信息资源管理学报 ›› 2023, Vol. 13 ›› Issue (5): 56-72.doi: 10.13365/j.jirm.2023.05.056

• 专题·国家数据局成立契机下数据主权规则谱系与治理机制研究(1) • 上一篇    下一篇

基于扎根理论的中国数据主权规则谱系构建研究

郑令晗1  黄碧云2 江颖3   

  1. 1.湘潭大学信用风险管理学院,湘潭,411105; 
    2.华东政法大学法律学院,上海,201620; 
    3.湘潭大学法学学部,湘潭,411105
  • 出版日期:2023-09-26 发布日期:2023-10-15
  • 作者简介:郑令晗(通讯作者),讲师、硕士生导师,研究方向为数据主权风险治理,Email: zhenglh4847@163.com;黄碧云,博士生,研究方向为数据法;江颖,硕士生,研究方向为数据法。
  • 基金资助:
    本文系国家社会科学基金一般项目“‘双循环’新格局下国家数据主权安全风险的多维治理研究”(22BTQ104)、国家社会科学基金青年项目“数据要素确权的法律供给研究”(21CFX007)的成果之一。

Construction of China’s Data Sovereignty Rule Pedigree:A Grounded Theory Study

Zheng Linghan1 Huang Biyun2 Jiang Ying3   

  1. 1.School of Credit Risk Management, Xiangtan University, Xiangtan, 411105; 
    2.School of Law, East China University of Political Science and Law, Shanghai,201620; 
    3.Faculty of Law,Xiangtan University, Xiangtan,411105
  • Online:2023-09-26 Published:2023-10-15

摘要: 研究数据主权规则,有助于不同主体掌握我国数据主权规则体系,也有助于规则文本的规范表达,进而降低数据主权合规成本。按照本地存储、跨境流动和域外管辖三个关键过程域,筛选与数据主权相关样本46个,共摘录规则文本148条,运用扎根理论方法,使用NVivo12 Plus软件进行人工多次编码。数据主权规则谱系由客体、主体和义务构成,客体分为数据、信息、设备、关键信息基础设施、安全、利益、权益7大类,主体包括国家、党的机构、行政主体、公共事务主体、企业主体、其他主体6大类,义务涉及安全评估、出境安全评估、个人信息影响评估、数据安全保护、数据境内存储、信息境内存储、设备建于境内、设立境内实体、遵照合规要求、报告义务、列入清单并公告等29大类。总体而言,数据主权规则体系完整,覆盖了法律规范、部门规范、标准规范等各类型规则领域;数据主权表现出“防御型”特点,即有序的流动、适当的本地化、必要的管辖。

关键词: 数据主权, 本地存储, 跨境流动, 域外管辖, 规则谱系

Abstract: Research on data sovereignty rules is helpful for different entities to understand China's data sovereignty rule system, as well as for the standardized expression of rule texts, thereby reducing the cost of data sovereignty compliance. According to the three key process areas of local storage, cross-border flow and extraterritorial jurisdiction, 46 samples related to data sovereignty were screened, 148 rule texts were extracted, and the grounded theory method was used to manually code multiple times with NVivo12 Plus. The hierarchy of data sovereignty rules is composed of objects, subjects and obligations. The objects are divided into 7 categories: data, information, equipment, key information infrastructure, security, interests and rights. The subjects include 6 categories: state, party institutions, administrative subjects, public affairs subjects, enterprise subjects and other subjects. The obligations encompass 29 categories, including security assessment, outbound security assessment, personal information impact assessment, data security protection, within-territory data storage, within-territory information storage, with-territory equipment building, entity establishment, compliance with compliance requirements, reporting obligation, listing and announcement.Overall, the data sovereignty rule system is complete, covering various types of rule fields such as legal norms, departmental norms, and standard norms; Data sovereignty exhibits a "defensive" characteristic, namely orderly flow, appropriate localization, and necessary jurisdiction.

Key words: Data sovereignty, Local storage, Cross border mobility, Extraterritorial jurisdiction, Rule genealogy

中图分类号: