个人数据跨境传输标准合同研究

Study on the Standard Contractual Clauses of Personal Information Cross-border Transfer

成果信息
DC信息
传播影响力
本库下载频次:
本库浏览频次:
CNKI下载频次:0

归属院系:

国际法学院

作者:

毛杰

导师:

张春良

导师单位:

国际法学院

学位:

博士

语种:

中文

关键词:

个人数据;数据跨境传输;标准合同;数据安全;数字法治

摘要:

数据跨境传输监管的制度完善是当前我国数据法治领域中毋庸置疑的重点课题。作为推动我国数据保护法律法规域外适用、展现涉外法治价值的核心机制,跨境传输监管制度是数据法治的重点和难点。身处数字经济的全球化浪潮中,个人数据跨境传输已成为支撑国际贸易、科技创新与社会治理的基础性活动。因此,数据跨境传输监管需要在安全保障、自由流动与治理自主权之间作出价值抉择。主权国家对于数据跨境传输监管的价值抉择并非一劳永逸,而是需要基于特定阶段的治理需求作出相应的调整。对我国而言,数据跨境传输监管需要平衡安全与发展需求,国家安全是不可动摇的绝对底线,跨境传输的适度开放则是建构高水平对外开放格局的必然要求。2024年3月,国家互联网信息办公室发布《促进和规范数据跨境流动规定》,对数据出境安全评估、个人信息出境标准合同、个人信息保护认证等数据跨境传输监管制度的运行规则作了系统性修订,明确了“促进数据依法有序自由流动”的数据跨境传输治理原则,标志着我国数据跨境传输监管制度已从初始构建阶段迈向规范化、体系化的新发展阶段。然而,制度规则的更新迭代只是数据法律治理优化的浅层表征。从长远来看,我国数据跨境传输监管制度的完善仍然亟待学理层面的深入研究和理论支撑。基此,针对个人数据跨境传输标准合同的制度研究、规则解释正当其时。通过个人数据跨境传输标准合同监管域内个人数据的跨境传输活动并非我国个人数据保护的制度创新,而是欧盟数据保护法律演进过程中的经验产物。我国标准合同对跨境传输行为的监管源自于《个人信息保护法》第38条的授权。2023年,国家互联网信息办公室公布《个人信息出境标准合同办法》及其附件《个人信息出境标准合同》,正式明确了中国版个人数据跨境传输标准合同的条款内容。作为我国数据保护法律制度的新成员,标准合同既是我国数据跨境传输监管的制度构成,也是我国个人数据保护法律法规域外适用的法律工具。本文以我国个人数据跨境传输标准合同为研究对象,意在厘清、解释标准合同机制的制定依据、监管目标、法律效力、价值选择以及未来的发展趋势。有鉴于此,本文分为五个部分,分别追溯个人数据跨境传输标准合同的制度缘起及其演进,剖析标准合同的理论基础,解读标准合同的条款构造,总结标准合同在域外适用过程中面临的一般共性问题并给出中国应对,最后结合中国数据跨境传输标准合同的现状,反思标准合同在本土化过程中所存在中国个性问题,探寻我国个人数据跨境传输标准合同的完善建议,为实现“数字中国”战略目标夯实基础。本文第一章探讨个人数据跨境传输标准合同的制度缘起。标准合同是个人数据跨境传输的监管工具,是个人数据保护国别规范的对外延伸,其制度演进过程折射出个人数据保护国际法治的发展轨迹。欧盟是个人数据跨境传输标准合同制度的首创者,欧盟标准合同也是世界范围内最具影响力的制度模板。中国、英国、东盟等国家和地区的标准合同设计均在不同程度上受到欧盟标准合同的影响。由于数据治理规范的不断更新,欧盟标准合同经历了多次迭代,反映了不同时期个人数据跨境传输监管的价值选择。因此,第一章将以欧盟标准合同的演进过程为样本研究对象,着力追溯欧盟标准合同作为个人数据跨境传输监管工具的制度渊源,了解其在欧盟数据法治框架下承担的法治使命和实践过程中所遭遇的应用困境,有助于总结标准合同规制个人数据跨境传输的相关经验,为下文的深入探讨和未来的完善策略积累经验。本文第二章探讨个人数据跨境传输标准合同的理论基础。本章的研究可分为以下三个层次:第一,明确个人数据跨境传输标准合同的调整对象。目前国内外对标准合同的调整对象存在普遍共识,即以个人数据跨境传输活动为监管对象。个人数据是标准合同适用的核心概念,因此需要明确个人数据的范围内涵,尤其需要厘清数据、个人信息、个人数据等同类概念混用所造成的调整对象模糊问题。第二,明确标准合同的适用场景,即数据跨境。第三,揭示我国标准合同在数据跨境传输监管体系中的制度定位,明确我国引进标准合同的治理预期。我国的数据跨境传输监管遵循分类分级监管的基本思路,标准合同与网络安全审查、出境安全评估、认证制度共同组成我国数据跨境传输的监管框架。我国标准合同秉承了防控数据跨境传输风险的基本立场,通过将国家安全和个人数据保护的公法管制目标转化为自治框架下的格式条款,在数据跨境传输分类分级监管框架中承担着底线监管的制度功能。本文第三章探讨个人数据跨境传输标准合同的条款设计。各个国家和地区关于标准合同条款的立法设计,既有功能共识,也有制度分歧。参照部门法典总则编“提取公约数”的设计思路,在分析个人数据权利性质、归纳个人数据跨境传输活动中的典型风险的基础上,总结并提取个人数据跨境传输活动中典型权利义务类型,结合自身的数据治理标准和价值观形成标准合同条款,再植入不可变更原则加以固定,然后将剩余的法律关系交还当事人意思自治,成为各主权国家和地区创设标准合同制度的基本思路。形式上,标准合同既可以单独合同形式规定双方在数据跨境传输中的权利义务,也可以条款形式将其纳入跨境数据贸易的商事合同之中,使之成为主合同的一部分。内容上,标准合同通过受益第三人条款保障个人数据主体的合法权益,将相应的个人数据保护义务配置给个人数据跨境传输的境内传输方和境外接收方,此即标准合同制度的基本监管路径。本文第四章探讨各国标准合同域外适用所面临的共性问题。首先,标准合同作为限制个人数据跨境传输的监管工具,在理论层面面临监管正当性的质疑:一方面,标准合同以数据主权作为监管权力来源,但对于数据主权是否存在及其法权边界,各国并未形成共识,仍然需要在世界范围内进一步凝聚共识。另一方面,作为数字时代的生产要素,个人数据的资源属性决定其无法通过单边管制予以限制。其次,国际范围内数据保护规则体系的碎片化与价值目标的深层博弈,使得标准合同直面数据法律冲突,则从实践层面严重制约标准合同的规制效果。最后,面临标准合同域外规制的共性问题,我国应当以系统性思维破解规制障碍。对内,应立足本土完善数据主权法律体系,通过细化《个人信息保护法》配套规则、优化标准合同条款设计,增强法律制度的精准性与可操作性;对外,需以人类命运共同体理念推动国际协同,主动参与联合国、G20等多边平台规则制定,探索建立基于互惠原则的监管合作机制。本文第五章探讨个人数据跨境传输标准合同在我国的本土化现状、反思我国标准合同的监管问题及其完善建议。首先,明确当前我国存在个人数据跨境传输监管的转型需求。大数据和人工智能作为数智化革命的代表性技术,正逐步渗透各行业领域并引发数字化、智能化的全面转型。为积极防控、化解经济社会在重构产业组织、基础设施等发展范式过程中所产生的系统性风险,必须在宏观、中观和微观三个层级开展治理转型。其次,考察我国标准合同的具体规则及制度适用实践,可以总结出四个方面的监管困境:第一,个人数据保护范围的边界模糊;第二,标准合同与其他数据出境监管制度存在体系协调矛盾;第三,我国标准合同对数据处理主体的混同设计可能无法因应复杂传输场景的风险防控需求;第四,标准合同的适用规则有待进一步的解释细化。最后,因应我国标准合同制度的适用困境,应当在数据立法、监管体系、合同条款和适用规则共四个层面实现标准合同制度的本土优化。

参考文献:

