数据安全认证:政府监管下的第三方认证

Data Security Certification: Third-PartyCertification under Government Supervision

数据安全认证是数据安全治理体系中的一个重要环节,具有“软法”性质的数据安全认证不仅具有公法上保护数据安全的作用,同时也具有促进数字经济繁荣发展的商业价值。传统的数据认证从政府、社会、市场三方面进行规制,但是各有利弊。欧盟《一般数据保护条例》在传统的模式上发展出了政府监管下的数据认证模式,体现了合作共治的理念。我国的数据认证制度也随着《数据安全管理认证实施规则》的出台步入正轨,应通过不断细化规则、明确认证机构责任等方式实现联动适用,对已有制度进行补充和完善。

Data security certification is an important part of the data security governance system,and the data security certification with the nature of“soft law”not only has the role of protecting data security in public law,but also has the commercial value of promoting the prosperity and development of the digital economy.Traditional data authentication is regulated from the government,society,and the market,but each has its own advantages and disadvantages.The EU General Data Protection Regulation(GDPR)has developed a data authentication model under government supervision from the traditional model,reflecting the concept of cooperation and co-governance.China’s data certification system is also on the right track with the promulgation of the Data Security Management Certification Implementation Rules,which should be applied in conjunction with each other by continuously refining the rules and clarifying the responsibilities of certification bodies,so as to supplement and improve the existing systems.