数据隐私框架体系视角下数据跨境流动规则分析与中国启示
网络安全与数据治理
杨子硕
四川大学法学院
摘要: 欧盟与美国新近建立起包括数据隐私框架以及第14086号行政命令在内的数据跨境流动体系,填补了双边数据流动法律空缺。新体系通过修改规则细节以及引入双重救济机制,较以往协定更为完善,但仍存在数据保护审查法院独立性不足等制度性隐患。欧盟与美国在数据治理模式上一贯存在分歧,数据隐私框架体系充分展现出双方的谈判博弈,特别是在规则制度设计上的角力。欧美分立的数据治理政策显露出数据跨境流动规则并无定式,中国可借机探索并完善符合自身需求的数据流动规制路径,数据隐私框架体系的双边谈判策略及其展露的欧盟立场也可为中国参考,为未来中国与欧盟及其他国家开展数字合作提供良好借鉴。
中图分类号:D99;TP309.2文献标识码:ADOI:10.19358/j.issn.2097-1788.2024.08.012
引用格式:杨子硕.数据隐私框架体系视角下数据跨境流动规则分析与中国启示[J].网络安全与数据治理,2024,43(8):69-75.
引用格式:杨子硕.数据隐私框架体系视角下数据跨境流动规则分析与中国启示[J].网络安全与数据治理,2024,43(8):69-75.
Analysis of data cross-border flow rules from the perspective of Data Privacy Framework system and its implications for China
Yang Zishuo
Law School, Sichuan University
Abstract: The European Union and the United States have recently established a system of cross-border data flows, including the Data Privacy Framework and Executive Order 14086, which fills a legal gap in bilateral data flows. The new system is better than the previous agreement by revising the details of the rules and introducing a dual remedy mechanism, but there are still institutional pitfalls such as the lack of independence of the Data Protection Review Court. The EU and the U.S. have consistently disagreed on data governance models, and the Data Privacy Framework system fully demonstrates the negotiation game between the two sides, especially the tug-of-war over the design of the rule system. The separate data governance policies of the EU and the U.S. reveal that there is no set rule for cross-border data flows, and China can take this opportunity to explore and improve the path of data flow regulation that meets its own needs. The bilateral negotiation strategy of the Data Privacy Framework system and the EU′s stance on data privacy can also serve as a reference for China, and provide a good reference for China′s digital cooperation with the EU and other countries in the future.
Key words : Cross-border flow of data; Data Privacy Framework; Executive Order 14086; data governance; EU-U.S. game
引言
“棱镜门”事件爆发后,《安全港协议》(U.S.-EU Safe Harbor Framework)和《隐私盾协议》(EU-U.S. Privacy Shield Framework)接连被欧盟法院宣布无效。随后,美国和欧盟通过积极磋商就新的数据流动规则即数据隐私框架(EU-U.S. Data Privacy Framework)达成协定,再次建立起双边数据流动法律基础。数据隐私框架及第14086号行政命令(Executive Order 14086)构成了调整欧美数据跨境流动的制度体系,新的体系在规则设置上展现出其先进和完备的一面,然而通过回顾谈判历程、分析框架文本,不难发现数据隐私框架体系是欧美相互博弈妥协的产物,我们能从中一窥欧盟的数据规则取向,为未来中欧投资协定等国际协定中的数据跨境流动规则谈判提供宝贵经验,也为我国发展出符合自身利益、具备自身特色的数据跨境流动规则提供启示。
本文详细内容请下载:
http://www.chinaaet.com/resource/share/2000006109
作者信息:
杨子硕
(四川大学法学院,四川成都610065)
此内容为AET网站原创,未经授权禁止转载。