一、中文类参考文献(一)著作类1.[法]德尼·西蒙:《欧盟法律体系》,王玉芳,李滨,赵海峰译,北京:北京大学出版社,2007年版。2.高富平主编:《个人数据保护和利用国际规则:源流与趋势》,北京:法律出版社,2016年版。3.郭瑜:《个人数据保护法研究》,北京:北京大学出版社,2012年版。4.谢永志:《个人数据保护法立法研究》,北京:人民法院出版社,2013年版。5.姚旭:《欧盟跨境数据流动治理:平衡自由流动与规制保护》,上海:上海人民出版社,2019年版。6.[美]路易斯·亨金:《国际法:政治与价值》,张乃根等译,北京:中国政法大学出版社,2005年版。7.赵维田:《世贸组织(WTO)的法律制度》,吉林:吉林人民出版社,2000年版。8.[英]伯纳德·霍克曼,[英]迈克尔·考斯泰基:《世界贸易体制的政治经济学》,刘平,洪晓东,许明德等译,北京:法律出版社,1999年版。9.[美]G.M.格罗斯曼,[以]E.赫尔普曼:《利益集团与贸易政策》,李增刚译,北京:中国人民大学出版社,2005年版。10.[美]杰里尔·A·罗赛蒂:《美国对外政策的政治学》,周启朋,傅耀祖等译,北京:世界知识出版社,1997年版。11.陈安:《国际经济法专论(上下编)》,北京:高等教育出版社,2002年版。12.余劲松主编:《中国涉外经济法律问题新探》,武汉:武汉大学出版社,1999版。13.余劲松:《国际经济交往法律问题研究》,北京:人民法院出版社,2002年版。14.卢炯星:《中国外商投资法问题研究》,北京:法律出版社,2001年版。15.陈卫东:《WTO例外条款解读》,北京:对外经济贸易大学出版社,2002年版。16.莫世健:《贸易保障措施研究》,北京:北京大学出版社,2005年版。17.王贵国主编:《区域安排法律问题研究》,北京:北京大学出版社,2004年版。18.齐爱民:《拯救信息社会中的人格:个人信息保护法总论》,北京:北京大学出版社,2009年版。19.周汉华:《中华人民共和国个人信息保护法(专家建议稿)及立法研究报告》,北京:法律出版社,2006年版。20.张才琴,齐爱民,李仪:《大数据时代个人信息开发利用法律制度研究》,北京:法律出版社,2015年版。21.齐爱民:《大数据时代个人信息保护法国际比较研究》,北京:法律出版社,2015年版。22.齐爱民:《个人资料保护法原理及其跨国流通法律问题研究》,武汉:武汉大学出版社,2004年版。23.孔令杰:《个人资料隐私的法律保护》,武汉:武汉大学出版社,2009年版。24.王利明:《人格权法》,北京:中国人民大学出版社,2009年版。25.[德]克里斯托弗·库勒:《欧洲数据保护法:公司遵守与管制(第二版)》旷野,杨会永等译,北京:法律出版社,2008年版。26.陈飞等译:《个人数据保护:欧盟指令及成员国法律、经合组织指导方针》,张新宝校译,北京:法律出版社,2006年版。(二)论文类1.金晶:“欧盟的规则,全球的标准?数据跨境流动监管的‘逐顶竞争’”,《中外法学》,2023年第1期。2.刘新刚:“国家治理中的‘工具理性主义’谜题及其解答”,《中国社会科学》,2023年第6期。3.姚佳:“论个人信息处理者的民事责任”,《清华法学》,2021年第3期。4.田新月:“欧盟《一般数据保护条例》新规则评析”,《武大国际法评论》,2016年第2期。5.张新宝:“从隐私到个人信息:利益再衡量的理论与制度安排”,《中国法学》,2015年第3期。6.张继红:“个人数据跨境传输限制及其解决方案”,《东方法学》,2018年第6期。7.田晓萍:“贸易壁垒视角下的欧盟《一般数据保护条例》”,《政法论丛》,2019年第4期。8.石静霞:“数字经济背景下的WTO电子商务诸边谈判:最新发展及焦点问题”,《东方法学》,2020年第2期。9.周念利,陈寰琦,王涛:“特朗普任内中美关于数字贸易治理的主要分歧研究”,《世界经济研究》,2018年第10期。10.黄宁,李杨:“‘三难选择’下跨境数据流动规制的演进与成因”,《清华大学学报(哲学社会科学版)》2017年第5期。11.陈咏梅,张娇:“跨境数据流动国际规制新发展:困境与前路”,《上海对外经贸大学学报》,2017年第6期,12.张金平:“跨境数据转移的国际规制及中国法律的应对——兼评我国《网络安全法》上的跨境数据转移限制规则”,《政治与法律》,2016年第12期。13.刘碧琦:“美欧《隐私盾协议》评析”,《国际法研究》,2016年第6期。14.程卫东:“跨境数据流动的法律监管”,《政治与法律》,1998年第3期。15.张新宝:“中国个人数据保护立法的现状与展望”,《中国法律(中英文版)》,2007年第3期。16.王利明:“隐私权概念的再界定”,《法学家》,2012年第1期。17.陈咏梅:“美国FTA范式探略”,《现代法学》,2012年第5期。18.曾丽洁:“欧洲企业对跨境流通数据资讯隐私权保护的自律模式”,《武汉交通职业学院学报》,2012年第4期。19.曹磊:“网络空间的数据权研究”,《国际观察》,2013年第1期。20.徐磊,董鹂馥:“大数据时代下我国跨境商业个人数据隐私保护探讨”,《当代经济管理》,2014年11期。21.沈国麟:“大数据时代的数据主权和国家数据战略”,《南京社会科学》,2014年06期。22.沈逸:“后斯诺登时代的全球网络空间治理”,《世界经济与政治》,2014年第5期。23.张晓君:“网络空间国际治理的困境与出路——基于全球混合场域治理机制之构建”,《法学评论》,2015年第4期。24.刘建华:“美国国家安全体制改革:历程、动力与特征”,《美国研究》,2015年第2期。25.弓永钦,王健:“APEC与欧盟个人数据跨境流动规则的研究”,《亚太经济》,2015年第5期。26.孙南翔,张晓君:“论数据主权——基于虚拟空间博弈与合作的考察”,《太平洋学报》,2015年第2期。27.齐爱民,祝高峰:“论国家数据主权制度的确立与完善”,《苏州大学学报(哲学)社会科学版》,2016年第5期。28.谢永江,朱琳,尚洁:“欧美隐私盾协议及其对我国的启示”,《北京邮电大学学报(社会科学版)》,2016年第6期。29.王楠:“个人信息跨境转移的法律保护——以公司隐私规则为视角”,《重庆工商大学学报(社会科学版)》,2016年第1期。30.刘耀华,石月:“欧美‘隐私盾’协议及对我国网络数据保护的启示”,《现代电信科技》,2016年第5期,31.李思羽:“数据跨境流动规制的演进与对策”,《信息安全与通信保密》,2016年第1期。32.韩静雅:“跨境数据流动国际规制的焦点问题分析”,《河北法学》,2016年第10期。33.陈活,廖璇:“美欧用户信息跨境流动政策走向预判”,《电信网技术》,2016年第2期。34.弓永钦,王健:“个人数据跨境流动立法对我国数据外包业务的影响”,《国际经济合作》,2016年第4期。35.胡炜:“跨境数据流动的国际法挑战及中国应对”,《社会科学家》,2017年第11期。36.曹杰,王晶:“跨境数据流动规则分析——以欧美隐私盾协议为视角”,《国际经贸探索》,2017年第4期。37.胡炜:“跨境数据流动立法的价值取向与我国选择”,《社会科学》,2018年第4期。38.周念利,李玉昊,刘东:“多边数字贸易规制的发展趋向探究——基于WTO主要成员的最新提案”,《亚太经济》,2018年第2期。39.张舵:“略论个人数据跨境流动的法律标准”,《中国政法大学学报》,2018年第3期。40.石静霞,张舵:“跨境数据流动规制的国家安全问题”,《广西社会科学》,2018年第8期。41.刘泽刚:“欧盟个人数据保护的‘后隐私权’变革”,《华东政法大学学报》,2018年第4期。42.冯洋:“论个人数据保护全球规则的形成路径——以欧盟充分保护原则为中心的探讨”,《浙江学刊》,2018年第4期。43.吴沈括,霍文新:“欧盟数据治理新指向:《非个人数据自由流动框架条例》(提案)研究”,《网络空间安全》,018年第3期。44.周念利,陈寰琦:“数字贸易规则‘欧式模板’的典型特征及发展趋向”,《国际经贸探索》,2018年第3期.45.许多奇:“个人数据跨境流动规制的国际格局及中国应对”,《法学论坛》,2018年第3期。46.刘维:“跨境数据流动监管措施在GATS下的合规性分析”,《理论月刊》,2018年第3期。47.张衠:“跨境数据流动的国际形势和中国路径”,《信息安全与通信保密》,2018年第12期。48.高媛,王涛:“TISA框架下数字贸易谈判的焦点争议及发展趋向研判”,《国际商务(对外经济贸易大学学报)》,2018年第1期。49.张舵:“刍议跨境数据流动的公共利益保护”,《河北法学》,2018年第5期。50.沈逸,姚旭:“大国战略互信与跨境数据流动管理新模式探索:以‘数据主权’为核心推进网络安全战略建设”,《信息安全与通信保密》,2018年第12期。51.邓崧,字学凤:“PISEL博弈模型分析框架下的中美跨境数据流动研究”,《情报杂志》,2020年第1期。52.陈寰琦,周念利:“从USMCA看美国数字贸易规则核心诉求及与中国的分歧”,《国际经贸探索》,2019年第6期。53.项炎,陈曦:“大数据时代美国信息隐私权客体之革新——以宪法判例为考察对象”,《河北法学》,2019年第11期。54.赵骏,向丽:“跨境电子商务建设视角下个人信息跨境流动的隐私权保护研究”,《浙江大学学报(人文社会科学版)》,2019年第2期。55.夏燕,沈天月:“美国CLOUD法案的实践及其启示”,《中国社会科学院研究生院学报》,2019年第5期。56.张生:“美国跨境数据流动的国际法制路径与中国的因应”,《经贸法律评论》,2019年第5期。57.李艳华:“全球跨境数据流动的规制路径与中国抉择”,《时代法学》,2019年第5期。58.王娟娟,宋恺:“数据跨境流动的风险分析及对策建议”,《信息通信技术与政策》,2019年第7期。59.孙益武:“数字贸易与壁垒:文本解读与规则评析——以USMCA为对象”,《上海对外经贸大学学报》,2019年第6期。60.茶洪旺,付伟博,郑婷婷:“数据跨境流动政策的国际比较与反思”,《电子政务》,2019年第5期。61.李娜,沈四宝:“数字化时代跨境数据流动与国际贸易的法律治理”,《西北工业大学学报(社会科学版)》,2019年第1期。62.董瑞玲:“数字贸易国际规则的分歧及中国的应对”,《对外经贸实务》,2019年第6期。63.陈红娜:“数字贸易中的跨境数据流动问题研究”,《发展研究》,2019年第4期。64.王勇:“我国首部涉及数据跨境流动地方法规评析”,《检察风云》,2019年第22期。65.张茉楠,周念利:“中美数字贸易博弈及我国对策”,《宏观经济管理》,2019年第7期。66.方芳:“欧盟个人数据跨境流动政策的演变:市场统一与贸易规范”,《复旦国际关系评论》,2019年第24辑。67.黄海瑛,何梦婷:“基于CLOUD法案的美国数据主权战略解读”,《信息资源管理学报》,2019年第2期。68.钟英通:“WTO改革视角下的诸边协定及其功能定位”,《武大国际法评论》,2019年第1期。69.徐金海,周蓉蓉:“数字贸易规则制定:发展趋势、国际经验与政策建议”,《国际贸易》,2019年第6期。70.彭岳:“贸易规制视域下数据隐私保护的冲突与解决”,《比较法研究》,2019年第4期。71.叶开儒:“数据跨境流动规制中的‘长臂管辖’——对欧盟GDPR的原旨主义考察”,《法学评论》,2020年第1期。二、外文类参考文献(一)著作类1.Alan Watson, Legal Transplants:An Approach to Comparative Law, Athens: University of Georgia Press, 1993.2.Lee Andrew Bygrave, Data Privacy Law: An International Perspective, Oxford University Press, 2014.3.Daniel J. Solove, Paul M. Schwartz, Information Privacy Law, Aspen Publishing, 2024.4.Anu Bradford, The Brussels Effect: How the European Union Rules the World, Oxford University Press, 2020.5.Gloria González Fuster, The Emergence of Personal Data Protection as a Fundamental Right of the EU, Springer, 2014.6.Hielke Hijmans, The European Union as Guardian of Internet Privacy: The Story of Art 16 TFEU, Springer, 2016.7.Orla Lynskey, The Foundations of EU Data Protection Law, Oxford University Press, 2015.8.Christopher Kuner, Transborder Data Flows and Data Privacy Law, Oxford University Press, 2013.9.Steve Peers, Tamara Hervey, Jeff Kenner et al., The EU Charter of Fundamental Rights: A Commentary, Bloomsbury Publishing, 2014.10.Paul Craig, Grainne de Burca, EU Law: Text, Cases, and Materials, Oxford University Press, 2011.11.Anne-Marie Slaughter, A New World Order, Princeton University Press, 2005.12.Alan Charles Raul, The Privacy, Data Protection and Cybersecurity Law Review, Law Business Research Ltd, 2015.13.Cristina Casagran, Global Data Protection in the Field of Law Enforcement: An EU Perspective, Routledge, 2016.14.Federico Fabbrini, Fundamental Rights in Europe:Challenges and Transformations in Comparative Perspective, Oxford University Press, 2014.15.Raymond Wacks, Personal Information: Privacy and the law, Clarendon Press, 1989.16.Alec Stone Sweet, Governing with Judges: Constitutional Politics in Europe, Oxford University Press, 2000.17.Christopher Kuner, European Data Protection Law: Corporate Compliance and Regulation, Oxford University Press, 2007.18.Yuko Suda, The Politics of Data Transfer: Transatlantic Conflict and Cooperation over Data Privacy, Routledge, 2018.19.Jean-Claude Piris, The Lisbon Treaty: A Legal and Political Analysis, Cambridge University Press, 2012.20.Paul Voigt, Axel con dem Bussche, The EU General Data Protection Regulation: A Practical Guide, Springer, 2017.21.Christian Kaunert, Kamil Zvorsky, The EU as a Global Security Act: A Comprehensive Analysis beyond CFSP and JHA, Palgrave Macmillan, 2013.22.Christopher Kuner, Lee Andrew Bygrave, Christopher Docksey et al., 2018 Draft Commentaries on 10 GDPR Articles (from Commentary on the EU General Data Protection Regulation, Oxford University Press, 2018.23.Wyn Rees, The US-EU Security Relationship: The Tensions between a European and a Global Agenda, Bloomsbury Publishing, 2011. (二)论文类1.David Vogel, “Trading up and Governing Across: Transnational Governance and Environmental Protection,” Journal of European Public Policy, Vol.4, 1997.2.Ian Manners, “The Normative Ethics of the European Union,” International Affairs, Vol.84, 2008.3.Anu Bradford, “The Brussels Effect,” Northwestern University Law Review, Vol.107, 2012.4.Anu Bradford, “Exporting Standards:The Externalization of the EU’s Regulatory Power via Markets,” International Review of Law and Economics, Vol.42, 2015.5.Joshua Paul Meltzer, “The Internet, Cross-Border Data Flows and International Trade,” Asia & the Pacific Policy Studies, Vol.2, 2014.6.Lina Jasmontaite, Valerie Verdoodt, “Accountability in the EU Data Protection