数据主权视阈下我国数据出境的法律规制及完善

Legal Regulation and Improvement of China’s Data Export from National Sovereign Perspective

在数字经济全球化时代,各国数据大规模出境已成常态。为防范和应对数据出境中出现的侵害一国公民隐私、公共安全、国家安全和发展利益的各类风险事件,各国纷纷援引“数据主权”对之施以规制。其中,欧盟“以地理区域为基准”和美国“以组织机构为基准”这两种规制路径最为典型。前者重数据隐私之保护,偏向严格和保守;后者重数据价值之利用,趋于自由和激进。两者虽取向不一,但都在传统属人和属地管辖基础上引入了效果管辖原则,创设了数据立法的域外适用。我国目前也在主权语境下形成了《网络安全法》《数据安全法》《个人信息保护法》三足鼎立的数据规制体系,但其中涉及数据出境的规则条款仍显简单与粗糙,亟须微观上细化完善。同时,宏观上我国对外也应重视数据主权行使的整体考量,以网络空间命运共同体为先导,兼顾他国合理关切,积极推动双多边数据跨境合作规则的达成,从而内外兼修,构建一个既能维护我国数据主权利益,又能促进数据产业全面发展的数据出境规制体系。

In the era of globalization of the digital economy,large-scale data exports from various countries have become the norm.In order to prevent and cope with the risks of infringement on the privacy of citizens,the public safety,national security,and development interests during the export of data,countries have invoked“data sovereignty”to regulate the data export.The European Union’s“geographically-based”and the United States’“organizationally-based”are the two most typical regulatory paths.The former focuses on the protection of data privacy,tending to be strict and conservative,while the latter attaches the utilization of data value,tending towards freedom and radicalism.Although the two have different orientations,they both introduce the principle of effective jurisdiction on the basis of traditional personal and territorial jurisdiction,creating the extraterritorial application of data legislation.At present,China has also formed three data regulatory systems in the context of sovereignty,namely the Cyber Security Law,the Data Security Law and the Personal Information Protection Law.However,the rules and provisions related to data export are still simple and rough,and need to be refined and improved at a micro level.Meanwhile,at the macro level,China should also pay attention to the overall consideration of the exercise of data sovereignty,take into account the reasonable concerns of other countries and actively promote the achievement of bilateral and multilateral data cross-border cooperation rules with the concept of a community with shared future in cyberspace,so as to build a regulatory system of data export that can safeguard the interests of China’s data sovereignty while promote the development of the data industries.