2024數(shù)據(jù)出境實(shí)務(wù)實(shí)操手冊(cè)

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

目錄

Contents

一、中國(guó)數(shù)據(jù)出境路徑透視9

I.PivotViewofChina'sOutboundDataTransferPaths9

(一)路徑起源9

(I)OriginsofPaths9

(二)路徑選擇10

(II)PathSelection10

(三)路徑豁免(或有)11

(III)PathExemptions(ifany)11

二、中國(guó)數(shù)據(jù)出境實(shí)務(wù)問答13

II、Q&AonChinesePracticesofOutboundDataTransfers13

(-)數(shù)據(jù)出境安全評(píng)估1。問13

(I)1()QuestionsonSecurityAssessmentforOutboundDataTransfers13

QI：什么情形必須啟動(dòng)數(shù)據(jù)出境安全評(píng)估？13

Underwhatcircumstancesmustsecurityassessmentforoutbounddatatransfers

beconducted?13

Q2:數(shù)據(jù)出境行為具體包含哪些？14

Whatconstitutesanactofoutbounddatatransfer?14

實(shí)操演練1

PracticalExercise1

Q3：如何識(shí)別“重要數(shù)據(jù)”？16

Howtoidentify“importantdata”?16

國(guó)際數(shù)據(jù)跨境規(guī)則系列4/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

Q4^~~如何識(shí)別“敏感個(gè)人信息”？18

Howtoidentify"sensitivepersonalinformation',?18

Q5:如何界定“關(guān)鍵信息基礎(chǔ)設(shè)施運(yùn)營(yíng)者”？18

Whoisa"criticalinformationinfrastructureoperator'*?18

Q6:如何界定100萬、10萬、1萬的數(shù)量規(guī)模？19

Howtodefinethequantitativescaleof1million,100thousand,and10thousand?

19

Q7:同一數(shù)據(jù)處理者存在多個(gè)出境場(chǎng)景需要申報(bào)時(shí)應(yīng)如何處理？20

Whatshouldbedonewhentherearcmultipleoutboundscenariostobedeclared

bythesamedataprocessor?20

Q8:什么情況應(yīng)當(dāng)重新進(jìn)行數(shù)據(jù)出境安全評(píng)估？21

Whenshouldasecurityassessmentforoutbounddatatransfersbere-conducted?

21

實(shí)操演練2

PracticalExercise2

Q9:企業(yè)是否必須事先開展自評(píng)估工作？若需要，需要提前多久開展？自評(píng)

估工作應(yīng)當(dāng)評(píng)估哪些方面？23

Isitnecessaryforcompaniestocarryouttheself-assessmentexerciseinadvance?

Ifso,howfarinadvance?Whatshouldbeassessedintheself-assessment?23

實(shí)操演練3

PracticalExercise3

Q10:數(shù)據(jù)出境安全評(píng)估申報(bào)流程需要花多長(zhǎng)時(shí)間？26

Howlongdoesthesecurityassessmentfilingprocessofoutbounddatatransfers

take?26

(二)個(gè)人信息出境標(biāo)準(zhǔn)合同備案15問28

(II)15QuestionsontheFilingoftheSCforOutboundTransferofPersonal

Information("SCFiling^^)28

國(guó)際數(shù)據(jù)跨境規(guī)則系列5/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

