摘要
实现安全、有序、自由的数据跨境传输是各国政策制定的重要议题.《中华人民共和国个人信息保护法》第38条明确规定个人信息跨境传输认证制度,但该制度处于建设初期,仍然面临着确定认证对象等基础性、实施性问题.欧盟作为数据保护认证制度的起源地,其制度体系与制度特色对我国认证制度的完善具有借鉴意义.以欧盟数据保护认证制度及我国个人信息跨境传输认证制度为研究对象,比较二者间的制度设计差异,针对我国认证制度建设的系统性困境提出包括明确认证对象在内的5方面改进建议,为个人信息跨境传输认证制度的完善与革新提供有益支撑.
Achieving secure,orderly,and free cross-border data transfer is a significant policy issue for countries worldwide.Article 38 of the“Personal Information Protection Law of the People’s Republic of China”explicitly stipulates a certification system for crossborder transfer of personal information.However,this system is still in its nascent stage and faces fundamental and implementation challenges,such as determining the objects of certification.The European Union,as the progenitor of data protection certification systems,offers a reference for the perfection of China’s certification system through its institutional framework and distinctive features.This paper takes the EU’s data protection certification system and China’s personal information crossborder transfer certification system as its research subjects,compares with the differences in their institutional designs,and proposes five improvement suggestions,including clarifying the objects of certification,to address the systemic challenges in the construction of China’s certification system.These suggestions aim to provide valuable support for the improvement and innovation of the personal information crossborder transfer certification system.
作者
许皖秀
王硕
左晓栋
Xu Wanxiu;Wang Shuo;Zuo Xiaodong(School of Management,University of Science and Technology of China,Hefei 230026;Hefei Institutes of Physical Science,Chinese Academy of Sciences,Hefei 230031;School of Public Affairs,University of Science and Technology of China,Hefei 230026)
出处
《信息安全研究》
北大核心
2025年第1期91-98,共8页
Journal of Information Security Research
基金
国家社会科学基金重大项目(23&ZD335)
中国科学技术大学“学生创新创业基金”项目(CY2023X003)。
关键词
通用数据保护条例
数字贸易
个人信息保护
个人信息跨境传输
第三方认证
general data protection regulation
digital trade
personal information protection
crossborder transmission of personal information
thirdparty certification
