数据安全刑法保护的模式转换:从管理安全到利用安全  

作　　者：梅传强[1] 盛浩 MEI Chuanqiang;SHENG Hao(School of Law,Southwest University of Political Science and Law,Chongqing 401120,P.R.China;Department of Investigation,Sichuan Police College,Luzhou 646099,P.R.China)

机构地区：[1]西南政法大学法学院,重庆401120 [2]四川警察学院侦查系,四川泸州646000

出　　处：《重庆大学学报(社会科学版)》2025年第1期272-288,共17页Journal of Chongqing University(Social Science Edition)

基　　金：2024年度教育部人文社会科学研究一般项目(24YJA820019);重庆市新型犯罪研究中心2022年度规划项目“个人数据权利刑法保护的立场及路径研究”(22XXFZ23)。

摘　　要：数据安全关乎国家安全和社会稳定,通过刑法保护数据安全既有必要性也有紧迫性。经过修正案的完善和司法解释的补充,我国刑法形成了保护数据安全的“管理安全模式”,即以静态数据的保密性、完整性、可用性为规范目的,以非法获取计算机信息系统数据罪、破坏计算机信息系统罪为规范依托的数据安全保护标准样式。“管理安全”保护模式的确立经历了数据作为计算机信息系统的保护附带内容、数据成为相对独立的刑法保护对象,以及借助司法解释扩大数据安全涵摄范围三个发展阶段。从规范上分析,“管理安全”保护模式具有封闭性、静态性特征,这难以适应数字社会数据动态化、共享化发展的趋势,未能实现与《中华人民共和国数据安全法》等前置法的有序衔接,并导致刑法中数据犯罪条款在司法适用出现“模糊化”的问题。数字社会的到来产生了新的数据安全风险类型,即分析数据所产生的风险,以及利用分析数据产生的知识和信息,作出决策而引发的风险。面对新的风险类型,数据安全保护亟需转向以动态数据的保密性、完整性、可用性、可控性、正当性为核心的“利用安全”模式:在保护理念上,应当将数据作为独立对象,从依附保护向专门保护、系统保护转变;在规制重心上,从注重数据收集、储存节点向其他节点拓展,从片面保护向全链条保护转变;在保护策略上,从笼统保护向分类分级保护转变。为此,应当在优化现有数据犯罪条款的基础上,增设新的数据犯罪,并引入数据分级分类保护制度。具体而言:一是在立法上明确数据与信息、计算机信息系统的关系,并剥离出独立的数据条款,实现数据安全的专门保护,同时,在《中华人民共和国刑法》分则中集中规定危害数据安全犯罪,实现系统化保护;二是增设非法公开、提供、出售、出境数�Data security is related to national security and social stability,and it is both necessary and urgent to protect data security through criminal law.After the improvement of the amendments and the supplementation of judicial interpretations,China’s criminal law has formed a management security model to protect data security,which aims to regulate the confidentiality,integrity,and availability of static data,and relies on the crime of illegally obtaining computer information system data and the crime of damaging computer information systems as normative standards for data security protection.The establishment of the management security protection model has gone through three stages of development:data as an incidental part of computer information system protection,data becoming a relatively independent object of criminal law protection,and expanding the scope of data security coverage through judicial interpretation.The management security protection model has closed and static characteristics,which is difficult to adapt to the trend of dynamic and shared development of data in the digital society.It has failed to achieve orderly connection with pre-existing laws such as the Data Security Law,and has led to the problem of ambiguity in the judicial application of data crime clauses in the criminal law.The arrival of the digital society has created new types of data security risks,namely the risks generated by analyzing data,as well as the risks caused by using the knowledge and information generated by analyzing data to make decisions.Faced with new types of risks,data security protection urgently needs to shift towards a utilization security model centered on the confidentiality,integrity,availability,controllability,and legitimacy of dynamic data.In terms of protection philosophy,data should be treated as an independent object,shifting from dependent protection to specialized and systematic protection;In terms of regulatory focus,expand from focusing on data collection and storage nodes to other nodes,and shift

关 键 词：数据安全 数字社会 刑法保护模式 数据分级分类 数据合规 

分 类 号：D914[政治法律—刑法学]