Reform: Balancing Citizens’ and Business’ Rights,” in David Aspinall, Jan Camenisch, Marit Hansen et al., Privacy and Identity Management: Time for a Revolution? Springer cham, 2016.7.Usman Ahmed, Anupam Chander, “Information Goes Global: Protecting Privacy, Security, and the New Economy in a World of Cross-border Data Flows,” an article in International Centre for Trade and Sustainable Development and World Economic Forum, Geneva, November 2015.8.Gregory Shaffer, “Alternatives for Regulatory Governance under TTIP: Building from the Past,” Columbia Journal of European Law, Vol.22, 2016.9.Susan Aaronson, “Why Trade Agreements are not Setting Information Free: The Lost History and Reinvigorated Debate over Cross-Border Data Flows,” World Trade Review, Vol.14, 2015.10.Fred H. Cate, Christopher Kuner, Dan Jerker B. Svantesson, et al., “The Language of Data Privacy Law (and How It Differs from Reality),” International Data Privacy Law, Vol. 6, 2016.11.Dan Jerker B. Svantesson, “The Regulation of Cross-border Data Flows,” International Data Privacy Law, Vol.1, 2011.12.Hielke Hijmans, “The Transatlantic Trade and Investment Partnership and the Developments in the Area of Privacy and Data Protection,” Legal Issues of Economic Integration, Vol.43, 2016.13.Shelby L. Wallace, “Rethinking Data Security: The Differences between the European Union and the United States’ Approach to Data Security and Building Transnational Standards with Transparency and Uniformity,” Wisconsin International Law Journal, Vol.34, 2016.14.Christopher Wolf, “Delusions of Adequacy? Examining the Case for Finding the United States Adequate for Cross-Border EU-U.S. Data Transfers,” Washington University Journal of Law &Policy, Vol.43, 2013.15.John Bowman, Myriam Gufflet, “Meeting the Challenge of a Global GDPR and BCR Programme,” European Data Protection Law Review, Vol.3, 2017.16.Bianka Maksó, “Exporting the Policy: International Data Transfer and the Role of Binding Corporate Rules for Ensuring Adequate Safeguards,” Pécs Journal of International and European Law, Vol.2016, 2016.17.Lindsey Barrett, “Confiding in Con Men: U.S. Privacy Law, the GDPR, and Information Fiduciaries,” Seattle University Law Review, Vol.42, 2019.18.Nora Ni Loideain, “The End of Safe Harbor: Implications for EU Digital Privacy and Data Protection Law,” Journal of Internet Law, Vol.19, 2016.19.Dena Dervanović, “Safe Harbor No More: Impact of the Schrems Case on EU-U.S. Personal Data Transfers,” Lund University, Master Thesis, 2016.20.Andrew D. Mitchell, Jarrod Hepburn, “Don't Fence Me in: Reforming Trade and Investment Law to Better Facilitate Cross-Border Data Transfer,” Yale Journal of Law and Technology, Vol.19, 2017.21.Andrew D. Mitchell, Neha Mishra, “Data at the Docks: Modernizing International Trade Law for the Digital Economy,” Vanderbilt Journal of Entertainment &Technology Law, Vol.20, 2018.22.Graham Greenleaf, “The Influence of European Data Privacy Standards Outside Europe: Implications for Globalization of Convention 108,” International Data Privacy Law, Vol.2, 2012.23.Ira C. Magaziner, Ann Grier Cutter, Len A. Costa, “The Framework for Global Electronic Commerce: A Policy Perspective,” Journal of International Affairs, Vol.51, 1998.24.Steven C. Bennett, “The ‘Right to Be Forgotten’: Reconciling EU and US Perspective,” Berkeley Journal of International Law, Vol.30, 2012.25.Henry N. Butler, Joshua D. Wright, “Are State Consumer Protection Acts Really Little-FTC Acts?” Northwestern University School of Law, Vol.63, 2011.26.Daniel J. Solove, “A Brief History of Information Privacy Law,” Proskauer on Privacy, Vol.15,2006.27.Neil M. Richards, “The Limits of Tort Privacy,” Journal on Telecommunications & High Technology Law, Vol.9, 2011.28.James Q. Whitman, “The Two Western Cultures of Privacy: Dignity Versus Liberty,” The Yale Law Journal, Vol.113, 2004.29.Paul M. Schwartz, Daniel J. Solove, “Reconciling Personal Information in the United States and European Union,” California Law Review, Vol.102, 2014.30.Jonathan P. Cody, “Protecting Privacy Over the Internet: Has the Time Come to Abandon Self-Regulation?” Catholic University Law Review, Vol.48, 1999.31.James M. Assey Jr., Demetrios A. Eleftheriou, “The EU-U.S. Privacy Safe Harbor: Smooth Sailing or Troubled Waters?” Catholic University Law Review, Vol. 9, 2001.32.Paul De Hert, “From the Principle of Accountability to System Responsibility – Key Concepts in Data Protection Law and Human Rights Law Discussions,” an article in International Data Protection Conference, Hungarian, 2011.33.Chuan Sun, “The European Union Privacy Directive and Its Impact on the U.S. Privacy Protection Policy: A Year 2003 Perspective,” Northwestern Journal of Technology and Intellectual Property, Vol.2, 2003.34.Frank I. Michelman, “The State Action Doctrine”, in Vikram David Amar, Mark V. Tushnet, ed., Global Perspectives on Constitutional Law, Oxford University Press, 2009.35.Shaun G. Jamison, “Creating a National Data Privacy Law for the United States,” Cybaris, Vol.10, 2019.36.Stuart L. Pardau, “The California Consumer Privacy Act: Towards a European-Style Privacy Regime in the United States,” Journal of Technology Law &Policy, Vol.23, 2018.37.Paul Roth, “Adequate Level of Data Protection in Third Countries Post-Schrems and under the General Data Protection Regulation,” Journal of Law, Information and Science, Vol.25, 2017.38.Ivan Sarafanov, Bai Shuqiang, “A Study on the Cooperation Mechanism on Digital Trade within the WTO Framework: Based on an Analysis on the Status and Barriers to Digital Trade,” Journal of WTO and China, Vol.7, 2017.39.Ariel E. Wade, “A New Age of Privacy Protection: A Proposal for an International Personal Data Privacy Treaty,” George Washington International Law Review, Vol.42, 2010.40.Ross Buckley, Ignacio Mas, “Coming of Age of Digital Payments as a Field of Expertise,” Journal of Law, Technology & Policy, Vol.2016, 2016.41.Shakila Bu-Pasha, “Cross-border Issues under EU Data Protection Law with Regards to Personal Data Protection,” Information & Communications Technology Law, Vol.26, 2017.42.Alan Butler, “United States of America: Whither Privacy Shield in the Trump Era,” European Data Protection Law Review, Vol.3, 2017.43.Svetlana Yakovleva, Kristina Irion, “The Best of Both Worlds? Free Trade in Services, and EU Law on Privacy and Data Protection,” European Data Protection Law Review, Vol.2, 2016.44.Henry Gao, “Digital or Trade? The Contrasting Approaches of China and US to Digital Trade,” Journal of International Economic Law, Vol.21, 2018. 45.Emily Linn, “A Look into the Data Privacy Crystal Ball: A Survey of Possible Outcomes for the EU-U.S. Privacy Shield Agreement,” Vanderbilt Journal of Transnational Law, Vol.50, 2017.46.Federico Fabbrini, “Human Rights in the Digital Age: The European Court of Justice Ruling in the Data Retention Case and its Lessons for Privacy and Surveillance in the U.S.,” Harvard Human Rights Journal, Vol.28, 2015.47.Francesca Bignami, Giorgio Resta, “Transatlantic Privacy Regulation: Conflict and Cooperation,” Law and Contemporary Problems, Vol.78, 2015.48.W.G. Voss, “European Union Data Privacy Law Reform: General Data Protection Regulation, Privacy Shield, and the Right to Delisting,” The Business Lawyer, Vol.72, 2016.49.Joshua P. Meltzer, “Governing Digital Trade,” World Trade Review, Vol.18, 2019. 50.Margaret Byrne Sedgewick, “Transborder Data Privacy as Trade,” California Law Review, Vol.105, 2017.51.Mira Burri, “The Governance of Data and Data Flows in Trade Agreements: The Pitfalls of Legal Adaptation,” University of California, Davis Law Review, Vol.51, 2017.52.Mira Burri, “The Regulation of Data Flows through Trade Agreements,” Georgetown Journal of International Law, Vol.48, 2017.53.Patrick Troy Hatfield, “The Great Divide: Recent Trends Could Help Bridge the US EU Data Privacy Gap,” Seattle Journal for Social Justice, Vol.14, 2015. 