integrating corporate criminal compliance into the criminal justice process and coordinating with administrative supervision.At the same time,we should actively leverage the criminal governance function of the enterprise compliance list,construct and improve incentive mechanisms,crime filtering mechanisms,and evaluation mechanisms,and achieve the criminal function and fundamental effect of the compliance list governance.