跨境电子商务建设视角下个人信息跨境流动的隐私权保护研究
|
摘要
全球化的趋势下,经济增长愈发依赖于信息交换,其中个人信息的跨境流动在跨境电子商务发展中日益重要,但也由此引发了对隐私权保护的担忧。不当的规则与政策选择可能形成贸易壁垒,阻遏经济发展。因此,从跨境电商建设视角出发思索中国如何平衡数据流动与隐私保护,具有重要意义。我国应立足于单边、双边、多边等维度建构与完善法律制度,依托政府、企业、个人等多元主体思索实践路径,并坚持综合考量及平衡多重利益。
This article illustrates the subtle relationship between the free flow of personal information and the protection of privacy right.To intend to provoke further reflection on the field,it examines the current legal framework of cross-border data flow.Additionally,this article suggests proposals for China to protect privacy well while promoting the development of cross-border e-commerce.The article is mainly divided into the following parts.First,on the relationship between the free flow of personal information and privacy protection,transferring of personal information has a significant influence on an economy.Despite this,it may trigger concerns over privacy protection.Different policies were formulated to protect privacy,but creating obstacles to economic development. Hence,this article focuses on the development of cross-border e-commerce to explore the protection of privacy of personal information in the process of cross-border transferring.Second,through comparing different international,regional and domestic regulations,this article draws conclusions:multilateral legislation has three intrinsic deficiencies.The first deficiency is the divergence in values that augments different paradigms.Currently there are two legislative paradigms:one that emphasizes privacy protection and the other that highlights economic development.Each of them has its particular approach to regulate data flow,which impedes the formation of a widely-accepted international rule.The second deficiency is the imbalance between ″soft law″ and ″hard law″.This will hamper governance by rule of law for inherent defects of both rules.The third deficiency is the possibility that the regulations will have force but lack pertinence,universality and operability.As to domestic laws,they can be classified into three categories,including ″adequate evaluation mode″,″data controller guarantee mode″ and ″data subject consent mode″.Each model has its advantages and disadvantages,represented by the European Union,the United State and China.Finally,this article suggests that China regulate the cross-border transfer of personal information from three dimensions.First,China should build legal rules from a unilateral,bilateral and multilateral level and maintain a benign interaction.Second,joint efforts between Chinese market participants are needed:individuals to enhance legal awareness;enterprises to strengthen capacity building,and the government to improve the governance framework for information privacy protection.Third,China should try to strike a dynamic balance between national security,economic development and privacy protection without bias in favor of one or the other.It is innovative that this article chooses the perspective of the development of cross-border e-commerce to explore the cross border flow of personal information,especially puts emphasis on privacy protection.As a new form of international trade,cross-border e-commerce has the incomparable advantages over traditional trade and promotes a new reform in international trade.And the cross-border data flow plays a crucial rule in it.Thus,it is significant to seek countermeasures to enhance the coordination and progress between different rules.Further,it enumerates the relative rules and analyzes them in detail.Practically,China is initiating the″Digital Belt and Road Initiative″.Being one of the largest markets for cross-border e-commerce,researching on privacy protection in the context of data flow is necessary.
This article illustrates the subtle relationship between the free flow of personal information and the protection of privacy right.To intend to provoke further reflection on the field,it examines the current legal framework of cross-border data flow.Additionally,this article suggests proposals for China to protect privacy well while promoting the development of cross-border e-commerce.The article is mainly divided into the following parts.First,on the relationship between the free flow of personal information and privacy protection,transferring of personal information has a significant influence on an economy.Despite this,it may trigger concerns over privacy protection.Different policies were formulated to protect privacy,but creating obstacles to economic development. Hence,this article focuses on the development of cross-border e-commerce to explore the protection of privacy of personal information in the process of cross-border transferring.Second,through comparing different international,regional and domestic regulations,this article draws conclusions:multilateral legislation has three intrinsic deficiencies.The first deficiency is the divergence in values that augments different paradigms.Currently there are two legislative paradigms:one that emphasizes privacy protection and the other that highlights economic development.Each of them has its particular approach to regulate data flow,which impedes the formation of a widely-accepted international rule.The second deficiency is the imbalance between ″soft law″ and ″hard law″.This will hamper governance by rule of law for inherent defects of both rules.The third deficiency is the possibility that the regulations will have force but lack pertinence,universality and operability.As to domestic laws,they can be classified into three categories,including ″adequate evaluation mode″,″data controller guarantee mode″ and ″data subject consent mode″.Each model has its advantages and disadvantages,represented by the European Union,the United State and China.Finally,this article suggests that China regulate the cross-border transfer of personal information from three dimensions.First,China should build legal rules from a unilateral,bilateral and multilateral level and maintain a benign interaction.Second,joint efforts between Chinese market participants are needed:individuals to enhance legal awareness;enterprises to strengthen capacity building,and the government to improve the governance framework for information privacy protection.Third,China should try to strike a dynamic balance between national security,economic development and privacy protection without bias in favor of one or the other.It is innovative that this article chooses the perspective of the development of cross-border e-commerce to explore the cross border flow of personal information,especially puts emphasis on privacy protection.As a new form of international trade,cross-border e-commerce has the incomparable advantages over traditional trade and promotes a new reform in international trade.And the cross-border data flow plays a crucial rule in it.Thus,it is significant to seek countermeasures to enhance the coordination and progress between different rules.Further,it enumerates the relative rules and analyzes them in detail.Practically,China is initiating the″Digital Belt and Road Initiative″.Being one of the largest markets for cross-border e-commerce,researching on privacy protection in the context of data flow is necessary.
引文
[1]Cukier K.,″Data,Data Everywhere:A Special Report on Managing Information,″2010-02-27,https://china.emc.com/collateral/analyst-reports/ar-the-economist-data-data-everywhere.pdf,2019-01-31.
[2]Grünewald O.,No Transfer,No Trade:The Importance of Cross-border Data Transfers for Companies Based in Sweden,Stockholm:Kommerskollegium,2014.
