摘要
企业在实施个人信息境外提供行为时,须建立完善的专项合规计划,否则既可能无法完成相关跨境业务,也可能因个人信息跨境流动违规而遭受行政处罚或刑事追诉风险。企业应以前提条件、目的条件、内部条件、外部条件为主体内容,构建个人信息跨境提供的专项合规计划。从前提条件来看,企业需要以可识别性、相关性等要素为基础有效甄别个人信息;从目的条件来看,企业须围绕“因业务等需要”的目的限定原则确立个人信息跨境流动的必要范围;从内部条件来看,企业需从自然人处取得对其个人信息向境外提供的有效授权,遵循“知情-同意”规则设置的各项标准;从外部条件来看,企业需结合自身类型等因素选择适用“安全评估”“个人信息保护认证”“订立标准合同”等法定条件。个人信息跨境提供的法律关系复杂、环节众多,企业在个人信息跨境提供专项合规计划中应任命专门的个人信息保护负责人,将其纳入合规管理部门,制定个人信息跨境流动的企业政策和内部规则,监督企业员工和境外接收方在个人信息跨境提供活动的合规性。
To avoid administrative punishment or criminal prosecution risk due to the violation of the cross-border flow of personal information,enterprises have to establish a special compliance plan When implementing the cross-border supply of personal information.The special compliance plan for cross-border provision of personal information should make preconditions,purpose conditions,internal conditions and external conditions as the main content.Enterprises need to effectively distinguish personal information by the standard of identifiability and relevance to meet the preconditions,set the necessary scope of personal information for cross-border flow with the rule of"business needs"to meet the purpose conditions,obtain effective authorization from natural persons to the cross-border supply of their personal information by following the rule of informed consent to meet the internal conditions,choose to apply legal conditions of security assessment,personal information protection certification and standard contract with their own situations to meet the external conditions.The legal relationship of cross-border supply of personal information is complex.Enterprises should appoint somebody in charge of personal information protection in their special compliance plan.The appointed people who formulate enterprise policies and internal rules for cross-border flow of personal information,supervise the compliance of internal employees and overseas receivers in cross-border flow of personal information should be included in the compliance management department.
作者
谢登科
XIE Dengke(School of law,Jilin University,Changchun Jilin 130012,China)
出处
《法学论坛》
CSSCI
北大核心
2023年第1期85-94,共10页
Legal Forum
基金
国家社科基金一般项目《电子数据区块链存证研究》(21BFX014)的阶段性成果
关键词
个人信息
跨境提供
企业合规
知情-同意
个人信息保护负责人
personal information
cross-border supply
corporate compliance
informed consent
personal information protection officer