QU:簽訂標(biāo)準(zhǔn)合同進(jìn)行數(shù)據(jù)出境活動(dòng)的適用范圍？28

WhatisthescopeofapplicationofaSC?28

Q12:標(biāo)準(zhǔn)合同簽署的主體有哪些？29

WhoarepartiestoaSC?29

實(shí)操演練4

PracticalExercise4

Q13：規(guī)定提及“自主締約”，這是否意味著企業(yè)可以跳過備案環(huán)節(jié)？30

Theprovisionrefersto"independentcontracting',,doesthismeanthatcompanies

canskipthefilingprocess?30

Q14:能否針對(duì)多個(gè)數(shù)據(jù)出境場(chǎng)景使用同一套標(biāo)準(zhǔn)合同？32

CanthesamesetofSCbeusedformultipleoutbounddatatransfers?32

實(shí)操演練5

PracticalExercise5

Q15:關(guān)聯(lián)方是否可以合并備案？34

Canrelatedpartiesconsolidatetheirfilings?34

實(shí)操演練6

PracticalExercise6

Q16:可以修改標(biāo)準(zhǔn)合同條款嗎？37

CanthetermsofaSCbemodified?37

Q17:如果已簽署GDPR下的標(biāo)準(zhǔn)合同，是否還需簽署中國(guó)的標(biāo)準(zhǔn)合同？..37

IfaSCundertheGDPRhasbeensigned,doIneedtosignaSCthatconforms

withtheChineselaws?37

Q18：個(gè)人信息處理者是否可以提交非中文版標(biāo)準(zhǔn)合同？37

CanaPIPsubmitanon-ChineseversionofaSC?38

Q19:標(biāo)準(zhǔn)合同備案的有效期多久？38

HowlongisafilingofSCvalidfor?38

國(guó)際數(shù)據(jù)跨境規(guī)則系列6/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

Q20:什么情況下需要重新備案？39

Underwhatcircumstanceswillitbenecessarytore-file?39

實(shí)操演練7

PracticalExercise7

Q21:受托人是否可以簽訂標(biāo)準(zhǔn)合同？41

CanatrusteeenterintoaSC?41

實(shí)操演練8

PracticalExercise8

Q22:在標(biāo)準(zhǔn)合同備案路徑下，PIA是否有特殊之處？43

IsPIAspecialundertheSCFilingpath?43

Q23:標(biāo)準(zhǔn)合同備案的結(jié)果是什么？43

WhatistheoutcomeofaSCFiling?43

Q24:寬限期內(nèi)的個(gè)人信息跨境傳輸是否合法？44

Areoutboundtransfersofpersonalinformationduringthegraceperiodlegal?44

Q25:若未能在寬限期內(nèi)完成整改，數(shù)據(jù)出境是否非法？是否需承擔(dān)責(zé)任？.44

Intheeventthatmodificationisnotcompletedwithinthegraceperiod,wouldthe

outbounddatatransferbeillegal?Isthereanylegalconsequenceforsuchafailure?

44

實(shí)操演練9

PracticalExercise9

(三)個(gè)人信息跨境處理活動(dòng)安全認(rèn)證5問49

(III)5QuestionsonSecurityCertificationforCross-borderProcessingActivities

ofPersonalInformation("PIPC”)49

Q26:何時(shí)可以選擇個(gè)人信息跨境處理活動(dòng)安全認(rèn)證路徑？49

WhencanIchoosethePIPC?49

國(guó)際數(shù)據(jù)跨境規(guī)則系列7/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

Q27:是否可以選擇安全認(rèn)證來代替標(biāo)準(zhǔn)合同備案？50

IsPIPCanalternativeoptiontoSCFiling?50

實(shí)操演練10

PracticalExercise10

Q28:安全認(rèn)證路徑下，是否需要指定個(gè)人信息保護(hù)負(fù)責(zé)人并設(shè)立個(gè)人信息保

護(hù)機(jī)構(gòu)？51

Isitnecessarytodesignateapersontobeinchargeofpersonalinformation

protectionandestablishapersonalinformationprotectionorganizationunderthe

PIPCpath?51

Q29:安全認(rèn)證具體怎么開展？52

HowisPIPCconducted?52

Q30:安全認(rèn)證的有效期？54

WhatisthevalidityperiodofthePIPC?54

附件一：?jiǎn)栴}/案例索引

AnnexI:IndexofQ&AsandPracticalExercises

附件二：主要法律法規(guī)一覽表

AnnexII:ListofMajorLawsandRegulations

國(guó)際數(shù)據(jù)跨境規(guī)則系列8/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

一概覽(Overview)一

一、中國(guó)數(shù)據(jù)出境路徑透視

I.PivotViewofChina'sOutboundDataTransferPaths

(一)路徑起源

(11OriginsofPaths

數(shù)據(jù)跨境流動(dòng)是全球化數(shù)字經(jīng)濟(jì)的必然，數(shù)據(jù)主權(quán)、數(shù)據(jù)安全以及個(gè)人信息保護(hù)也是全

球監(jiān)管的共識(shí)。

Thecross-borderflowofdataisaninevitablepartoftheglobalizeddigitaleconomy,andthereis

ccnsensusthattheprotectionofdatasovereignty,datasecurity,andpersonalinformation

protectionarcsubjecttoglobalregulation.