[3]Meltzer J.P.,″The Internet,Cross-border Data Flows and International Trade,″Asia &the Pacific Policy Studies,Vol.2,No.1(2014),pp.90-102.
[4]Pepper R.,Garrity J.&LaSalle C.,″Cross-border Data Flows,Digital Innovation,and Economic Growth,″http://www3.weforum.org/docs/GITR2016/WEF_GITR_Chapter1.2_2016.pdf,2018-08-23.
[5]Consulate-General of the Kingdom of the Netherlands in Shanghai,″China Cross-border E-commerce Guidebook,″https://www.rvo.nl/sites/default/files/2017/03/Cross-Border%20E-commere%20Guidebook%20FINAL%20FINAL.PDF,2019-01-31.
[6]赵骏、干燕嫣:《变革中的国际经贸规则与跨境电商立法的良性互动》,《浙江大学学报(人文社会科学版)》2017年第6期,第88-102页。[Zhao Jun &Gan Yanyan,″Healthy Interaction Between the Changing International Economic and Trade Rules and Cross-border E-commerce Legislation,″Journal of Zhejiang University(Humanities and Social Science),No.6(2017),pp.88-102.]
[7]Meltzer J.P.&Lovelock P.,Regulating for a Digital Economy:Understanding the Importance of Cross-border Data Flows in Asia,Washington D.C.:Brookings,2018.
[8]The Software Alliance,″Cross-border Data Flows,″2017,https://www.bsa.org/~/media/Files/Policy/BSA_2017CrossBorderDataFlows.pdf,2019-01-31.
[9]Kuner C.,″Regulation of Transborder Data Flows under Data Protection and Privacy Law:Past,Present,and Future,″OECD Digital Economy Papers,No.187(2011),pp.1-39.
[10]de Vries W.T.,″Protecting Privacy in the Digital Age,″Berkeley Technology Law Journal,Vol.18,No.1(2003),pp.283-311.
[11]张里安、韩旭至:《大数据时代下个人信息权的私法属性》,《法学论坛》2016年第3期,第119-129页。[Zhang Li’an &Han Xuzhi,″The Private Law Nature of Personal Information Right in the Big Data Era,″Legal Forum,No.3(2016),pp.119-129.]
[12]王利明:《论个人信息权的法律保护——以个人信息权与隐私权的界分为中心》,《现代法学》2013年第4期,第62-72页。[Wang Liming,″Legal Protection of Personal Information:Centered on the Line Between Personal Information and Privacy,″Modern Law Science,No.4(2013),pp.62-72.]
[13]李延舜:《个人信息权保护的法经济学分析及其限制》,《法学论坛》2015年第3期,第43-53页。[Li Yanshun,″The Analysis of Law and Economics of the Protection of Personal Information and Its Restrictions,″Legal Forum,No.3(2015),pp.43-53.]
[14]杨惟钦:《价值维度中的个人信息权属模式考察——以利益属性分析切入》,《法学评论》2016年第4期,第66-75页。[Yang Weiqin,″Inspecting Ownership Pattern of Personal Information in Value Dimension,″Law Review,No.4(2016),pp.66-75.]
[15]王泽鉴:《人格权法》,北京:北京大学出版社,2013年。[Wang Zejian,The Law of Personality Right,Beijing:Peking University Press,2013.]
[16]佟柔主编:《中国民法》,北京:法律出版社,1990年。[Tong Rou(ed.),Chinese Civil Law,Beijing:Law Press·China,1990.]
[17]马特、袁雪石:《人格权法教程》,北京:中国人民大学出版社,2007年。[Ma Te &Yuan Xueshi,The Course of Personality Right Law,Beijing:China Renmin University Press,2007.]
[18]Cohen B.,Hall B.&Wood C.,″Data Localization Laws and Their Impact on Privacy,Data Security and the Global Economy,″Antitrust,Vol.32,No.1(2017),pp.107-114.
[19]Svantesson D.J.B.,″The Regulation of Cross-border Data Flows,″International Data Privacy Law,Vol.1,No.3(2011),pp.180-198.
[20]UNCTAD,Data Protection Regulation and International Data Flows:Implications for Trade and Development,New York:United Nations Publications,2016.
[21]The World Bank,World Development Report 2016:Digital Dividends,http://www.worldbank.org/en/publication/wdr2016,2018-08-23.
[22]Kane M.J.&Ricks D.A.,″Is Transnational Data Flow Regulation a Problems?″Journal of International Business Studies,Vol.19,No.3(1988),pp.477-482.
[23]程啸:《论大数据时代的个人数据权利》,《中国社会科学》2018年第3期,第102-122、207-208页。[Cheng Xiao,″Personal Data Rights in the Era of Big Data,″Social Sciences in China,No.3(2018),pp.102-122,207-208.]
[24]Council of Europe,″Explanatory Report to the Protocol Amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data,″2018-10-10,https://rm.coe.int/16808ac91a,2019-01-31.
[25]范为:《大数据时代个人信息定义的再审视》,《信息安全与通信保密》2016年第10期,第70-80页。[Fan Wei,″Rethinking of Personal Data in Big-data Age,″Information Security and Communications Privacy,No.10(2016),pp.70-80.]
[26]曾令良:《国际法治与中国法治建设》,《中国社会科学》2015年第10期,第135-146页。[Zeng Lingliang,″International Rule of Law and Rule of Law Construction in China,″Social Sciences in China,No.10(2015),pp.135-146.]
[27]赵骏:《全球治理视野下的国际法治与国内法治》,《中国社会科学》2014年第10期,第79-99、206-207页。[Zhao Jun,″International and Domestic Rule of Law from the Perspective of Global Governance,″Social Sciences in China,No.10(2014),pp.79-99,206-207.]
[28]刘雪莲、姚璐:《国家治理的全球治理意义》,《中国社会科学》2016年第6期,第29-35页。[Liu Xuelian &Yao Lu,″The Implications of State Governance for Effective Global Governance,″Social Sciences in China,No.6(2016),pp.29-35.]
[29]刘贞晔:《全球治理与国家治理的互动:思想渊源与现实反思》,《中国社会科学》2016年第6期,第36-46页。[Liu Zhenye,″The Interplay Between Global and State Governance:Theoretical Origins and Practical Reflections,″Social Sciences in China,No.6(2016),pp.36-46.]
[30]Davis K.&Trebilcock M.J.,″What Role Do Legal Institutions Play in Development,″1999-10-20,https://www.imf.org/external/pubs/ft/seminar/1999/reforms/trebil.pdf,2019-01-31.
[31]Ferretti F.,The Law and Consumer Credit Information in the European Community:The Regulation of Credit Information Systems,London:Routledge-Cavendish,2008.
[32]Schwartz P.M.,″The EU-U.S.Privacy Collision:A Turn to Institutions and Procedures,″Harvard Law Review,Vol.126,No.7(2013),pp.1966-2009.
[33]Gady F.-S.,″EU/US Approached to Data Privacy and the′Brussels Effect′:A Comparative Analysis,″Georgetown Journal of International Affairs,International Engagement on CyberⅣ(2014),pp.12-23.
[34]何志鹏、孙璐:《国际软法何以可能:一个以环境为视角的展开》,《当代法学》2012年第1期,第36-46页。[He Zhipeng &Sun Lu,″How Is Soft International Law Possible,″Contemporary Law Review,No.1(2012),pp.36-46.]
[35]罗豪才、周强:《软法研究的多维思考》,《中国法学》2013年第5期,第102-111页。[Luo Haocai &Zhou Qiang,″Multidimensional Thoughts on Soft Law Research,″China Legal Science,No.5(2013),pp.102-111.]
[36]Shaffer G.&Pollack M.A.,″Hard vs.Soft Law:Alternatives,Complements and Antagonists in International Governance,″Minnesota Law Review,Vol.94,No.3(2010),pp.706-799.
[37]Paust J.J.,″Can You Hear Me Now?Private Communication,National Security,and the Human Rights Disconnect,″Chicago Journal of International Law,Vol.15,No.2(2015),pp.612-651.
[38]Bignami F.&Resta G.,″Human Rights Extraterritoriality:The Right to Privacy and National Security Surveillance,″in Benvenisti E.&Nolte G.(eds.),Community Interests Across International Law,Oxford:Oxford University Press,2018,pp.357-380.
[39]Aaronson S.A.,″Why Trade Agreements Are Not Setting Information Free:The Lost History and Reinvigorated Debate over Cross-border Data Flows,Human Rights and National Security,″World Trade Review,Vol.14,No.4(2015),pp.671-700.
[40]陈咏梅、张姣:《跨境数据流动国际规制新发展:困境与前路》,《上海对外经贸大学学报》2017年第6期,第37-52页。[Chen Yongmei &Zhang Jiao,″New Developments in International Regulation Formulation in Cross-border Data Flow:Dilemma and the Way Forward,″Journal of Shanghai University of International Business and Economics,No.6(2017),pp.37-52.]
[41]龚柏华:《论跨境电子商务/数字贸易的“eWTO”规制构建》,《上海对外经贸大学学报》2016年第6期,第18-28页。[Gong Baihua,″On the Framework of Agreement of Cross Board E-commerce/Digit Trade(′eWTO′),″Journal of Shanghai University of International Business and Economics,No.6(2016),pp.18-28.]
[42]Sen N.,″Understanding the Role of the WTO in International Data Flows:Taking the Liberalization or the Regulatory Autonomy Path?″Journal of International Economic Law,Vol.21,No.2(2018),pp.323-348.
[43]Aaronson S.A.&Leblond P.,″Another Digital Divide:The Rise of Data Realms and Its Implications for the WTO,″Journal of International Economic Law,Vol.21,No.2(2018),pp.245-272.
[44]许多奇:《个人数据跨境流动规制的国际格局及中国应对》,《法学论坛》2018年第3期,第130-137页。[Xu Duoqi,″International Pattern of Personal Data Cross-border Flow Regulation and China’s Response,″Legal Forum,No.3(2018),pp.130-137.]
[45]任龙龙:《论同意不是个人信息处理的正当性基础》,《政治与法律》2016年第1期,第126-134页。[Ren Longlong,″Consent Is Not the Legitimate Basis of Personal Information Processing,″Political Science and Law,No.1(2016),pp.126-134.]
[46]洪延青:《数据出境安全评估:保护我国基础性战略资源的重要一环》,《中国信息安全》2017年第6期,第73-76页。[Hong Yanqing,″The Cross-border Data Flows Security Assessment:An Important Part of Protecting China’s Basic Strategic Resources,″China Information Security,No.6(2017),pp.73-76.]
[47]黄宁、李扬:《“三难选择”下跨境数据流动规制的演进与成因》,《清华大学学报(哲学社会科学版)》2017年第5期,第172-182、199页。[Huang Ning &Li Yang,″The Evolutionary Trend of Trans-border Data Flows Regulation and Its Cause Analysis,″Journal of Tsinghua University(Philosophy and Social Science),No.5(2017),pp.172-182,199.]
[48]曹杰、王晶:《跨境数据流动规则分析——以欧美隐私盾协议为视角》,《国际经贸探索》2017年第4期,第107-116页。[Cao Jie &Wang Jing,″An Analysis of Cross-border Data Flow Rule from the Perspective of EU-US Privacy Shield,″International Economics and Trade Research,No.4(2017),pp.107-116.]
[49]Blum G.,″Bilateralism,Multilateralism,and the Architecture of International Law,″Harvard International Law Journal,Vol.49,No.2(2008),pp.323-379.
[50]Deckelboim S.J.,″Consumer Privacy on an International Scale:Conflicting Viewpoints Underlying the EU-U.S Privacy Shield Framework and How the Framework Will Impact Privacy Advocates,National Security and Business,″Georgetown Journal of International Law,Vol.48,No.1(2016),pp.263-296.
[51]蔡拓:《全球治理与国家治理:当代中国两大战略考量》,《中国社会科学》2016年第6期,第5-14页。[Cai Tuo,″Global Governance and State Governance:Two Strategic Considerations in Contemporary China,″Social Sciences in China,No.6(2016),pp.5-14.]
[52]van Grasstek C.,The History and Future of the World Trade Organization,Geneva:World Trade Organization Publications,2013.
[53]洪延青:《“以管理为基础的规制”——对网络运营者安全保护义务的重构》,《环球法律评论》2016年第4期,第20-40页。[Hong Yanqing,″Security Obligation of Network Operator:A Regulatory Approach Based on Management,″Global Law Review,No.4(2016),pp.20-40.]
(1)有学者使用“个人数据”“个人资料”“数据隐私”,而学界通常使用“个人信息”,如张新宝《从隐私到个人信息:利益再衡量的理论与制度安排》,载《中国法学》2015年第3期,第38-59页。本文对此不做区分,据文章需要交替使用各用语。
(1)参见Burri M.,″The Governance of Data and Data Flows in Trade Agreements:The Pitfalls of Legal Adaption,″UC Davis Law Review,Vol.51,No.1(2017),pp.67-69。规制的其他考量还在于国家安全、政治限制、道德限制、知识产权保护、商业限制,见Meltzer J.P.,″The Internet,Cross-border Data Flows and International Trade,″Asia &the Pacific Policy Studies,Vol.2,No.1(2014),pp.93-96。
(2)Rosenberg M.,Confessore N.&Cadwalladr C.,″How Trump Consultants Exploited the Facebook Data of Millions,″2018-03-17,https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html,2019-01-31.
(3)OECD,″Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data,″2019-01-29,https://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyand transborderflowsofpersonaldata.htm#recommendation,2019-01-31.
(4)The White House,″The Framework for Global Electronic Commerce,″2019-01-31,https://clintonwhitehouse4.archives.gov/WH/New/Commerce,2019-01-31.
(5)采取本地化措施的信息包括会计、税收、金融信息,个人信息,通信信息,新兴数字化服务信息,政府和公共信息等。详见Cory N.,″Cross-border Data Flows:Where Are the Barriers,and What Do They Cost?″2017-04-29,http://www2.itif.org/2017-block-global-data-flow-one-pager.pdf?_ga=2.81609687.1126305927.1548924941-2007875186.1548924941,2019-01-31。
(6)同上,p.2。
(1)Druey J.N.,Information als Gegenstand des Rechts,Zurich:Baden-Baden,1996。转引自谢远扬《信息论视角下个人信息的价值——兼对隐私权保护模式的检讨》,载《清华法学》2015年第3期,第98页。
(2)参见我国台湾地区“个人资料保护法”第2条。
(3)参见我国香港地区个人资料(私隐)条例关于“个人资料”的定义。
(4)参见欧盟《一般数据保护条例》,第4条。
(5)Gordon M.,The Minister of Health(Canada),2008FC 258,para.32.
(6)UNCTAD,Data Protection Regulation and International Data Flows:Implications for Trade and Development,New York:United Nations Publications,2016,p.42.
(1)Council of Europe,″Protocol Amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data,″https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/223,2019-01-31.
(1)Wilbur Ross,″EU Data Privacy Laws Are Likely to Create Barriers to Trade,″2018-05-30,https://www.ft.com/content/9d261f44-6255-11e8-bdd1-cc0534df682c,2019-01-31.
(2)I-SCOOP,″Why EU Member States and National DPAs Will Not Be Fully Ready for GDPR in Time,″2018-02-16,https://www.i-scoop.eu/european-member-states-dpas-ready-gdpr-time/,2019-01-31.
(1)此三种模式借鉴了张金平的划分方式,但将其“第三国适当性评估模式”改为“适当性评估模式”,因为当个人数据转移至国际组织时仍适用适当性评估;将“数据控制者担保模式”改为“数据控制者确保模式”,因“担保”一词财产法色彩较重,易产生歧义。参见张金平《跨境数据转移的国际规制及中国法律的应对——兼评我国〈网络安全法〉上的跨境数据转移限制规则》,载《政治与法律》2016年第12期,第140-144页。
(2)DLA PIPER,″Data Protection Laws of the World,″2018.
(3)参见《一般数据保护条例》,第45条第2款。
(4)马来西亚《个人数据保护法案2010》,第128节。
(5)美国国家立法中并没有对个人信息跨境流动施以地域限制,但是大多数美国企业都被要求采取合理措施保护敏感个人信息的安全,一些州有相关立法。此外,美国主导CBPRS,整个规则体系具有美国色彩。美国2018年3月通过的“CLOUD法案”中也借鉴了该模式。
(1)参见张金平《跨境数据转移的国际规制及中国法律的应对——兼评我国〈网络安全法〉上的跨境数据转移限制规则》,载《政治与法律》2016年第12期,第143-144页。
(2)Information Privacy Act 2014(Australian Capital Territory),Principle 8.
(3)参见《日本个人信息保护法》,第24条。
(1)CIW,″Cross-border Consumers to Account for over Half of Total Digital Consumers by 2020,″2016-07-06,https://www.chinainternetwatch.com/18194/embraces-cross-border-e-commerce/,2019-01-31.
