摘要
在我国数据立法愈发重视数据分类分级制度构建的背景下,欧盟作为数据立法的先行者,其在相关领域的政策与规则所显示出的诸多优势与不足,值得我国借鉴与警示。梳理、归纳法律文本,从欧盟数据分类分级的历史演进、结构设计、理念特征等方面描述并评析其法律制度的主要构成,认为基于加快数字化转型和强化数据主权的需要,欧盟当前的数据分类和分级规则突出以人权保护和数据安全为核心,兼顾数据流通共享,形成了二元构造的分类治理模式与风险导向的差异化分级治理模式相结合的法律规范框架。但是,它也有难以适应数据动态性和利益需求多样性、数据流通实际效果不佳的弊端。立足我国实际可提出启示性建议:数据分类规范可通过加强对数据动态性和利益多样性的关注,明确并完善个人数据与重要数据的各自定位与识别标准;分级规范则需要在坚持风险管理的前提下,通过制定宽严相济的动态分级标准平衡数据安全与商业利用。
Against the background of China's data legislation increasingly emphasising the establishment of data classification and grading systems,the European Union,as a pioneer in data legislation,offers valuable lessons and cautionary points through the strengths and shortcomings evident in its policies and regulations within this domain.By analysing and synthesising legal texts,this study describes and evaluates the principal components of the EU's legal framework through examining the historical evolution,structural design,and conceptual characteristics of its data classification and grading system.It emerges that,driven by the need to accelerate digital transformation and strengthen data sovereignty,the EU's current data classification and grading rules prioritise human rights protection and data security while accommodating data circulation and sharing.This has formed a legal framework combining a dual-structure classification governance model with a risk-oriented,differentiated grading governance model.However,shortcomings persist,including difficulties in adapting to the dynamic nature of data and diverse stakeholder interests,alongside suboptimal outcomes in data circulation.Drawing on China's practical context,the following recommendations may be proposed:data classification standards could be refined by enhancing consideration for data dynamism and diverse interests,thereby clarifying and improving the respective positioning and identification criteria for personal data and critical data.Grading standards,meanwhile,should balance data security and commercial utilisation by establishing dynamic grading criteria that combine flexibility with rigour,while maintaining a risk management foundation.
作者
左文君
董琦
Zuo Wenjun;Dong Qi(School of Law,Hubei University of Economics,Wuhan,Hubei 430205)
出处
《长江论坛》
2025年第6期96-108,共13页
Yangtze Tribune
关键词
欧盟
个人数据保护
非个人数据
数据分类分级
European Union
Personal data protection
Non-personal data
Data classification and categorisation
