迈向二元共治的数据合规——基于规制理论的视角  

作　　者：段俊熙 徐亚文[1] DUAN Junxi;XU Yawen

机构地区：[1]武汉大学法学院

出　　处：《西南交通大学学报(社会科学版)》2024年第6期74-90,共17页Journal of Southwest Jiaotong University(Social Sciences)

基　　金：国家社会科学基金重点项目“弘扬社会主义法治精神研究”(22AZD058)。

摘　　要：对数据合规理念的正确认识应当从规制史(福利国—规制国—后规制国)的角度切入:后规制国是对规制国的修正发展而非全盘否定,因此,“企业—政府”二元共治论才是全面诠释数据合规基本性质的理论路径。从企业与政府的双重视角,引入规制理论展开分析企业与政府在规制资源的分配与规制空间的重构问题,以“元规制”的理论视角统合数据合规框架下的自我规制与政府规制,可以从三个角度展开数据合规的制度构造:在“受指引的自我规制”中,引入隐私设计理论,通过颁布技术标准引导企业在设计数据处理技术时贯彻隐私保护的价值理念;在“受监督的自我规制”中,建立风险评估机制,要求企业对其数据合规制度体系下数据处理的各个阶段进行风险评估;在“受限制的自我规制”中,通过多元问责方式,合理平衡企业与专家之间的责任分担,以一种更为弹性的问责方式在不同阶段合理确定企业应当承担的责任形式。A correct understanding of the concept of data compliance should start from the perspective of the history of regulation(welfare state-regulatory state-post-regulatory state):the post-regulatory state is a corrective development of the regulatory state rather than a total rejection of the regulatory state,and therefore,the theory of“business-government”dualism is the theoretical path to comprehensively interpret the basic nature of data compliance.Combining the dual perspectives of the enterprise and the government,the theory of regulation is introduced to analyze the allocation of regulatory resources and the reconfiguration of regulatory space between the enterprise and the government.On this basis,the theoretical perspective of“meta-regulation”is used to unify self-regulation and government regulation under the framework of data compliance,and the institutional structure of data compliance can be developed from three perspectives:in“guided self-regulation”,privacy design theory is introduced to guide enterprises in the design of data processing through the issuance of In“guided self-regulation”,the theory of privacy design is introduced,and enterprises are guided to implement the value concept of privacy protection in the design of data processing technology through the promulgation of technical standards;in“supervised self-regulation”,a risk assessment mechanism is established,requiring enterprises to assess the risk of each stage of data processing under the system of their data compliance system;in“restricted self-regulation”,multiple accountability mechanisms are established to ensure that enterprises are able to fulfill their obligations under the system of data compliance.In“restricted self-regulation”,a reasonable balance is struck between the sharing of responsibilities between enterprises and experts through multiple accountability methods,so as to reasonably determine the forms of responsibility that enterprises should assume at different stages in a more flexible manner.

关 键 词：数据合规 二元共治 自我规制 政府规制 元规制 

分 类 号：D92[政治法律—法学]