(2)例如2016年颁行的《网络安全法》第四章“网络信息安全”对个人信息保护做出了规定;《民法总则》明确个人信息受法律保护;《消费者权益保护法》规定消费者享有个人信息依法得到保护的权利;《侵权责任法》明确对民事权益的保护;《刑法》及相关司法解释规定了“侵犯公民个人信息罪”;《计算机信息网络国际联网安全保护管理办法》(2011修订)强调用户的通信自由与通信秘密;《信息安全技术公共及商用服务系统个人信息保护指南》为个人信息转移提供了指导意见等。
(3)例如崔光耀《加快推进个人信息保护立法》,载《中国信息安全》2018年第3期,第5页;佚名《全国人大常委会法工委:正研究个人信息保护立法》,2018-02-26,http://www.chinanews.com/sh/2018/02-26/8454996.shtml,2019-01-31;周汉华《探索激励相容的个人数据治理之道——中国个人信息保护法的立法方向》,载《法学研究》2018年第2期,第3-23页;蒋舸《个人信息保护法立法模式的选择——以德国经验为视角》,载《法律科学(西北政法大学学报)》2011年第2期,第113-120页。
(4)参见联合国人权高级专员办事处《第16号一般性意见:第十七条(隐私权)》,1988年,第2-4段。
(5)Klass and Others v.Germany,ECHR,Judgement,1978,para.44.
(6)参见联合国人权高级专员办事处《第27号一般性意见:第十二条(迁徙自由)》,1999年,第14段。
(7)此部分的“双边条约”与后文“多边条约”中的“条约”一词均采广义,包括协定、专约、公约、议定书等。参见李浩培《条约法概论》,(北京)法律出版社2003年版,第21页。
(1)规则重塑的本质是提供一套新的关于哲学理念和意识形态的系统学说,这套系统学说至少具备三个方面的特质:一是必须具有内外统一性;二是必须体现新旧传承性;三是必须体现时代进步性。参见王鸿刚《中国参与全球治理:新时代的机遇与方向》,载《外交评论》2017年第6期,第16-17页。
(2)Kwakwa V.,″Multilateralism for an Inclusive World,″2017-11-01,https://www.worldbank.org/en/news/opinion/2017/11/01/multilateralism-for-an-inclusive-world,2019-01-31.
(3)交存于联合国秘书长的多边条约超过560份,涉及争端解决、特权与豁免、人权、难民与无国籍人、国际贸易与发展等29个领域,参见United Nations Treaty Collection,″Multilateral Treaties Deposited with the Secretary-General,″2019-01-31,https://treaties.un.org/pages/ParticipationStatus.aspx,2019-01-31。
(4)Shaffer和Pollack对软硬法间的互动提出5种假设:当强国同意时、当强国反对时、当相对弱小国家反对时、执行的递归效应、硬法与软法相互对抗,并提供了相应建议。详见Shaffer G.&Pollack M.A.,″Hard vs.Soft Law:Alternatives,Complements and Antagonists in International Governance,″Minnesota Law Review,Vol.94,No.3(2010),pp.765-798。
(5)参见商务部电子商务和信息化司《中国电子商务报告2017》,http://dzsws.mofcom.gov.cn/article/ztxx/ndbg/201805/20180502750562.shtml,2018年8月23日,第1页、第4页。
(1)参见《2016—2017年度中国网络空间安全综述》,2017年12月25日,http://www.sic.gov.cn/news/91/8705.htm,2019年1月31日。
[2]Grünewald O.,No Transfer,No Trade:The Importance of Cross-border Data Transfers for Companies Based in Sweden,Stockholm:Kommerskollegium,2014.
[3]Meltzer J.P.,″The Internet,Cross-border Data Flows and International Trade,″Asia &the Pacific Policy Studies,Vol.2,No.1(2014),pp.90-102.
[4]Pepper R.,Garrity J.&LaSalle C.,″Cross-border Data Flows,Digital Innovation,and Economic Growth,″http://www3.weforum.org/docs/GITR2016/WEF_GITR_Chapter1.2_2016.pdf,2018-08-23.
[5]Consulate-General of the Kingdom of the Netherlands in Shanghai,″China Cross-border E-commerce Guidebook,″https://www.rvo.nl/sites/default/files/2017/03/Cross-Border%20E-commere%20Guidebook%20FINAL%20FINAL.PDF,2019-01-31.
[6]赵骏、干燕嫣:《变革中的国际经贸规则与跨境电商立法的良性互动》,《浙江大学学报(人文社会科学版)》2017年第6期,第88-102页。[Zhao Jun &Gan Yanyan,″Healthy Interaction Between the Changing International Economic and Trade Rules and Cross-border E-commerce Legislation,″Journal of Zhejiang University(Humanities and Social Science),No.6(2017),pp.88-102.]
[7]Meltzer J.P.&Lovelock P.,Regulating for a Digital Economy:Understanding the Importance of Cross-border Data Flows in Asia,Washington D.C.:Brookings,2018.
[8]The Software Alliance,″Cross-border Data Flows,″2017,https://www.bsa.org/~/media/Files/Policy/BSA_2017CrossBorderDataFlows.pdf,2019-01-31.
[9]Kuner C.,″Regulation of Transborder Data Flows under Data Protection and Privacy Law:Past,Present,and Future,″OECD Digital Economy Papers,No.187(2011),pp.1-39.
[10]de Vries W.T.,″Protecting Privacy in the Digital Age,″Berkeley Technology Law Journal,Vol.18,No.1(2003),pp.283-311.
[11]张里安、韩旭至:《大数据时代下个人信息权的私法属性》,《法学论坛》2016年第3期,第119-129页。[Zhang Li’an &Han Xuzhi,″The Private Law Nature of Personal Information Right in the Big Data Era,″Legal Forum,No.3(2016),pp.119-129.]
[12]王利明:《论个人信息权的法律保护——以个人信息权与隐私权的界分为中心》,《现代法学》2013年第4期,第62-72页。[Wang Liming,″Legal Protection of Personal Information:Centered on the Line Between Personal Information and Privacy,″Modern Law Science,No.4(2013),pp.62-72.]
[13]李延舜:《个人信息权保护的法经济学分析及其限制》,《法学论坛》2015年第3期,第43-53页。[Li Yanshun,″The Analysis of Law and Economics of the Protection of Personal Information and Its Restrictions,″Legal Forum,No.3(2015),pp.43-53.]
[14]杨惟钦:《价值维度中的个人信息权属模式考察——以利益属性分析切入》,《法学评论》2016年第4期,第66-75页。[Yang Weiqin,″Inspecting Ownership Pattern of Personal Information in Value Dimension,″Law Review,No.4(2016),pp.66-75.]
[15]王泽鉴:《人格权法》,北京:北京大学出版社,2013年。[Wang Zejian,The Law of Personality Right,Beijing:Peking University Press,2013.]
[16]佟柔主编:《中国民法》,北京:法律出版社,1990年。[Tong Rou(ed.),Chinese Civil Law,Beijing:Law Press·China,1990.]
[17]马特、袁雪石:《人格权法教程》,北京:中国人民大学出版社,2007年。[Ma Te &Yuan Xueshi,The Course of Personality Right Law,Beijing:China Renmin University Press,2007.]
[18]Cohen B.,Hall B.&Wood C.,″Data Localization Laws and Their Impact on Privacy,Data Security and the Global Economy,″Antitrust,Vol.32,No.1(2017),pp.107-114.
[19]Svantesson D.J.B.,″The Regulation of Cross-border Data Flows,″International Data Privacy Law,Vol.1,No.3(2011),pp.180-198.
[20]UNCTAD,Data Protection Regulation and International Data Flows:Implications for Trade and Development,New York:United Nations Publications,2016.
[21]The World Bank,World Development Report 2016:Digital Dividends,http://www.worldbank.org/en/publication/wdr2016,2018-08-23.
[22]Kane M.J.&Ricks D.A.,″Is Transnational Data Flow Regulation a Problems?″Journal of International Business Studies,Vol.19,No.3(1988),pp.477-482.
[23]程啸:《论大数据时代的个人数据权利》,《中国社会科学》2018年第3期,第102-122、207-208页。[Cheng Xiao,″Personal Data Rights in the Era of Big Data,″Social Sciences in China,No.3(2018),pp.102-122,207-208.]
[24]Council of Europe,″Explanatory Report to the Protocol Amending the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data,″2018-10-10,https://rm.coe.int/16808ac91a,2019-01-31.
[25]范为:《大数据时代个人信息定义的再审视》,《信息安全与通信保密》2016年第10期,第70-80页。[Fan Wei,″Rethinking of Personal Data in Big-data Age,″Information Security and Communications Privacy,No.10(2016),pp.70-80.]
[26]曾令良:《国际法治与中国法治建设》,《中国社会科学》2015年第10期,第135-146页。[Zeng Lingliang,″International Rule of Law and Rule of Law Construction in China,″Social Sciences in China,No.10(2015),pp.135-146.]
[27]赵骏:《全球治理视野下的国际法治与国内法治》,《中国社会科学》2014年第10期,第79-99、206-207页。[Zhao Jun,″International and Domestic Rule of Law from the Perspective of Global Governance,″Social Sciences in China,No.10(2014),pp.79-99,206-207.]
[28]刘雪莲、姚璐:《国家治理的全球治理意义》,《中国社会科学》2016年第6期,第29-35页。[Liu Xuelian &Yao Lu,″The Implications of State Governance for Effective Global Governance,″Social Sciences in China,No.6(2016),pp.29-35.]
[29]刘贞晔:《全球治理与国家治理的互动:思想渊源与现实反思》,《中国社会科学》2016年第6期,第36-46页。[Liu Zhenye,″The Interplay Between Global and State Governance:Theoretical Origins and Practical Reflections,″Social Sciences in China,No.6(2016),pp.36-46.]
[30]Davis K.&Trebilcock M.J.,″What Role Do Legal Institutions Play in Development,″1999-10-20,https://www.imf.org/external/pubs/ft/seminar/1999/reforms/trebil.pdf,2019-01-31.
[31]Ferretti F.,The Law and Consumer Credit Information in the European Community:The Regulation of Credit Information Systems,London:Routledge-Cavendish,2008.
[32]Schwartz P.M.,″The EU-U.S.Privacy Collision:A Turn to Institutions and Procedures,″Harvard Law Review,Vol.126,No.7(2013),pp.1966-2009.
[33]Gady F.-S.,″EU/US Approached to Data Privacy and the′Brussels Effect′:A Comparative Analysis,″Georgetown Journal of International Affairs,International Engagement on CyberⅣ(2014),pp.12-23.
[34]何志鹏、孙璐:《国际软法何以可能:一个以环境为视角的展开》,《当代法学》2012年第1期,第36-46页。[He Zhipeng &Sun Lu,″How Is Soft International Law Possible,″Contemporary Law Review,No.1(2012),pp.36-46.]
[35]罗豪才、周强:《软法研究的多维思考》,《中国法学》2013年第5期,第102-111页。[Luo Haocai &Zhou Qiang,″Multidimensional Thoughts on Soft Law Research,″China Legal Science,No.5(2013),pp.102-111.]
[36]Shaffer G.&Pollack M.A.,″Hard vs.Soft Law:Alternatives,Complements and Antagonists in International Governance,″Minnesota Law Review,Vol.94,No.3(2010),pp.706-799.
[37]Paust J.J.,″Can You Hear Me Now?Private Communication,National Security,and the Human Rights Disconnect,″Chicago Journal of International Law,Vol.15,No.2(2015),pp.612-651.
[38]Bignami F.&Resta G.,″Human Rights Extraterritoriality:The Right to Privacy and National Security Surveillance,″in Benvenisti E.&Nolte G.(eds.),Community Interests Across International Law,Oxford:Oxford University Press,2018,pp.357-380.
[39]Aaronson S.A.,″Why Trade Agreements Are Not Setting Information Free:The Lost History and Reinvigorated Debate over Cross-border Data Flows,Human Rights and National Security,″World Trade Review,Vol.14,No.4(2015),pp.671-700.