54.Bernhold Nieuwesteeg, “Quantifying Key Characteristics of 71 Data Protection Laws,” Journal of Intellectual Property, Information Technology and E-Commerce Law, Vol.7, 2016.55.GAO, Henry, “Regulation of Digital Trade in US Free Trade Agreements: From Trade Regulation to Digital Regulation,” Legal Issues of Economic Integration, Vol.45, 2018.56.Graham Greenleaf, “Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories,” Journal of Law, Information and Science, Vol.23, 2014.57.Omer Tene, “Privacy Law's Midlife Crisis: A Critical Assessment of the Second Wave of Global Privacy Laws,” Ohio State Law Journal, Vol.74, 2013. 58.Paul M. Schwartz, “The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures,” Harvard Law Review, Vol.126, 2013. 59.Beata A. Safari, “Intangible Privacy Rights: How Europe's GDPR Will Set a New Global Standard for Personal Data Protection,” Seton Hall Law Review, Vol.47, 2017.60.Christopher Kuner, “Reality and Illusion in EU Data Transfer Regulation Post Schrems,” German Law Journal, Vol.18, 2017.61.Shawn Marie Boyne, “Data Protection in the United States,” The American Journal of Comparative Law, Vol.66, 2018.62.Lothar Determann, “Adequacy of data protection in the USA: myths and facts,” International Data Privacy Law, Vol.6, 2016.63.Jules Polonetsky, Omer Tene, “Privacy and Big Data: Making Ends Meet,” Stanford Law Review Online, Vol.66, 2013.64.Kenneth A. Bamberger, Deirdre K. Mulligan, “Privacy in Europe: Initial Data on Governance Choices and Corporate Practices,” The George Washington Law Review, Vol.81, 2013.65.Paul M. Schwartz, Karl-Nikolaus Peifer, “Transatlantic Data Privacy Law,” The Georgetown Law Journal, Vol.106, 2017.66.Foivi Mouzakiti, “Transborder Data Flows 2.0: Mending the Holes of the Data Protection Directive,” European Data Protection Law Review, Vol.1, 2015. 67.Samantha Cutler, “The Face-off Between Data Privacy and Discovery: Why U.S. Courts Should Respect EU Data Privacy Law When Considering the Production of Protected Information,” Boston College Law Review, Vol.59, 2018.68.Sergio Carrera, Elspeth Guild, “The End of Safe Harbor: What Future for EU-US Data Transfers,” Maastricht Journal of European and Comparative Law, Vol.22, 2015.69.Brittany May Johnson, “Foreign Nationals' Privacy Interests under U.S. Foreign Intelligence Law,” Texas International Law Journal, Vol.51, 2016.70.Carolyn Hoang, “In the Middle: Creating a Middle Road between U.S. and EU Data Protection Policies,” Journal of the National Association of Administrative Law Judiciary, Vol.32, 2012.71.Paul M. Schwartz, “Global Data Privacy: The EU Way,” New York University Law Review, Vol.94, 2019.72.Michael Nesheiwat, “Doing Business Abroad? Brexit and Its Implications On Your Data Practices,” Thomson Reuters’s Westlaw Journal, Vol.34, 2016.73.Marc Rotenberg, “Forword-Privacy and Secrecy After September 11,” Minnesota Law Review, Vol.86, 2002.74.Andrew L. Porter, Annegret Bendiek, “Counterterrorism Cooperation in the Transatlantic Security Community,” European Security, Vol.21, 2012.75.Xiana Barros, “The External Dimension of EU Counter-terrorism: The Challenges of the European Parliament in front of the European Court of Justice,” European Security, Vol.21, 2012.76.Adamantia Rachovitsa, “Engineering and Lawyering Privacy by Design: Understanding Online Privacy Both as a Technical and an International Human Rights Issue,” International Journal of Law and Information Technology, Vol.24, 2016.77.W. Kuan Hon, Christopher Millard, “Data Export in Cloud Computing: How can Personal Data be Transferred outside the Eea? The Cloud of Unknowing, Part 4,” A Journal of Law, Technology & Society, Vol.25, 2011.78.Christopher Kuner, Fred H. Cate, Christopher Millard et al., “The Extraterritoriality of Data Privacy Laws: An Explosive Issue Yet to Detonate,” International Data Privacy Law, Vol.3, 2013.79.Andra Giurgiu, Gertjan Boulet, Paul De Hert, “EU's one-stop-shop mechanism: Thinking transnational,” Privacy Laws & Business, No.137, 2015.80.Jacob W. S. Schneider, “Preventing Data Breaches: Alternative Approaches to Deter Negligent Handling of Consumer Data,” Boston University Journal of Science and Technology Law, Vol.15, 2009.81.Danielle Keats Citron, Daniel Solove, “Risk and Anxiety: A Theory of Data Breach Harms,” Texas Law Review, Vol.96, 2018.82.Ryan Goodman, Derek Jinks, “How to Influence States: Socialization and International Human Rights Law,” Duke Law Journal, Vol.54, 2004.83.loanna Tourkochoriti, “The Snowden Revelations, the Transatlantic Trade and Investment Partnership and the Divide Between U.S.-EU. in Data Privacy Protection,” University of Arkansas at Little Rock Law Review, Vol.36, 2014.84.Jasmine McNealy, Angelyn Flowers, “Privacy Law and Regulation: Technologies, Implications, and Solutions,” in Sherali Zeadally, Mohamad Badra, Privacy in a Digital, Networked World, Springer, 2015.85.Alex Mackenzie, “The External Dimension of European Homeland Security,” in Christian Kaunert, Sarah Léonard, Patryk Pawlak, European Homeland Security: A European Strategy in the Making? Routledge, 2013.86.Thomas J. Smedinghoff, “Defining the Legal Standard for Information Security,” in Anupam Chander, Lauren Gelman, Margaret Jane Radin ed., Security Privacy in the Internet Age, Stanford University Press, 2008.87.Paul M. Schwartz and Daniel J. Solove, “The PII Problem: Privacy and a New Concept of Personally Identifiable Information,” New York University Law Review, Vol.86, 2011.88.Stanislav Mamonova, Tamilla Mavlanova Triantoro, “The Strategic Value of Data Resources in Emergent Industries,” International Journal of Information Management, Vol.39, 2018.89.Ira S. Rubinstein, Nathaniel Good, “Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents,” Berkeley Technology Law Journal, Vol.28, 2013.90.Eoin Carolan, Rosario Castillo-Mayen, “Why More User Control does not Mean More User Privacy: An Empirical (and Counter-Intuitive) Assessment of European E-Privacy Laws,” Virginia Journal of Law &Technology, Vol.19, 2015.91.David Cole, Federico Fabbrini, “Bridging the Transatlantic Divide? The United States, the European Union, and the Protection of Privacy across Borders,” International Journal of Constitutional Law, Vol.14, 2016.92.M.C. Compagnucci, Mateo Aboy, Timo Minssen, “Cross-Border Transfers of Personal Data after Schrems II: Supplementary Measures and New Standard Contractual Clauses (SCCs),” Nordic Journal of European Law, Vol.4, 2021.93.Anupam Chander, “Is Data Localization a Solution for Schrems II?” Journal of International Economic Law, Vol.23, 2020.(三)报告类1.Casalini F. & J. López González, “Trade and Cross-Border Data Flows,” OECD Trade Policy Papers, No.220, OECD Publishing, 2019.2.Christopher Kuner, “Regulation of Transborder Data Flows under Data Protection and Privacy Law, Past, Present and Future,” OECD Digital economy papers, NO.187, OECD Publishing, 2011.3.United Nations Conference on Trade and Development, Data Protection Regulations and International Data Flows: Implications for Trade and Development, April 2016.4.María Vasquez Callo-Müller, “GDPR and CBPR: Reconciling Personal Data Protection and Trade,” APEC Policy Support Unit, Policy Brief No.23, October 2018.5.Stephen P. Mulligan, Wilson C. Freeman, Chris D. Linebaugh, “Data Protection Law: An Overview,” Congressional Research Service Report, 25 March, 2019.6.Rachel F. Fefer, “Data Flows, Online Privacy, and Trade Policy,” Congressional Research Service Report, March 11, 2019.7.Shayerah Ilias Akhtar, Vivian C. Jones, “Transatlantic Trade and Investment Partnership (T-TIP): A Brief,” Congressional Research Service Report, June 11, 2014.8.Martin A. Weiss, Kristin Archick, “U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield,” Congressional Research Service, February 12, 2016.9.Susan Ariel Aaronson, “The Digital Trade Imbalance and Its Implications for Internet Governance,” the Centre for International Governance Innovation and Chatham House, January 2016. 10.Rachel F. Fefer, Kristin Archick, “EU Data Protection Rules and U.S. Implications,” Congressional Research Service, February 7, 2019.11.A comparison between US and EU Data Protection Legislation for Law Enforcement, PE.536.459, 2015.12.The US Legal System on Data Protection in the Field of Law Enforcement, Safeguards, Rights and Remedies for EU Citizens, PE 519.215, 2015.

