后“SchremsⅡ案”时期欧盟数据跨境流动法律监管的演进及我国的因应

“SchremsⅡ案”对以隐私权和数据保护为核心构建的欧盟数据跨境流动规则体系产生重大影响,它要求无论使用何种数据跨境流动工具,都必须确保第三国能够提供与欧盟同等的保护水平。在该案的影响下,《欧盟基本权利宪章》在数据保护领域的地位进一步提高,保障措施的适用愈发严苛,欧洲数据保护委员会在数据保护领域将扮演更重要的角色,数据跨境流动欧盟法规则与国际贸易法的不兼容问题日益凸显。欧盟虽然结合SchremsⅡ案的判决完善了对数据跨境的法律监管,但依然没有减少外界对其监管合理性的质疑。我国对数据跨境流动的监管存在着配套立法不健全、规则可操作性差、多元价值失衡、缺乏内外联动的“中国方案”等问题。对此,应完善我国相关立法,加强中欧国际合作,共同引领构建数据跨境流动的国际规则。

Post-Schrems Ⅱ Case Evolution of Legal Regulation of Cross-border Data Flow in EU and China's Response

The Schrems Ⅱ case has a significant impact on the EU's cross-border data flow legal system,which is built with privacy and data protection as its core and requires that whatever cross-border data flow instrument is used,it must ensure that the third country can provide the level of protection of fundamental rights and freedoms that is essentially equivalent to that guaranteed within the EU by virtue of GDPR read in the light of the Charter of Fundamental Rights of the EU.Under the influence of the Schrems Ⅱ case,the status of the Charter in the field of data protection has been further enhanced,and the EU intends to make it a global standard.The application of appropriate safeguards has become more stringent,and supplementary measures requested by CJEU will increase the compliance costs of entities operating outside the region;EDPB will play a bigger role in data protection but needs to coordinate its functions with the EU Commission;and the incompatibility between EU law on cross-border data flow and international trade law has become increasingly prominent and the EU is in urgent need of more space for the operation of its regulatory power.In light of the Schrems II judgment,the EU has published a new version of Standard Contract Clauses,clarified the additional supplementary measures,made more specific the standards to be met by third country surveillance legislation,and promoted the EU's digital trade model agreement.However,doubts on the rationality of EU's regulation model have not been alleviated,especially considering that problems such as the imbalance of multiple values,highly political overtones,and lack of classification of cross-border data remain unresolved.On the basis of the Cybersecurity Law,the Data Security Law and the Personal Information Protection Law,China has now built a preliminary regulatory system for cross-border data flow with security as the core value.But the regulation of cross-border data flow in China still has many problems,such as imperfect supporting legislation,poor operability of rules,imbalance between multiple values,and lack of internal and external legal linkage.On the premise of fully guaranteeing data security,the free flow of data and the protection of personal information should be further promoted.To solve these problems,on the one hand,China should improve the security assessment system of data exit and establish the data classification and gradation management mechanism on the basis of absorbing the EU's regulatory experience that is reasonable and suitable for its own national conditions and improve the protection level of the individual's basic rights.On the other hand,confronted with common opportunities and challenges,China and the EU may strengthen international cooperation in many ways,for example,realizing the free flow of data in specific fields through international agreements,and jointly shaping the connotation of important concepts such as " reasonable public policy objectives"and "essential security interests" in digital trade agreements.