[40]陈咏梅、张姣:《跨境数据流动国际规制新发展:困境与前路》,《上海对外经贸大学学报》2017年第6期,第37-52页。[Chen Yongmei &Zhang Jiao,″New Developments in International Regulation Formulation in Cross-border Data Flow:Dilemma and the Way Forward,″Journal of Shanghai University of International Business and Economics,No.6(2017),pp.37-52.]
[41]龚柏华:《论跨境电子商务/数字贸易的“eWTO”规制构建》,《上海对外经贸大学学报》2016年第6期,第18-28页。[Gong Baihua,″On the Framework of Agreement of Cross Board E-commerce/Digit Trade(′eWTO′),″Journal of Shanghai University of International Business and Economics,No.6(2016),pp.18-28.]
[42]Sen N.,″Understanding the Role of the WTO in International Data Flows:Taking the Liberalization or the Regulatory Autonomy Path?″Journal of International Economic Law,Vol.21,No.2(2018),pp.323-348.
[43]Aaronson S.A.&Leblond P.,″Another Digital Divide:The Rise of Data Realms and Its Implications for the WTO,″Journal of International Economic Law,Vol.21,No.2(2018),pp.245-272.
[44]许多奇:《个人数据跨境流动规制的国际格局及中国应对》,《法学论坛》2018年第3期,第130-137页。[Xu Duoqi,″International Pattern of Personal Data Cross-border Flow Regulation and China’s Response,″Legal Forum,No.3(2018),pp.130-137.]
[45]任龙龙:《论同意不是个人信息处理的正当性基础》,《政治与法律》2016年第1期,第126-134页。[Ren Longlong,″Consent Is Not the Legitimate Basis of Personal Information Processing,″Political Science and Law,No.1(2016),pp.126-134.]
[46]洪延青:《数据出境安全评估:保护我国基础性战略资源的重要一环》,《中国信息安全》2017年第6期,第73-76页。[Hong Yanqing,″The Cross-border Data Flows Security Assessment:An Important Part of Protecting China’s Basic Strategic Resources,″China Information Security,No.6(2017),pp.73-76.]
[47]黄宁、李扬:《“三难选择”下跨境数据流动规制的演进与成因》,《清华大学学报(哲学社会科学版)》2017年第5期,第172-182、199页。[Huang Ning &Li Yang,″The Evolutionary Trend of Trans-border Data Flows Regulation and Its Cause Analysis,″Journal of Tsinghua University(Philosophy and Social Science),No.5(2017),pp.172-182,199.]
[48]曹杰、王晶:《跨境数据流动规则分析——以欧美隐私盾协议为视角》,《国际经贸探索》2017年第4期,第107-116页。[Cao Jie &Wang Jing,″An Analysis of Cross-border Data Flow Rule from the Perspective of EU-US Privacy Shield,″International Economics and Trade Research,No.4(2017),pp.107-116.]
[49]Blum G.,″Bilateralism,Multilateralism,and the Architecture of International Law,″Harvard International Law Journal,Vol.49,No.2(2008),pp.323-379.
[50]Deckelboim S.J.,″Consumer Privacy on an International Scale:Conflicting Viewpoints Underlying the EU-U.S Privacy Shield Framework and How the Framework Will Impact Privacy Advocates,National Security and Business,″Georgetown Journal of International Law,Vol.48,No.1(2016),pp.263-296.
[51]蔡拓:《全球治理与国家治理:当代中国两大战略考量》,《中国社会科学》2016年第6期,第5-14页。[Cai Tuo,″Global Governance and State Governance:Two Strategic Considerations in Contemporary China,″Social Sciences in China,No.6(2016),pp.5-14.]
[52]van Grasstek C.,The History and Future of the World Trade Organization,Geneva:World Trade Organization Publications,2013.
[53]洪延青:《“以管理为基础的规制”——对网络运营者安全保护义务的重构》,《环球法律评论》2016年第4期,第20-40页。[Hong Yanqing,″Security Obligation of Network Operator:A Regulatory Approach Based on Management,″Global Law Review,No.4(2016),pp.20-40.]
(1)有学者使用“个人数据”“个人资料”“数据隐私”,而学界通常使用“个人信息”,如张新宝《从隐私到个人信息:利益再衡量的理论与制度安排》,载《中国法学》2015年第3期,第38-59页。本文对此不做区分,据文章需要交替使用各用语。
(1)参见Burri M.,″The Governance of Data and Data Flows in Trade Agreements:The Pitfalls of Legal Adaption,″UC Davis Law Review,Vol.51,No.1(2017),pp.67-69。规制的其他考量还在于国家安全、政治限制、道德限制、知识产权保护、商业限制,见Meltzer J.P.,″The Internet,Cross-border Data Flows and International Trade,″Asia &the Pacific Policy Studies,Vol.2,No.1(2014),pp.93-96。
(2)Rosenberg M.,Confessore N.&Cadwalladr C.,″How Trump Consultants Exploited the Facebook Data of Millions,″2018-03-17,https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html,2019-01-31.
(3)OECD,″Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data,″2019-01-29,https://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyand transborderflowsofpersonaldata.htm#recommendation,2019-01-31.
(4)The White House,″The Framework for Global Electronic Commerce,″2019-01-31,https://clintonwhitehouse4.archives.gov/WH/New/Commerce,2019-01-31.
(5)采取本地化措施的信息包括会计、税收、金融信息,个人信息,通信信息,新兴数字化服务信息,政府和公共信息等。详见Cory N.,″Cross-border Data Flows:Where Are the Barriers,and What Do They Cost?″2017-04-29,http://www2.itif.org/2017-block-global-data-flow-one-pager.pdf?_ga=2.81609687.1126305927.1548924941-2007875186.1548924941,2019-01-31。
(6)同上,p.2。
(1)Druey J.N.,Information als Gegenstand des Rechts,Zurich:Baden-Baden,1996。转引自谢远扬《信息论视角下个人信息的价值——兼对隐私权保护模式的检讨》,载《清华法学》2015年第3期,第98页。
(2)参见我国台湾地区“个人资料保护法”第2条。
(3)参见我国香港地区个人资料(私隐)条例关于“个人资料”的定义。
(4)参见欧盟《一般数据保护条例》,第4条。
(5)Gordon M.,The Minister of Health(Canada),2008FC 258,para.32.