学科:

国际法学

提交日期

2025-07-01

引用参考

毛杰. 个人数据跨境传输标准合同研究[D]. 西南政法大学,2025.

全文附件授权许可

知识共享许可协议-署名

  • dc.title
  • 个人数据跨境传输标准合同研究
  • dc.title
  • Study on the Standard Contractual Clauses of Personal Information Cross-border Transfer
  • dc.contributor.schoolno
  • B2021030109099
  • dc.contributor.author
  • 毛杰
  • dc.contributor.affiliation
  • 国际法学院
  • dc.contributor.degree
  • 博士
  • dc.contributor.childdegree
  • 法学博士学位
  • dc.contributor.degreeConferringInstitution
  • 西南政法大学
  • dc.identifier.year
  • 2025
  • dc.contributor.direction
  • 国际法
  • dc.contributor.advisor
  • 张春良
  • dc.contributor.advisorAffiliation
  • 国际法学院
  • dc.language.iso
  • 中文
  • dc.subject
  • 个人数据,数据跨境传输,标准合同,数据安全,数字法治
  • dc.subject
  • Personal data; Cross-border transmission of data; Standard contract; Data security; Digital rule of law
  • dc.description.abstract
  • 数据跨境传输监管的制度完善是当前我国数据法治领域中毋庸置疑的重点课题。作为推动我国数据保护法律法规域外适用、展现涉外法治价值的核心机制,跨境传输监管制度是数据法治的重点和难点。身处数字经济的全球化浪潮中,个人数据跨境传输已成为支撑国际贸易、科技创新与社会治理的基础性活动。因此,数据跨境传输监管需要在安全保障、自由流动与治理自主权之间作出价值抉择。主权国家对于数据跨境传输监管的价值抉择并非一劳永逸,而是需要基于特定阶段的治理需求作出相应的调整。对我国而言,数据跨境传输监管需要平衡安全与发展需求,国家安全是不可动摇的绝对底线,跨境传输的适度开放则是建构高水平对外开放格局的必然要求。2024年3月,国家互联网信息办公室发布《促进和规范数据跨境流动规定》,对数据出境安全评估、个人信息出境标准合同、个人信息保护认证等数据跨境传输监管制度的运行规则作了系统性修订,明确了“促进数据依法有序自由流动”的数据跨境传输治理原则,标志着我国数据跨境传输监管制度已从初始构建阶段迈向规范化、体系化的新发展阶段。然而,制度规则的更新迭代只是数据法律治理优化的浅层表征。从长远来看,我国数据跨境传输监管制度的完善仍然亟待学理层面的深入研究和理论支撑。基此,针对个人数据跨境传输标准合同的制度研究、规则解释正当其时。通过个人数据跨境传输标准合同监管域内个人数据的跨境传输活动并非我国个人数据保护的制度创新,而是欧盟数据保护法律演进过程中的经验产物。我国标准合同对跨境传输行为的监管源自于《个人信息保护法》第38条的授权。2023年,国家互联网信息办公室公布《个人信息出境标准合同办法》及其附件《个人信息出境标准合同》,正式明确了中国版个人数据跨境传输标准合同的条款内容。作为我国数据保护法律制度的新成员,标准合同既是我国数据跨境传输监管的制度构成,也是我国个人数据保护法律法规域外适用的法律工具。本文以我国个人数据跨境传输标准合同为研究对象,意在厘清、解释标准合同机制的制定依据、监管目标、法律效力、价值选择以及未来的发展趋势。有鉴于此,本文分为五个部分,分别追溯个人数据跨境传输标准合同的制度缘起及其演进,剖析标准合同的理论基础,解读标准合同的条款构造,总结标准合同在域外适用过程中面临的一般共性问题并给出中国应对,最后结合中国数据跨境传输标准合同的现状,反思标准合同在本土化过程中所存在中国个性问题,探寻我国个人数据跨境传输标准合同的完善建议,为实现“数字中国”战略目标夯实基础。本文第一章探讨个人数据跨境传输标准合同的制度缘起。标准合同是个人数据跨境传输的监管工具,是个人数据保护国别规范的对外延伸,其制度演进过程折射出个人数据保护国际法治的发展轨迹。欧盟是个人数据跨境传输标准合同制度的首创者,欧盟标准合同也是世界范围内最具影响力的制度模板。中国、英国、东盟等国家和地区的标准合同设计均在不同程度上受到欧盟标准合同的影响。由于数据治理规范的不断更新,欧盟标准合同经历了多次迭代,反映了不同时期个人数据跨境传输监管的价值选择。因此,第一章将以欧盟标准合同的演进过程为样本研究对象,着力追溯欧盟标准合同作为个人数据跨境传输监管工具的制度渊源,了解其在欧盟数据法治框架下承担的法治使命和实践过程中所遭遇的应用困境,有助于总结标准合同规制个人数据跨境传输的相关经验,为下文的深入探讨和未来的完善策略积累经验。本文第二章探讨个人数据跨境传输标准合同的理论基础。本章的研究可分为以下三个层次:第一,明确个人数据跨境传输标准合同的调整对象。目前国内外对标准合同的调整对象存在普遍共识,即以个人数据跨境传输活动为监管对象。个人数据是标准合同适用的核心概念,因此需要明确个人数据的范围内涵,尤其需要厘清数据、个人信息、个人数据等同类概念混用所造成的调整对象模糊问题。第二,明确标准合同的适用场景,即数据跨境。第三,揭示我国标准合同在数据跨境传输监管体系中的制度定位,明确我国引进标准合同的治理预期。我国的数据跨境传输监管遵循分类分级监管的基本思路,标准合同与网络安全审查、出境安全评估、认证制度共同组成我国数据跨境传输的监管框架。我国标准合同秉承了防控数据跨境传输风险的基本立场,通过将国家安全和个人数据保护的公法管制目标转化为自治框架下的格式条款,在数据跨境传输分类分级监管框架中承担着底线监管的制度功能。本文第三章探讨个人数据跨境传输标准合同的条款设计。各个国家和地区关于标准合同条款的立法设计,既有功能共识,也有制度分歧。参照部门法典总则编“提取公约数”的设计思路,在分析个人数据权利性质、归纳个人数据跨境传输活动中的典型风险的基础上,总结并提取个人数据跨境传输活动中典型权利义务类型,结合自身的数据治理标准和价值观形成标准合同条款,再植入不可变更原则加以固定,然后将剩余的法律关系交还当事人意思自治,成为各主权国家和地区创设标准合同制度的基本思路。形式上,标准合同既可以单独合同形式规定双方在数据跨境传输中的权利义务,也可以条款形式将其纳入跨境数据贸易的商事合同之中,使之成为主合同的一部分。内容上,标准合同通过受益第三人条款保障个人数据主体的合法权益,将相应的个人数据保护义务配置给个人数据跨境传输的境内传输方和境外接收方,此即标准合同制度的基本监管路径。本文第四章探讨各国标准合同域外适用所面临的共性问题。首先,标准合同作为限制个人数据跨境传输的监管工具,在理论层面面临监管正当性的质疑:一方面,标准合同以数据主权作为监管权力来源,但对于数据主权是否存在及其法权边界,各国并未形成共识,仍然需要在世界范围内进一步凝聚共识。另一方面,作为数字时代的生产要素,个人数据的资源属性决定其无法通过单边管制予以限制。其次,国际范围内数据保护规则体系的碎片化与价值目标的深层博弈,使得标准合同直面数据法律冲突,则从实践层面严重制约标准合同的规制效果。最后,面临标准合同域外规制的共性问题,我国应当以系统性思维破解规制障碍。对内,应立足本土完善数据主权法律体系,通过细化《个人信息保护法》配套规则、优化标准合同条款设计,增强法律制度的精准性与可操作性;对外,需以人类命运共同体理念推动国际协同,主动参与联合国、G20等多边平台规则制定,探索建立基于互惠原则的监管合作机制。本文第五章探讨个人数据跨境传输标准合同在我国的本土化现状、反思我国标准合同的监管问题及其完善建议。首先,明确当前我国存在个人数据跨境传输监管的转型需求。大数据和人工智能作为数智化革命的代表性技术,正逐步渗透各行业领域并引发数字化、智能化的全面转型。为积极防控、化解经济社会在重构产业组织、基础设施等发展范式过程中所产生的系统性风险,必须在宏观、中观和微观三个层级开展治理转型。其次,考察我国标准合同的具体规则及制度适用实践,可以总结出四个方面的监管困境:第一,个人数据保护范围的边界模糊;第二,标准合同与其他数据出境监管制度存在体系协调矛盾;第三,我国标准合同对数据处理主体的混同设计可能无法因应复杂传输场景的风险防控需求;第四,标准合同的适用规则有待进一步的解释细化。最后,因应我国标准合同制度的适用困境,应当在数据立法、监管体系、合同条款和适用规则共四个层面实现标准合同制度的本土优化。
  • dc.description.abstract
  • The improvement of the regulatory system for cross-border data transmission is undoubtedly a key issue in the field of data rule of law in China today. As a core mechanism to promote the extraterritorial application of China's data protection laws and regulations and to demonstrate the value of foreign-related rule of law, the cross-border transmission regulatory system is both a focus and a challenge of data rule of law. In the wave of globalization of the digital economy, the cross-border transmission of personal data has become a fundamental activity supporting international trade, technological innovation, and social governance. Therefore, the regulation of cross-border data transmission needs to make value choices between security guarantees, free flow, and governance autonomy. The value choices of sovereign states regarding the regulation of cross-border data transmission are not permanent but need to be adjusted based on the governance needs of specific stages. For China, the regulation of cross-border data transmission needs to balance security and development needs, with national security being an unshakable absolute bottom line, while moderate openness in cross-border transmission is an inevitable requirement for constructing a high-level pattern of opening up to the outside world.In March 2024, the National Internet Information Office released the "Regulations on Promoting and Standardizing Cross-Border Data Flow," which systematically revised the operational rules for the regulatory system of cross-border data transmission, including security assessments for data exit, standard contracts for personal information exit, and personal information protection certification. It clarified the governance principle of "promoting the lawful and orderly free flow of data," marking a transition of China's cross-border data transmission regulatory system from the initial construction phase to a new development stage characterized by standardization and systematization. However, the update and iteration of institutional rules are merely a superficial representation of the optimization of data legal governance. In the long term, the improvement of China's cross-border data transmission regulatory system still urgently requires in-depth research and theoretical support at the academic level. Therefore, the institutional study and rule interpretation of standard contracts for cross-border transmission of personal data are timely.The regulation of cross-border transmission activities of personal data through standard contracts is not an institutional innovation in China's personal data protection, but rather a product of the evolutionary process of EU data protection law. The regulation of cross-border transmission behaviors in China is derived from the authorization of Article 38 of the Personal Information Protection Law. In 2023, the National Internet Information Office published the "Measures for Standard Contracts for the Outbound Transfer of Personal Information" and its annex, the "Standard Contract for the Outbound Transfer of Personal Information," which formally clarified the terms of the Chinese version of the standard contract for cross-border transmission of personal data. As a new member of China's data protection legal system, the standard contract is both a component of China's regulatory framework for cross-border data transmission and a legal tool for the extraterritorial application of China's personal data protection laws and regulations. This article focuses on the standard contract for cross-border transmission of personal data in China, aiming to clarify and explain the basis for the establishment of the standard contract mechanism, its regulatory objectives, legal effectiveness, value choices, and future development trends.In light of this, this article is divided into five parts: it traces the origins and evolution of the standard contract for cross-border transfer of personal data, analyzes the theoretical foundations of the standard contract, interprets the structure of the contract's clauses, summarizes the common issues faced during the application of the standard contract abroad and provides suggestions for China's response, and finally, in conjunction with the current situation of China's standard contract for cross-border transfer of personal data, reflects on the unique issues encountered in the localization process of the standard contract, exploring suggestions for improving China's standard contract for cross-border transfer of personal data, thereby laying a solid foundation for achieving the strategic goal of "Digital China".Chapter 1 of this article explores the institutional origins of standard contracts for the cross-border transfer of personal data. Standard contracts serve as regulatory tools for the cross-border transfer of personal data and represent an external extension of national norms for personal data protection. The evolution of this system reflects the development trajectory of international legal governance in personal data protection. The European Union is the pioneer of the standard contract system for the cross-border transfer of personal data, and its standard contracts are the most influential institutional templates worldwide. The design of standard contracts in countries and regions such as China, the United Kingdom, and ASEAN has been influenced to varying degrees by the EU's standard contracts. Due to the continuous updates in data governance norms, the EU's standard contracts have undergone multiple iterations, reflecting the value choices in the regulation of cross-border transfers of personal data at different times. Therefore, this chapter will take the evolution of the EU's standard contracts as a case study, focusing on tracing the institutional origins of the EU's standard contracts as regulatory tools for cross-border transfers of personal data, understanding the legal mission they undertake within the EU's data governance framework, and the practical challenges they encounter in application. This will help summarize the lessons learned from the regulation of cross-border transfers of personal data through standard contracts, accumulating experience for the in-depth discussion and future improvement strategies that follow.Chapter 2 of this article explores the theoretical foundation of standard contracts for the cross-border transfer of personal data. The research in this chapter can be divided into three levels: First, it clarifies the subject matter of standard contracts for the cross-border