論GDPR數據跨境傳輸二元保護模式的選擇

The Selection of GDPR's Dual Protection Modes of Cross-Border Data Transmission

數據跨境流動會導致數據面臨域外侵害的風險，因此，數據需要法律提供跨境保護。歐盟GDPR發展出以第3條為適用門檻的領土延伸模式與境外等效模式的跨境保護二元模式。領土延伸模式理論上可提供更高的保護標準，而境外等效模式在實際執行效果上更勝一籌。當存在兩種模式同時適用的可能性時，一方面，從法律現實主義考量，短期內一國可優先選擇適用境外等效模式；但另一方面，補強領土延伸模式實際適用的短板，應當成為一國長期努力的方向。據此，國內層面，我國應重點完善與域外管轄相銜接的代表制度，充分發揮代表制度在促進領土延伸模式域外適用的積極作用；國際層面，我國應積極參與數據保護的國際合作，通過與他國數據保護機構的協作切實保障領土延伸模式的落實。

Cross-border data flow faces the risk of infringement of data rights and interests outside one state's territory, so cross-border data protection will be required. The EU GDPR has developed dual models of protection of cross-border data transmission: the territorial extension model and the extraterritoral equivalence model, which follow Article 3 of GDPR as the applicable condition. The territorial extension model can theoretically provide a higher standard of protection, while the extraterritoral equivalence model is better in practice. When there is a possibility that both models may be applied, on the one hand, the application of the extraterritoral equivalence model should be preferred from the perspective of legal realism; On the other hand, the practice of reinforcing the territorial extension model should be the direction of long-term. Accordingly, at the domestic level, we should concentrate on enhancing the representative system for its convergence to extraterritorial jurisdiction, and give complete play to the positive role of the representative system in facilitating the extraterritorial application of the territorial extension model; At the international level, we should actively participate in international cooperation on data protection and ensure the execution of the territorial extension model effectively through the cooperation with other countries' data protection authorities.