贸易规则谈判中跨境数据流动的风险导向治理研究

Research on Risk-Oriented Governance of Cross-border Data Flows in Trade Rules Negotiation

目前,包括我国在内的相当一部分国家均在跨境数据流动规制中采用了“风险导向”的治理理念,且各国对于风险的识别与防范均不相同。WTO规则能够对“风险导向治理”的合法性问题提供有限指引,但跨境数据流动所涉风险的社会性,意味着对于上述风险导向治理的合法性规制仍然需要专门的规则。在FTA数字贸易缔约中,通常原则上认可一国对于数据出境风险的识别,但仍然以“必需性”要求对于除国家安全之外的风险与贸易措施的相称性进行限制。我国未来缔约应当充分尊重“风险”认定的政策空间,尤其是在缺乏国家间合意的情形下不宜贸然引入强制性隐私标准;同时,应适当保留国家安全问题上的国家决策权。

At present, a considerable number of countries, including China, have adopted the“risk-oriented” governance concept in the regulation of cross-border data flows, and the identification and prevention of risks are vary in different countries. WTO rules can provide limited guidance on the legitimacy of “risk-oriented governance”, but the social nature of the risks involved in cross-border data flows means that special rules are still needed for the legality regulation of risk-oriented governance.In the conclusion of FTAs and digital trade, a country,s identification of the risk of data flows is usually recognized in principle. However, the “necessity” requirement still restricts the proportionality of risks other than national security and trade measures. China,s future treaty draft parties should fully respect the determination of “risk”, especially in the absence of agreement between countries, and it is not appropriate to rashly introduce mandatory privacy standards. At the same time, the power of states to make decisions on national security issues should be appropriately retained.