transfer of personal data. There is a general consensus both domestically and internationally that the subject matter of standard contracts pertains to the regulation of cross-border transfer activities of personal data. Personal data is the core concept applicable to standard contracts; therefore, it is necessary to define the scope and connotation of personal data, particularly to clarify the ambiguity caused by the interchangeable use of concepts such as data, personal information, and personal data. Second, it specifies the applicable scenarios for standard contracts, namely, cross-border data transfer. Third, it reveals the institutional positioning of standard contracts within China's regulatory framework for cross-border data transfer, clarifying the governance expectations associated with the introduction of standard contracts in China. China's regulation of cross-border data transfer follows a basic principle of classified and hierarchical regulation, with standard contracts, cybersecurity reviews, outbound security assessments, and certification systems collectively forming the regulatory framework for cross-border data transfer in China. Standard contracts in China adhere to the fundamental stance of preventing and controlling risks associated with cross-border data transfer by transforming the public law regulatory objectives of national security and personal data protection into standardized terms under an autonomous framework, thereby fulfilling a baseline regulatory function within the classified and hierarchical regulatory framework for cross-border data transfer.Chapter 3 of this article explores the design of clauses in standard contracts for the cross-border transfer of personal data. The legislative design of standard contract clauses varies across different countries and regions, reflecting both functional consensus and institutional divergences. Drawing on the design concept of "extracting common denominators" from the general principles of departmental codes, this chapter analyzes the nature of personal data rights and summarizes the typical risks associated with cross-border personal data transfer activities. It identifies and extracts typical types of rights and obligations in these activities, forming standard contract clauses based on its own data governance standards and values. These clauses are then embedded with the principle of immutability to ensure their stability, while the remaining legal relationships are returned to the autonomy of the parties involved. This approach serves as the fundamental idea for sovereign countries and regions to establish a standard contract system. Formally, standard contracts can either specify the rights and obligations of both parties in a separate contract for cross-border data transfer or be incorporated as clauses within commercial contracts related to cross-border data trade, thus becoming part of the main contract. Substantively, standard contracts protect the legitimate rights and interests of personal data subjects through third-party beneficiary clauses, assigning corresponding personal data protection obligations to the domestic transferor and the foreign recipient of the personal data. This constitutes the basic regulatory pathway of the standard contract system.Chapter 4 of this article explores the common issues faced by various countries regarding the extraterritorial application of standard contracts. Firstly, as a regulatory tool that restricts the cross-border transfer of personal data, standard contracts face theoretical challenges regarding the legitimacy of regulation: on one hand, standard contracts derive their regulatory power from data sovereignty, but there is no consensus among countries on the existence of data sovereignty and its legal boundaries, necessitating further global consensus. On the other hand, as a factor of production in the digital age, the resource nature of personal data determines that it cannot be restricted through unilateral regulation. Secondly, the fragmentation of data protection rule systems and the deep-seated competition of value objectives on an international scale lead standard contracts to confront legal conflicts regarding data, which severely limits the regulatory effectiveness of standard contracts from a practical perspective. Finally, in the face of common issues related to the extraterritorial regulation of standard contracts, China should adopt a systematic approach to overcome regulatory barriers. Domestically, it should focus on improving the legal system of data sovereignty by refining the supporting rules of the Personal Information Protection Law and optimizing the design of standard contract clauses to enhance the precision and operability of the legal system; internationally, it should promote international cooperation based on the concept of a community with a shared future for mankind, actively participating in the formulation of rules on multilateral platforms such as the United Nations and G20, and exploring the establishment of a regulatory cooperation mechanism based on the principle of reciprocity.Chapter 5 of this article explores the localization status of standard contracts for cross-border transmission of personal data in China, reflects on the regulatory issues surrounding these standard contracts, and offers suggestions for improvement. Firstly, it clarifies the current need for a transformation in the regulation of cross-border personal data transmission in China. Big data and artificial intelligence, as representative technologies of the digital revolution, are gradually permeating various industries and triggering a comprehensive transformation towards digitization and intelligence. To actively prevent and mitigate the systemic risks arising from the restructuring of industrial organization and infrastructure during this developmental paradigm shift, governance transformation must be conducted at the macro, meso, and micro levels. Secondly, an examination of the specific rules and practical application of standard contracts in China reveals four regulatory dilemmas: first, the boundaries of personal data protection are ambiguous; second, there are systemic coordination conflicts between standard contracts and other data export regulatory systems; third, the conflated design of data processing entities in China's standard contracts may not adequately address the risk prevention needs of complex transmission scenarios; fourth, the applicable rules of standard contracts require further clarification and refinement. Finally, in response to the applicability challenges of China's standard contract system, optimization should be achieved at four levels: data legislation, regulatory framework, contract terms, and applicable rules.
  • dc.date.issued
  • 2025-05-29
  • dc.date.oralDefense
  • 2025-05-23
  • dc.relation.citedreferences
  • 一、中文类参考文献(一)著作类1.[法]德尼·西蒙:《欧盟法律体系》,王玉芳,李滨,赵海峰译,北京:北京大学出版社,2007年版。2.高富平主编:《个人数据保护和利用国际规则:源流与趋势》,北京:法律出版社,2016年版。3.郭瑜:《个人数据保护法研究》,北京:北京大学出版社,2012年版。4.谢永志:《个人数据保护法立法研究》,北京:人民法院出版社,2013年版。5.姚旭:《欧盟跨境数据流动治理:平衡自由流动与规制保护》,上海:上海人民出版社,2019年版。6.[美]路易斯·亨金:《国际法:政治与价值》,张乃根等译,北京:中国政法大学出版社,2005年版。7.赵维田:《世贸组织(WTO)的法律制度》,吉林:吉林人民出版社,2000年版。8.[英]伯纳德·霍克曼,[英]迈克尔·考斯泰基:《世界贸易体制的政治经济学》,刘平,洪晓东,许明德等译,北京:法律出版社,1999年版。9.[美]G.M.格罗斯曼,[以]E.赫尔普曼:《利益集团与贸易政策》,李增刚译,北京:中国人民大学出版社,2005年版。10.[美]杰里尔·A·罗赛蒂:《美国对外政策的政治学》,周启朋,傅耀祖等译,北京:世界知识出版社,1997年版。11.陈安:《国际经济法专论(上下编)》,北京:高等教育出版社,2002年版。12.余劲松主编:《中国涉外经济法律问题新探》,武汉:武汉大学出版社,1999版。13.余劲松:《国际经济交往法律问题研究》,北京:人民法院出版社,2002年版。14.卢炯星:《中国外商投资法问题研究》,北京:法律出版社,2001年版。15.陈卫东:《WTO例外条款解读》,北京:对外经济贸易大学出版社,2002年版。16.莫世健:《贸易保障措施研究》,北京:北京大学出版社,2005年版。17.王贵国主编:《区域安排法律问题研究》,北京:北京大学出版社,2004年版。18.齐爱民:《拯救信息社会中的人格:个人信息保护法总论》,北京:北京大学出版社,2009年版。19.周汉华:《中华人民共和国个人信息保护法(专家建议稿)及立法研究报告》,北京:法律出版社,2006年版。20.张才琴,齐爱民,李仪:《大数据时代个人信息开发利用法律制度研究》,北京:法律出版社,2015年版。21.齐爱民:《大数据时代个人信息保护法国际比较研究》,北京:法律出版社,2015年版。22.齐爱民:《个人资料保护法原理及其跨国流通法律问题研究》,武汉:武汉大学出版社,2004年版。23.孔令杰:《个人资料隐私的法律保护》,武汉:武汉大学出版社,2009年版。24.王利明:《人格权法》,北京:中国人民大学出版社,2009年版。25.[德]克里斯托弗·库勒:《欧洲数据保护法:公司遵守与管制(第二版)》旷野,杨会永等译,北京:法律出版社,2008年版。26.陈飞等译:《个人数据保护:欧盟指令及成员国法律、经合组织指导方针》,张新宝校译,北京:法律出版社,2006年版。(二)论文类1.金晶:“欧盟的规则,全球的标准?数据跨境流动监管的‘逐顶竞争’”,《中外法学》,2023年第1期。2.刘新刚:“国家治理中的‘工具理性主义’谜题及其解答”,《中国社会科学》,2023年第6期。3.姚佳:“论个人信息处理者的民事责任”,《清华法学》,2021年第3期。4.田新月:“欧盟《一般数据保护条例》新规则评析”,《武大国际法评论》,2016年第2期。5.张新宝:“从隐私到个人信息:利益再衡量的理论与制度安排”,《中国法学》,2015年第3期。6.张继红:“个人数据跨境传输限制及其解决方案”,《东方法学》,2018年第6期。7.田晓萍:“贸易壁垒视角下的欧盟《一般数据保护条例》”,《政法论丛》,2019年第4期。8.石静霞:“数字经济背景下的WTO电子商务诸边谈判:最新发展及焦点问题”,《东方法学》,2020年第2期。9.周念利,陈寰琦,王涛:“特朗普任内中美关于数字贸易治理的主要分歧研究”,《世界经济研究》,2018年第10期。10.黄宁,李杨:“‘三难选择’下跨境数据流动规制的演进与成因”,《清华大学学报(哲学社会科学版)》2017年第5期。11.陈咏梅,张娇:“跨境数据流动国际规制新发展:困境与前路”,《上海对外经贸大学学报》,2017年第6期,12.张金平:“跨境数据转移的国际规制及中国法律的应对——兼评我国《网络安全法》上的跨境数据转移限制规则”,《政治与法律》,2016年第12期。13.刘碧琦:“美欧《隐私盾协议》评析”,《国际法研究》,2016年第6期。14.程卫东:“跨境数据流动的法律监管”,《政治与法律》,1998年第3期。15.张新宝:“中国个人数据保护立法的现状与展望”,《中国法律(中英文版)》,2007年第3期。16.王利明:“隐私权概念的再界定”,《法学家》,2012年第1期。17.陈咏梅:“美国FTA范式探略”,《现代法学》,2012年第5期。18.曾丽洁:“欧洲企业对跨境流通数据资讯隐私权保护的自律模式”,《武汉交通职业学院学报》,2012年第4期。19.曹磊:“网络空间的数据权研究”,《国际观察》,2013年第1期。20.徐磊,董鹂馥:“大数据时代下我国跨境商业个人数据隐私保护探讨”,《当代经济管理》,2014年11期。21.沈国麟:“大数据时代的数据主权和国家数据战略”,《南京社会科学》,2014年06期。22.沈逸:“后斯诺登时代的全球网络空间治理”,《世界经济与政治》,2014年第5期。23.张晓君:“网络空间国际治理的困境与出路——基于全球混合场域治理机制之构建”,《法学评论》,2015年第4期。24.刘建华:“美国国家安全体制改革:历程、动力与特征”,《美国研究》,2015年第2期。25.弓永钦,王健:“APEC与欧盟个人数据跨境流动规则的研究”,《亚太经济》,2015年第5期。26.孙南翔,张晓君:“论数据主权——基于虚拟空间博弈与合作的考察”,《太平洋学报》,2015年第2期。27.齐爱民,祝高峰:“论国家数据主权制度的确立与完善”,《苏州大学学报(哲学)社会科学版》,2016年第5期。28.谢永江,朱琳,尚洁:“欧美隐私盾协议及其对我国的启示”,《北京邮电大学学报(社会科学版)》,2016年第6期。29.王楠:“个人信息跨境转移的法律保护——以公司隐私规则为视角”,《重庆工商大学学报(社会科学版)》,2016年第1期。30.刘耀华,石月:“欧美‘隐私盾’协议及对我国网络数据保护的启示”,《现代电信科技》,2016年第5期,31.李思羽:“数据跨境流动规制的演进与对策”,《信息安全与通信保密》,2016年第1期。32.韩静雅:“跨境数据流动国际规制的焦点问题分析”,《河北法学》,2016年第10期。33.陈活,廖璇:“美欧用户信息跨境流动政策走向预判”,《电信网技术》,2016年第2期。34.弓永钦,王健:“个人数据跨境流动立法对我国数据外包业务的影响”,《国际经济合作》,2016年第4期。35.胡炜:“跨境数据流动的国际法挑战及中国应对”,《社会科学家》,2017年第11期。36.曹杰,王晶:“跨境数据流动规则分析——以欧美隐私盾协议为视角”,《国际经贸探索》,2017年第4期。37.胡炜:“跨境数据流动立法的价值取向与我国选择”,《社会科学》,2018年第4期。38.周念利,李玉昊,刘东:“多边数字贸易规制的发展趋向探究——基于WTO主要成员的最新提案”,《亚太经济》,2018年第2期。39.张舵:“略论个人数据跨境流动的法律标准”,《中国政法大学学报》,2018年第3期。40.石静霞,张舵:“跨境数据流动规制的国家安全问题”,《广西社会科学》,2018年第8期。41.刘泽刚:“欧盟个人数据保护的‘后隐私权’变革”,《华东政法大学学报》,2018年第4期。42.冯洋:“论个人数据保护全球规则的形成路径——以欧盟充分保护原则为中心的探讨”,《浙江学刊》,2018年第4期。43.吴沈括,霍文新:“欧盟数据治理新指向:《非个人数据自由流动框架条例》(提案)研究”,《网络空间安全》,018年第3期。44.周念利,陈寰琦:“数字贸易规则‘欧式模板’的典型特征及发展趋向”,《国际经贸探索》,2018年第3期.45.许多奇:“个人数据跨境流动规制的国际格局及中国应对”,《法学论坛》,2018年第3期。46.刘维:“跨境数据流动监管措施在GATS下的合规性分析”,《理论月刊》,2018年第3期。47.张衠:“跨境数据流动的国际形势和中国路径”,《信息安全与通信保密》,2018年第12期。48.高媛,王涛:“TISA框架下数字贸易谈判的焦点争议及发展趋向研判”,《国际商务(对外经济贸易大学学报)》,2018年第1期。49.张舵:“刍议跨境数据流动的公共利益保护”,《河北法学》,2018年第5期。50.沈逸,姚旭:“大国战略互信与跨境数据流动管理新模式探索:以‘数据主权’为核心推进网络安全战略建设”,《信息安全与通信保密》,2018年第12期。51.邓崧,字学凤:“PISEL博弈模型分析框架下的中美跨境数据流动研究”,《情报杂志》,2020年第1期。52.陈寰琦,周念利:“从USMCA看美国数字贸易规则核心诉求及与中国的分歧”,《国际经贸探索》,2019年第6期。53.项炎,陈曦:“大数据时代美国信息隐私权客体之革新——以宪法判例为考察对象”,《河北法学》,2019年第11期。54.赵骏,向丽:“跨境电子商务建设视角下个人信息跨境流动的隐私权保护研究”,《浙江大学学报(人文社会科学版)》,2019年第2期。55.夏燕,沈天月:“美国CLOUD法案的实践及其启示”,《中国社会科学院研究生院学报》,2019年第5期。56.张生:“美国跨境数据流动的国际法制路径与中国的因应”,《经贸法律评论》,2019年第5期。57.李艳华:“全球跨境数据流动的规制路径与中国抉择”,《时代法学》,2019年第5期。58.王娟娟,宋恺:“数据跨境流动的风险分析及对策建议”,《信息通信技术与政策》,2019年第7期。59.孙益武:“数字贸易与壁垒:文本解读与规则评析——以USMCA为对象”,《上海对外经贸大学学报》,2019年第6期。60.茶洪旺,付伟博,郑婷婷:“数据跨境流动政策的国际比较与反思”,《电子政务》,2019年第5期。61.李娜,沈四宝:“数字化时代跨境数据流动与国际贸易的法律治理”,《西北工业大学学报(社会科学版)》,2019年第1期。62.董瑞玲:“数字贸易国际规则的分歧及中国的应对”,《对外经贸实务》,2019年第6期。63.陈红娜:“数字贸易中的跨境数据流动问题研究”,《发展研究》,2019年第4期。64.王勇:“我国首部涉及数据跨境流动地方法规评析”,《检察风云》,2019年第22期。65.张茉楠,周念利:“中美数字贸易博弈及我国对策”,《宏观经济管理》,2019年第7期。66.方芳:“欧盟个人数据跨境流动政策的演变:市场统一与贸易规范”,《复旦国际关系评论》,2019年第24辑。67.黄海瑛,何梦婷:“基于CLOUD法案的美国数据主权战略解读”,《信息资源管理学报》,2019年第2期。68.钟英通:“WTO改革视角下的诸边协定及其功能定位”,《武大国际法评论》,2019年第1期。69.徐金海,周蓉蓉:“数字贸易规则制定:发展趋势、国际经验与政策建议”,《国际贸易》,2019年第6期。70.彭岳:“贸易规制视域下数据隐私保护的冲突与解决”,《比较法研究》,2019年第4期。71.叶开儒:“数据跨境流动规制中的‘长臂管辖’——对欧盟GDPR的原旨主义考察”,《法学评论》,2020年第1期。二、外文类参考文献(一)著作类1.Alan Watson, Legal Transplants:An Approach to Comparative Law, Athens: University of Georgia Press, 1993.2.Lee Andrew Bygrave, Data Privacy Law: An International Perspective, Oxford University Press, 2014.3.Daniel J. Solove, Paul M. Schwartz, Information Privacy Law, Aspen Publishing, 2024.4.Anu Bradford, The Brussels Effect: How the European Union Rules the World, Oxford University Press, 2020.5.Gloria González Fuster, The Emergence of Personal Data Protection as a Fundamental Right of the EU, Springer, 2014.6.Hielke Hijmans, The European Union as Guardian of Internet Privacy: The Story of Art 16 TFEU, Springer, 2016.7.Orla Lynskey, The Foundations of EU Data Protection Law, Oxford University Press, 2015.8.Christopher Kuner, Transborder Data Flows and Data Privacy Law, Oxford University Press, 2013.9.Steve Peers, Tamara Hervey, Jeff Kenner et al., The EU Charter of Fundamental Rights: A Commentary, Bloomsbury Publishing, 2014.10.Paul Craig, Grainne de Burca, EU Law: Text, Cases, and Materials, Oxford University Press, 2011.11.Anne-Marie Slaughter, A New World Order, Princeton University Press, 2005.12.Alan Charles Raul, The Privacy, Data Protection and Cybersecurity Law Review, Law Business Research Ltd, 2015.13.Cristina Casagran, Global Data Protection in the Field of Law Enforcement: An EU Perspective, Routledge, 2016.14.Federico Fabbrini, Fundamental Rights in Europe:Challenges and Transformations in Comparative Perspective, Oxford University Press, 2014.15.Raymond Wacks, Personal Information: Privacy and the law, Clarendon Press, 1989.16.Alec Stone Sweet, Governing with Judges: Constitutional Politics in Europe, Oxford University Press, 2000.17.Christopher Kuner, European Data Protection Law: Corporate Compliance and Regulation, Oxford University Press, 2007.18.Yuko Suda, The Politics of Data Transfer: Transatlantic Conflict and Cooperation over Data Privacy, Routledge, 2018.19.Jean-Claude Piris, The Lisbon Treaty: A Legal and Political Analysis, Cambridge University Press, 2012.20.Paul Voigt, Axel con dem Bussche, The EU General Data Protection Regulation: A Practical Guide, Springer, 2017.21.Christian Kaunert, Kamil Zvorsky, The EU as a Global Security Act: A Comprehensive Analysis beyond CFSP and JHA, Palgrave Macmillan, 2013.22.Christopher Kuner, Lee Andrew Bygrave, Christopher Docksey et al., 2018 Draft Commentaries on 10 GDPR Articles (from Commentary on the EU General Data Protection Regulation, Oxford University Press, 2018.23.Wyn Rees, The US-EU Security Relationship: The Tensions between a European and a Global Agenda, Bloomsbury Publishing, 2011. (二)论文类1.David Vogel, “Trading up and Governing Across: Transnational Governance and Environmental Protection,” Journal of European Public Policy, Vol.4, 1997.2.Ian Manners, “The Normative Ethics of the European Union,” International Affairs, Vol.84, 2008.3.Anu Bradford, “The Brussels Effect,” Northwestern University Law Review, Vol.107, 2012.4.Anu Bradford, “Exporting Standards:The Externalization of the EU’s Regulatory Power via Markets,” International Review of Law and Economics, Vol.42, 2015.5.Joshua Paul Meltzer, “The Internet, Cross-Border Data Flows and International Trade,” Asia & the Pacific Policy Studies, Vol.2, 2014.6.Lina Jasmontaite, Valerie Verdoodt, “Accountability in the EU Data Protection Reform: Balancing Citizens’ and Business’ Rights,” in David Aspinall, Jan Camenisch, Marit Hansen et al., Privacy and Identity Management: Time for a Revolution? Springer cham, 2016.7.Usman Ahmed, Anupam Chander, “Information Goes Global: Protecting Privacy, Security, and the New Economy in a World of Cross-border Data Flows,” an article in International Centre for Trade and Sustainable Development and World Economic Forum, Geneva, November 2015.8.Gregory Shaffer, “Alternatives for Regulatory Governance under TTIP: Building from the Past,” Columbia Journal of European Law, Vol.22, 2016.9.Susan Aaronson, “Why Trade Agreements are not Setting Information Free: The Lost History and Reinvigorated Debate over Cross-Border Data Flows,” World Trade Review, Vol.14, 2015.10.Fred H. Cate, Christopher Kuner, Dan Jerker B. Svantesson, et al., “The Language of Data Privacy Law (and How It Differs from Reality),” International Data Privacy Law, Vol. 6, 2016.11.Dan Jerker B. Svantesson, “The Regulation of Cross-border Data Flows,” International Data Privacy Law, Vol.1, 2011.12.Hielke Hijmans, “The Transatlantic Trade and Investment Partnership and the Developments in the Area of Privacy and Data Protection,” Legal Issues of Economic Integration, Vol.43, 2016.13.Shelby L. Wallace, “Rethinking Data Security: The Differences between the European Union and the United States’ Approach to Data Security and Building Transnational Standards with Transparency and Uniformity,” Wisconsin International Law Journal, Vol.34, 2016.14.Christopher Wolf, “Delusions of Adequacy? Examining the Case for Finding the United States Adequate for Cross-Border EU-U.S. Data Transfers,” Washington University Journal of Law &Policy, Vol.43, 2013.15.John Bowman, Myriam Gufflet, “Meeting the Challenge of a Global GDPR and BCR Programme,” European Data Protection Law Review, Vol.3, 2017.16.Bianka Maksó, “Exporting the Policy: International Data Transfer and the Role of Binding Corporate Rules for Ensuring Adequate Safeguards,” Pécs Journal of International and European Law, Vol.2016, 2016.17.Lindsey Barrett, “Confiding in Con Men: U.S. Privacy Law, the GDPR, and Information Fiduciaries,” Seattle University Law Review, Vol.42, 2019.18.Nora Ni Loideain, “The End of Safe Harbor: Implications for EU Digital Privacy and Data Protection Law,” Journal of Internet Law, Vol.19, 2016.19.Dena Dervanović, “Safe Harbor No More: Impact of the Schrems Case on EU-U.S. Personal Data Transfers,” Lund University, Master Thesis, 2016.20.Andrew D. Mitchell, Jarrod Hepburn, “Don't Fence Me in: Reforming Trade and Investment Law to Better Facilitate Cross-Border Data Transfer,” Yale Journal of Law and Technology, Vol.19, 2017.21.Andrew D. Mitchell, Neha Mishra, “Data at the Docks: Modernizing International Trade Law for the Digital Economy,” Vanderbilt Journal of Entertainment &Technology Law, Vol.20, 2018.22.Graham Greenleaf, “The Influence of European Data Privacy Standards Outside Europe: Implications for Globalization of Convention 108,” International Data Privacy Law, Vol.2, 2012.23.Ira C. Magaziner, Ann Grier Cutter, Len A. Costa, “The Framework for Global Electronic Commerce: A Policy Perspective,” Journal of International Affairs, Vol.51, 1998.24.Steven C. Bennett, “The ‘Right to Be Forgotten’: Reconciling EU and US Perspective,” Berkeley Journal of International Law, Vol.30, 2012.25.Henry N. Butler, Joshua D. Wright, “Are State Consumer Protection Acts Really Little-FTC Acts?” Northwestern University School of Law, Vol.63, 2011.26.Daniel J. Solove, “A Brief History of Information Privacy Law,” Proskauer on Privacy, Vol.15,2006.27.Neil M. Richards, “The Limits of Tort Privacy,” Journal on Telecommunications & High Technology Law, Vol.9, 2011.28.James Q. Whitman, “The Two Western Cultures of Privacy: Dignity Versus Liberty,” The Yale Law Journal, Vol.113, 2004.29.Paul M. Schwartz, Daniel J. Solove, “Reconciling Personal Information in the United States and European Union,” California Law Review, Vol.102, 2014.30.Jonathan P. Cody, “Protecting Privacy Over the Internet: Has the Time Come to Abandon Self-Regulation?” Catholic University Law Review, Vol.48, 1999.31.James M. Assey Jr., Demetrios A. Eleftheriou, “The EU-U.S. Privacy Safe Harbor: Smooth Sailing or Troubled Waters?” Catholic University Law Review, Vol. 9, 2001.32.Paul De Hert, “From the Principle of Accountability to System Responsibility – Key Concepts in Data Protection Law and Human Rights Law Discussions,” an article in International Data Protection Conference, Hungarian, 2011.33.Chuan Sun, “The European Union Privacy Directive and Its Impact on the U.S. Privacy Protection Policy: A Year 2003 Perspective,” Northwestern Journal of Technology and Intellectual Property, Vol.2, 2003.34.Frank I. Michelman, “The State Action Doctrine”, in Vikram David Amar, Mark V. Tushnet, ed., Global Perspectives on Constitutional Law, Oxford University Press, 2009.35.Shaun G. Jamison, “Creating a National Data Privacy Law for the United States,” Cybaris, Vol.10, 2019.36.Stuart L. Pardau, “The California Consumer Privacy Act: Towards a European-Style Privacy Regime in the United States,” Journal of Technology Law &Policy, Vol.23, 2018.37.Paul Roth, “Adequate Level of Data Protection in Third Countries Post-Schrems and under the General Data Protection Regulation,” Journal of Law, Information and Science, Vol.25, 2017.38.Ivan Sarafanov, Bai Shuqiang, “A Study on the Cooperation Mechanism on Digital Trade within the WTO Framework: Based on an Analysis on the Status and Barriers to Digital Trade,” Journal of WTO and China, Vol.7, 2017.39.Ariel E. Wade, “A New Age of Privacy Protection: A Proposal for an International Personal Data Privacy Treaty,” George Washington International Law Review, Vol.42, 2010.40.Ross Buckley, Ignacio Mas, “Coming of Age of Digital Payments as a Field of Expertise,” Journal of Law, Technology & Policy, Vol.2016, 2016.41.Shakila Bu-Pasha, “Cross-border Issues under EU Data Protection Law with Regards to Personal Data Protection,” Information & Communications Technology Law, Vol.26, 2017.42.Alan Butler, “United States of America: Whither Privacy Shield in the Trump Era,” European Data Protection Law Review, Vol.3, 2017.43.Svetlana Yakovleva, Kristina Irion, “The Best of Both Worlds? Free Trade in Services, and EU Law on Privacy and Data Protection,” European Data Protection Law Review, Vol.2, 2016.44.Henry Gao, “Digital or Trade? The Contrasting Approaches of China and US to Digital Trade,” Journal of International Economic Law, Vol.21, 2018. 