第三方数据共享中企业的个人数据保护义务构建  被引量：6

作　　者：许娟 罗熠琛 Xu Juan;Luo Yichen(School of Law and Public Affairs,Nanjing University of Information Science and Technology,Nanjing 211800,China;School of Bigdata and Law,Nanjing University of Information Science and Technology,Nanjing 211800,China)

机构地区：[1]南京信息工程大学法政学院,南京210044 [2]南京信息工程大学大数据法治研究院,南京210044

出　　处：《科技与法律（中英文）》2023年第4期32-42,共11页Science Technology and Law（Chinese-English Version）

基　　金：国家社会科学基金重大项目“构建人类命运共同体国际法治创新研究”(18ZDA153);国家社会科学基金一般项目“个人信息权利行使的平衡机制研究”(19BFX127)。

摘　　要：企业利用个人数据的技术不断迭代引发第三方数据呈现公共性和共享性特点,个人数据相关的隐私与安全问题在第三方数据共享下面临网络空间乃至于国家主权的挑战,国家需要创建数据管理机构统筹协调,应对数据安全问题。根据《个人信息保护法》第二十一条、第二十三条关于第三方数据共享制度的分类规定,提出中介服务与委托服务两种类型,并将确保安全原则置于在国家安全、网络安全、数据安全等三个方面全方位考量,拓展并完善企业安全保障义务制度。企业为回应国家数据管理的需求,不断创新技术,以增强国家对高科技企业的信任。企业自我答责包括:增强透明义务、通知义务和风险管理义务等安保义务,通过技术确保数据保密的经济、完整和可用。数据企业应当自我完善并形成以技术为基础,以义务为导向的第三方数据共享的数据安全保障体系。The continuous iteration of personal data technology by enterprises causes the third-party data to show the characteristics of publicity and sharing.The privacy and security issues related to personal data are facing the chal⁃lenges of cyberspace and even national sovereignty under the sharing of third-party data.The state needs to create data management institutions to coordinate and deal with data security issues.According to the classification provisions of Article 21 and Article 23 of the Personal Information Protection Law of People's Republic of China(PRC)on the third-party data sharing system,two types of intermediary services and entrusted services are extracted,and the principle of ensuring security is considered in all aspects from three aspects:national security,network security and data security,so as to expand and improve the enterprise security obligation system.In response to the needs of national data manage⁃ment,enterprises constantly innovate technology to enhance the country's trust in high-tech enterprises.Corporate self-responsibility includes:strengthening security obligations such as transparency obligations,notification obliga⁃tions and risk management obligations,and ensuring the confidentiality,economy,integrity and availability of data through technology.Data enterprises should improve themselves and form a data security guarantee system based on technology and obligation-oriented third-party data sharing.

关 键 词：第三方数据 数据共享 个人信息保护法 企业义务 

分 类 号：DF0-059[政治法律—法学理论]