(6)UNCTAD,Data Protection Regulation and International Data Flows:Implications for Trade and Development,New York:United Nations Publications,2016,p.42.
(1)Council of Europe,″Protocol Amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data,″https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/223,2019-01-31.
(1)Wilbur Ross,″EU Data Privacy Laws Are Likely to Create Barriers to Trade,″2018-05-30,https://www.ft.com/content/9d261f44-6255-11e8-bdd1-cc0534df682c,2019-01-31.
(2)I-SCOOP,″Why EU Member States and National DPAs Will Not Be Fully Ready for GDPR in Time,″2018-02-16,https://www.i-scoop.eu/european-member-states-dpas-ready-gdpr-time/,2019-01-31.
(1)此三种模式借鉴了张金平的划分方式,但将其“第三国适当性评估模式”改为“适当性评估模式”,因为当个人数据转移至国际组织时仍适用适当性评估;将“数据控制者担保模式”改为“数据控制者确保模式”,因“担保”一词财产法色彩较重,易产生歧义。参见张金平《跨境数据转移的国际规制及中国法律的应对——兼评我国〈网络安全法〉上的跨境数据转移限制规则》,载《政治与法律》2016年第12期,第140-144页。
(2)DLA PIPER,″Data Protection Laws of the World,″2018.
(3)参见《一般数据保护条例》,第45条第2款。
(4)马来西亚《个人数据保护法案2010》,第128节。
(5)美国国家立法中并没有对个人信息跨境流动施以地域限制,但是大多数美国企业都被要求采取合理措施保护敏感个人信息的安全,一些州有相关立法。此外,美国主导CBPRS,整个规则体系具有美国色彩。美国2018年3月通过的“CLOUD法案”中也借鉴了该模式。
(1)参见张金平《跨境数据转移的国际规制及中国法律的应对——兼评我国〈网络安全法〉上的跨境数据转移限制规则》,载《政治与法律》2016年第12期,第143-144页。
(2)Information Privacy Act 2014(Australian Capital Territory),Principle 8.
(3)参见《日本个人信息保护法》,第24条。
(1)CIW,″Cross-border Consumers to Account for over Half of Total Digital Consumers by 2020,″2016-07-06,https://www.chinainternetwatch.com/18194/embraces-cross-border-e-commerce/,2019-01-31.
(2)例如2016年颁行的《网络安全法》第四章“网络信息安全”对个人信息保护做出了规定;《民法总则》明确个人信息受法律保护;《消费者权益保护法》规定消费者享有个人信息依法得到保护的权利;《侵权责任法》明确对民事权益的保护;《刑法》及相关司法解释规定了“侵犯公民个人信息罪”;《计算机信息网络国际联网安全保护管理办法》(2011修订)强调用户的通信自由与通信秘密;《信息安全技术公共及商用服务系统个人信息保护指南》为个人信息转移提供了指导意见等。
(3)例如崔光耀《加快推进个人信息保护立法》,载《中国信息安全》2018年第3期,第5页;佚名《全国人大常委会法工委:正研究个人信息保护立法》,2018-02-26,http://www.chinanews.com/sh/2018/02-26/8454996.shtml,2019-01-31;周汉华《探索激励相容的个人数据治理之道——中国个人信息保护法的立法方向》,载《法学研究》2018年第2期,第3-23页;蒋舸《个人信息保护法立法模式的选择——以德国经验为视角》,载《法律科学(西北政法大学学报)》2011年第2期,第113-120页。
(4)参见联合国人权高级专员办事处《第16号一般性意见:第十七条(隐私权)》,1988年,第2-4段。
(5)Klass and Others v.Germany,ECHR,Judgement,1978,para.44.
(6)参见联合国人权高级专员办事处《第27号一般性意见:第十二条(迁徙自由)》,1999年,第14段。
(7)此部分的“双边条约”与后文“多边条约”中的“条约”一词均采广义,包括协定、专约、公约、议定书等。参见李浩培《条约法概论》,(北京)法律出版社2003年版,第21页。
(1)规则重塑的本质是提供一套新的关于哲学理念和意识形态的系统学说,这套系统学说至少具备三个方面的特质:一是必须具有内外统一性;二是必须体现新旧传承性;三是必须体现时代进步性。参见王鸿刚《中国参与全球治理:新时代的机遇与方向》,载《外交评论》2017年第6期,第16-17页。
(2)Kwakwa V.,″Multilateralism for an Inclusive World,″2017-11-01,https://www.worldbank.org/en/news/opinion/2017/11/01/multilateralism-for-an-inclusive-world,2019-01-31.
(3)交存于联合国秘书长的多边条约超过560份,涉及争端解决、特权与豁免、人权、难民与无国籍人、国际贸易与发展等29个领域,参见United Nations Treaty Collection,″Multilateral Treaties Deposited with the Secretary-General,″2019-01-31,https://treaties.un.org/pages/ParticipationStatus.aspx,2019-01-31。
(4)Shaffer和Pollack对软硬法间的互动提出5种假设:当强国同意时、当强国反对时、当相对弱小国家反对时、执行的递归效应、硬法与软法相互对抗,并提供了相应建议。详见Shaffer G.&Pollack M.A.,″Hard vs.Soft Law:Alternatives,Complements and Antagonists in International Governance,″Minnesota Law Review,Vol.94,No.3(2010),pp.765-798。
(5)参见商务部电子商务和信息化司《中国电子商务报告2017》,http://dzsws.mofcom.gov.cn/article/ztxx/ndbg/201805/20180502750562.shtml,2018年8月23日,第1页、第4页。
(1)参见《2016—2017年度中国网络空间安全综述》,2017年12月25日,http://www.sic.gov.cn/news/91/8705.htm,2019年1月31日。