45.Emily Linn, “A Look into the Data Privacy Crystal Ball: A Survey of Possible Outcomes for the EU-U.S. Privacy Shield Agreement,” Vanderbilt Journal of Transnational Law, Vol.50, 2017.46.Federico Fabbrini, “Human Rights in the Digital Age: The European Court of Justice Ruling in the Data Retention Case and its Lessons for Privacy and Surveillance in the U.S.,” Harvard Human Rights Journal, Vol.28, 2015.47.Francesca Bignami, Giorgio Resta, “Transatlantic Privacy Regulation: Conflict and Cooperation,” Law and Contemporary Problems, Vol.78, 2015.48.W.G. Voss, “European Union Data Privacy Law Reform: General Data Protection Regulation, Privacy Shield, and the Right to Delisting,” The Business Lawyer, Vol.72, 2016.49.Joshua P. Meltzer, “Governing Digital Trade,” World Trade Review, Vol.18, 2019. 50.Margaret Byrne Sedgewick, “Transborder Data Privacy as Trade,” California Law Review, Vol.105, 2017.51.Mira Burri, “The Governance of Data and Data Flows in Trade Agreements: The Pitfalls of Legal Adaptation,” University of California, Davis Law Review, Vol.51, 2017.52.Mira Burri, “The Regulation of Data Flows through Trade Agreements,” Georgetown Journal of International Law, Vol.48, 2017.53.Patrick Troy Hatfield, “The Great Divide: Recent Trends Could Help Bridge the US EU Data Privacy Gap,” Seattle Journal for Social Justice, Vol.14, 2015. 54.Bernhold Nieuwesteeg, “Quantifying Key Characteristics of 71 Data Protection Laws,” Journal of Intellectual Property, Information Technology and E-Commerce Law, Vol.7, 2016.55.GAO, Henry, “Regulation of Digital Trade in US Free Trade Agreements: From Trade Regulation to Digital Regulation,” Legal Issues of Economic Integration, Vol.45, 2018.56.Graham Greenleaf, “Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories,” Journal of Law, Information and Science, Vol.23, 2014.57.Omer Tene, “Privacy Law's Midlife Crisis: A Critical Assessment of the Second Wave of Global Privacy Laws,” Ohio State Law Journal, Vol.74, 2013. 58.Paul M. Schwartz, “The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures,” Harvard Law Review, Vol.126, 2013. 59.Beata A. Safari, “Intangible Privacy Rights: How Europe's GDPR Will Set a New Global Standard for Personal Data Protection,” Seton Hall Law Review, Vol.47, 2017.60.Christopher Kuner, “Reality and Illusion in EU Data Transfer Regulation Post Schrems,” German Law Journal, Vol.18, 2017.61.Shawn Marie Boyne, “Data Protection in the United States,” The American Journal of Comparative Law, Vol.66, 2018.62.Lothar Determann, “Adequacy of data protection in the USA: myths and facts,” International Data Privacy Law, Vol.6, 2016.63.Jules Polonetsky, Omer Tene, “Privacy and Big Data: Making Ends Meet,” Stanford Law Review Online, Vol.66, 2013.64.Kenneth A. Bamberger, Deirdre K. Mulligan, “Privacy in Europe: Initial Data on Governance Choices and Corporate Practices,” The George Washington Law Review, Vol.81, 2013.65.Paul M. Schwartz, Karl-Nikolaus Peifer, “Transatlantic Data Privacy Law,” The Georgetown Law Journal, Vol.106, 2017.66.Foivi Mouzakiti, “Transborder Data Flows 2.0: Mending the Holes of the Data Protection Directive,” European Data Protection Law Review, Vol.1, 2015. 67.Samantha Cutler, “The Face-off Between Data Privacy and Discovery: Why U.S. Courts Should Respect EU Data Privacy Law When Considering the Production of Protected Information,” Boston College Law Review, Vol.59, 2018.68.Sergio Carrera, Elspeth Guild, “The End of Safe Harbor: What Future for EU-US Data Transfers,” Maastricht Journal of European and Comparative Law, Vol.22, 2015.69.Brittany May Johnson, “Foreign Nationals' Privacy Interests under U.S. Foreign Intelligence Law,” Texas International Law Journal, Vol.51, 2016.70.Carolyn Hoang, “In the Middle: Creating a Middle Road between U.S. and EU Data Protection Policies,” Journal of the National Association of Administrative Law Judiciary, Vol.32, 2012.71.Paul M. Schwartz, “Global Data Privacy: The EU Way,” New York University Law Review, Vol.94, 2019.72.Michael Nesheiwat, “Doing Business Abroad? Brexit and Its Implications On Your Data Practices,” Thomson Reuters’s Westlaw Journal, Vol.34, 2016.73.Marc Rotenberg, “Forword-Privacy and Secrecy After September 11,” Minnesota Law Review, Vol.86, 2002.74.Andrew L. Porter, Annegret Bendiek, “Counterterrorism Cooperation in the Transatlantic Security Community,” European Security, Vol.21, 2012.75.Xiana Barros, “The External Dimension of EU Counter-terrorism: The Challenges of the European Parliament in front of the European Court of Justice,” European Security, Vol.21, 2012.76.Adamantia Rachovitsa, “Engineering and Lawyering Privacy by Design: Understanding Online Privacy Both as a Technical and an International Human Rights Issue,” International Journal of Law and Information Technology, Vol.24, 2016.77.W. Kuan Hon, Christopher Millard, “Data Export in Cloud Computing: How can Personal Data be Transferred outside the Eea? The Cloud of Unknowing, Part 4,” A Journal of Law, Technology & Society, Vol.25, 2011.78.Christopher Kuner, Fred H. Cate, Christopher Millard et al., “The Extraterritoriality of Data Privacy Laws: An Explosive Issue Yet to Detonate,” International Data Privacy Law, Vol.3, 2013.79.Andra Giurgiu, Gertjan Boulet, Paul De Hert, “EU's one-stop-shop mechanism: Thinking transnational,” Privacy Laws & Business, No.137, 2015.80.Jacob W. S. Schneider, “Preventing Data Breaches: Alternative Approaches to Deter Negligent Handling of Consumer Data,” Boston University Journal of Science and Technology Law, Vol.15, 2009.81.Danielle Keats Citron, Daniel Solove, “Risk and Anxiety: A Theory of Data Breach Harms,” Texas Law Review, Vol.96, 2018.82.Ryan Goodman, Derek Jinks, “How to Influence States: Socialization and International Human Rights Law,” Duke Law Journal, Vol.54, 2004.83.loanna Tourkochoriti, “The Snowden Revelations, the Transatlantic Trade and Investment Partnership and the Divide Between U.S.-EU. in Data Privacy Protection,” University of Arkansas at Little Rock Law Review, Vol.36, 2014.84.Jasmine McNealy, Angelyn Flowers, “Privacy Law and Regulation: Technologies, Implications, and Solutions,” in Sherali Zeadally, Mohamad Badra, Privacy in a Digital, Networked World, Springer, 2015.85.Alex Mackenzie, “The External Dimension of European Homeland Security,” in Christian Kaunert, Sarah Léonard, Patryk Pawlak, European Homeland Security: A European Strategy in the Making? Routledge, 2013.86.Thomas J. Smedinghoff, “Defining the Legal Standard for Information Security,” in Anupam Chander, Lauren Gelman, Margaret Jane Radin ed., Security Privacy in the Internet Age, Stanford University Press, 2008.87.Paul M. Schwartz and Daniel J. Solove, “The PII Problem: Privacy and a New Concept of Personally Identifiable Information,” New York University Law Review, Vol.86, 2011.88.Stanislav Mamonova, Tamilla Mavlanova Triantoro, “The Strategic Value of Data Resources in Emergent Industries,” International Journal of Information Management, Vol.39, 2018.89.Ira S. Rubinstein, Nathaniel Good, “Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents,” Berkeley Technology Law Journal, Vol.28, 2013.90.Eoin Carolan, Rosario Castillo-Mayen, “Why More User Control does not Mean More User Privacy: An Empirical (and Counter-Intuitive) Assessment of European E-Privacy Laws,” Virginia Journal of Law &Technology, Vol.19, 2015.91.David Cole, Federico Fabbrini, “Bridging the Transatlantic Divide? The United States, the European Union, and the Protection of Privacy across Borders,” International Journal of Constitutional Law, Vol.14, 2016.92.M.C. Compagnucci, Mateo Aboy, Timo Minssen, “Cross-Border Transfers of Personal Data after Schrems II: Supplementary Measures and New Standard Contractual Clauses (SCCs),” Nordic Journal of European Law, Vol.4, 2021.93.Anupam Chander, “Is Data Localization a Solution for Schrems II?” Journal of International Economic Law, Vol.23, 2020.(三)报告类1.Casalini F. & J. López González, “Trade and Cross-Border Data Flows,” OECD Trade Policy Papers, No.220, OECD Publishing, 2019.2.Christopher Kuner, “Regulation of Transborder Data Flows under Data Protection and Privacy Law, Past, Present and Future,” OECD Digital economy papers, NO.187, OECD Publishing, 2011.3.United Nations Conference on Trade and Development, Data Protection Regulations and International Data Flows: Implications for Trade and Development, April 2016.4.María Vasquez Callo-Müller, “GDPR and CBPR: Reconciling Personal Data Protection and Trade,” APEC Policy Support Unit, Policy Brief No.23, October 2018.5.Stephen P. Mulligan, Wilson C. Freeman, Chris D. Linebaugh, “Data Protection Law: An Overview,” Congressional Research Service Report, 25 March, 2019.6.Rachel F. Fefer, “Data Flows, Online Privacy, and Trade Policy,” Congressional Research Service Report, March 11, 2019.7.Shayerah Ilias Akhtar, Vivian C. Jones, “Transatlantic Trade and Investment Partnership (T-TIP): A Brief,” Congressional Research Service Report, June 11, 2014.8.Martin A. Weiss, Kristin Archick, “U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield,” Congressional Research Service, February 12, 2016.9.Susan Ariel Aaronson, “The Digital Trade Imbalance and Its Implications for Internet Governance,” the Centre for International Governance Innovation and Chatham House, January 2016. 10.Rachel F. Fefer, Kristin Archick, “EU Data Protection Rules and U.S. Implications,” Congressional Research Service, February 7, 2019.11.A comparison between US and EU Data Protection Legislation for Law Enforcement, PE.536.459, 2015.12.The US Legal System on Data Protection in the Field of Law Enforcement, Safeguards, Rights and Remedies for EU Citizens, PE 519.215, 2015.
回到顶部