從認證全過程視角理解與完善個人信息保護認證制度
網(wǎng)絡(luò)安全與數(shù)據(jù)治理 11期
聶磊磊
(中國人民公安大學(xué)法學(xué)院,北京100038)
摘要: 個人信息保護認證與個人信息跨境提供中其他出境制度相比,可以實現(xiàn)個人信息安全與自由流動之間的平衡,比安全評估制度具有更自由的流動性,比標準合同具有更穩(wěn)定的安全性。在全球數(shù)據(jù)經(jīng)濟逐漸占據(jù)主導(dǎo)地位的今天,個人信息保護認證制度有其巨大的實施價值。同時,認證機構(gòu)作為個人信息保護認證中關(guān)鍵的一環(huán),要求認證機構(gòu)具有公平性和專業(yè)性的資質(zhì),在認證中保持客觀中立并發(fā)揮應(yīng)有的專業(yè)水平。然而,個人信息保護認證制度在我國剛剛起步不久,相關(guān)法律規(guī)定還不完善,具體落實的幾個方面都存在不足,主要包括認證前啟動、認證中審查和認證后擔責(zé)。因此,在認證前啟動要秉持自愿認證與強制認證相結(jié)合;在認證中擴大可申請認證的主體范圍,并建立分級分類認證標準制度;在認證后完善私法和公法雙重救濟途徑。
中圖分類號:TP315
文獻標識碼:A
DOI:10.19358/j.issn.2097-1788.2023.11.008
引用格式:聶磊磊.從認證全過程視角理解與完善個人信息保護認證制度[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2023,42(11):39-45.
文獻標識碼:A
DOI:10.19358/j.issn.2097-1788.2023.11.008
引用格式:聶磊磊.從認證全過程視角理解與完善個人信息保護認證制度[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2023,42(11):39-45.
Understand and improve the personal information protection certification system from the perspective of the whole certification process
Nie Leilei
(School of Law,People′s Public Security University of China,Beijing 100038,China)
Abstract: Compared with other export systems in the cross-border provision of personal information, personal information protection certification can achieve a balance between personal information security and free flow, and has freer mobility than the security assessment system, and has more stable security than standard contracts. Today, when the global data economy is gradually dominant, the personal information protection certification system has great implementation value. At the same time, as a key part of personal information protection certification, certification bodies are required to have fair and professional qualifications, maintain objectivity and neutrality in certification and give full play to their due professional level. However, the personal information protection certification system has just started in China, and the relevant laws and regulations are not perfect, and there are deficiencies in several aspects of specific implementation, mainly including pre-certification start, certification review and post-certification responsibility. Therefore, the combination of voluntary certification and compulsory certification should be adhered to before certification; Expand the scope of subjects that can apply for certification in certification, and establish a hierarchical and classified certification standard system; Improve the dual remedies of private law and public law after certification.
Key words : personal information export; personal information protection certification; certification bodies; the whole process of certification; equity of interests
0引言
個人信息保護認證是個人信息出境中與安全評估、標準合同并列的出境制度,除了法律等有例外規(guī)定的場合,一般個人信息出境都可以適用認證制度。認證制度在我國傳統(tǒng)領(lǐng)域經(jīng)常適用,但自《個人信息保護法》實施后,個人信息保護認證制度才開始運用于我國個人信息出境的場景。雖然運用至今仍在不斷發(fā)布指南為其具體落實提供指引,但實施的效果差強人意。因此,有必要對個人信息保護認證制度實施以來的情況進行分析,以實現(xiàn)個人信息安全與自由流動之間的利益衡平。
本文下載請點擊:從認證全過程視角理解與完善個人信息保護認證制度AET-電子技術(shù)應(yīng)用-最豐富的電子設(shè)計資源平臺 (chinaaet.com)
作者信息:
聶磊磊
(中國人民公安大學(xué)法學(xué)院,北京100038)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。