論企業數據出境之合規困境與優化路徑

Compliance Dilemma and Optimization Path of Cross-border Flow of Enterprise Data

在跨境數字貿易中，我國企業數據出境合規治理面臨國內法規定尚不完善、國外政策環境日益複雜的風險。合理之紓困路徑在於，構建獨立於個人數據的企業數據出境合規規則，並強化國際合作。企業數據出境合規規制的總體思路為，在規制理念層面，堅持企業數據出境安全流動前提下的自由流動；在規制邏輯層面，技術上應將企業數據與個人數據、公共數據進行剝離，法律上對企業數據進行合理確權及分類分級治理。依循該思路，應將企業數據類型化為可剝離的企業數據與不可剝離企業數據的數據集合，並根據數據級別進行區分規制。與此同時，應積極推動制定並簽署WTO企業數據出境合規國際條約，並依託”一帶一路”的政策優勢，與沿線國家締結企業數據跨境流動合規的雙邊投資協定，從而為企業數據出境合規提供國際保障。

In cross-border digital trade, Chinese enterprises face risks of non-compliance governance due to inadequate domestic legal systems and increasingly complex foreign policy environments. The reasonable relief path lies in establishing independent compliance rules for enterprise data outbound, separate from personal data, and strengthening international cooperation. The overall train of thought for regulating enterprise data outbound compliance is as follows: at the level of regulatory philosophy, adhere to the free flow of enterprise data outbound under the premise of ensuring data security; at the level of regulatory logic, technically separate enterprise data from personal data and public data, and legally ensure reasonable ownership and classification governance of enterprise data. Following this train of thought, enterprise data should be categorized into detachable enterprise data and non-detachable enterprise data sets, and regulated based on data classification. Meanwhile, efforts should be made to actively promote the formulation and signing of WTO international treaties on enterprise data outbound compliance, and to establish bilateral mutual recognition mechanisms for cross-border compliance of enterprise data with countries along the Belt and Road Initiative, thus providing international guarantees for the classification and governance of enterprise data outbound compliance.