美國CLOUD法案:全球數據管轄新“鐵幕”

The U. S. CLOUD Act: An “Iron Curtain”for Global Data Jurisdiction

美國新近出臺的CLOUD法案確立了境外數據管轄''控制者標準''。此標準一方面為美國數據管轄權擴張掃清了國內法障礙，另一方面卻使美國背離了一般國際法實踐。從現實效果來看，CLOUD法案不僅廣泛觸發美國與其他國家之間的數據管轄權沖突，引起部分國家的對抗立法，而且讓美國數字企業陷入更加嚴峻的合規困境。雖然CLOUD法案規定了''禮讓分析''作為''控制者標準''的適用例外，但囿于其嚴苛的適用條件，并不能彌合''控制者標準''帶來的負面效應。為有效應對CLOUD法案帶來的數據管轄權挑戰，中國應重點從數據分層保護和填補境外數據管轄立法空白兩個方面完善立法。

"The CLOUD Act sets forth the ''Controller Standard''for determining U.S.jurisdiction over data stored outside its territory.Whereas the Controller Standard provides a legal basis for the expansion of U.S.data jurisdiction,it results in the U.S deviation from the general practices of other states.The CLOUD Act not only triggers data jurisdiction conflicts and antagonistic legislation,but also presents U.S.digital enterprises with a compliance dilemma.Although the''Comity Analysis''is provided as an exception to the Controller Standard,it can hardly make a difference due to the stringent conditions for its application.To tackle the U.S.expansion of data jurisdiction,China should make efforts in establishing a stratified data protection mechanism and filling the legislative vacancy of overseas data jurisdiction."