我國(guó)Fl前法律就數(shù)據(jù)出境提供了三條通路，即：數(shù)據(jù)出境安全評(píng)估、個(gè)人信息出境標(biāo)準(zhǔn)合

同備案(或稱“標(biāo)準(zhǔn)合同備案”)、個(gè)人信息跨境處理活動(dòng)安全認(rèn)證(或稱“個(gè)人信息保九人

匚者均來源于《個(gè)人信息保護(hù)法》第38條第1款的規(guī)定,個(gè)人信息處理者因業(yè)務(wù)等

需要，確需向境外提供個(gè)人信息的，應(yīng)當(dāng)具備下列條件之一：(一)依照本法第四十條的規(guī)

定通過國(guó)家網(wǎng)信部門組織的安全評(píng)估；(二)按照國(guó)家網(wǎng)信部門的規(guī)定經(jīng)專業(yè)機(jī)構(gòu)進(jìn)行個(gè)人

信息保護(hù)認(rèn)證；(三)按照國(guó)家網(wǎng)信部門制定的標(biāo)準(zhǔn)合同與境外接收方訂立合同，約定雙方

的權(quán)利和義務(wù)；(四)法律、行政法規(guī)或者國(guó)家網(wǎng)信部門規(guī)定的其他條件。

China'scurrentlawsprovidethreepathsforoutbounddatatransfers,namely:securityassessment

foroutbounddatatransfers,thefilingoftheStandaidContractforoutboundtiansferofpersonali

nfonnaiion(or"SCFiling")andsecurilycerlificaiionforcross-borderprocessingacliviliesof

personalinfb門nation(or"PersonalInformationProtectionCertification,PIPC").Allthreearc

derivedfromArticle38,Paragraph1ofthePersonalInformationProtectionLaw,whichprovides

thatwhereaPIPgenuinelyneedstoprovidepersonalinformationoutsidetheterritoryofthe

People'sRepublicofChinaduetobusinessorotherneeds,itshallmeetanyofthefollowing

conditions:(I)tohavepassedthesecurityassessmentorganizedbytheCyberspaceAdministration

ofChinainaccordancewiththeprovisionsofArticle40thereof;(II)tohaveobtainedaPersonal

InformationProtectionCertificationissuedbyaspecializedagencyinaccordancewiththe

regulationsoftheCyberspaceAdministrationofChina;(III)tohaveenteredintoacontractwith

anoversearecipientunderthestandardcontractformulatedbytheCyberspaceAdministrationof

China,specifyingtherightsandobligationsofbothparties;or(IV)tomeetotherconditions

prescribedbylaws,administrativeregulationsortheCyberspaceAdministrationofChina.

國(guó)際數(shù)據(jù)跨境規(guī)則系列

9/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)修白皮書

WhitePaperonChinaOutboundDataTransfersPractice

（二）路徑選擇

(H)PathSelection

*0耳0fitUii

CnttcaliMomationawn以啟>內(nèi)CWAWB嚴(yán)時(shí)c?物力R第.ttMRa

mumtiraOptwiSec?rt>y

IrrftamerwcHr*Op?ralorOCcndmion:teeuriry⑨人個(gè)人”

C?rtlfk?tton

HaMtep??so<MliMcrwwtkoco*dommcnaturalp?ftom

(taB*n

fromowtsdethelemtorywithhepurpleapnMJlrtg

PYOCMMIQiMpertMldata

gnetftcpvnontwilhpcodtice*o<smce

;Stu個(gè)人(M在也分析.科舉?內(nèi)mu的行為

:Proc?Mtf)gP1Theoct*of4oamficrwturaiRctom?r?satyedand

eve?*dfromouttidt?Mt?f?torY

Mfl

崛■?電

*3Sewrio

處理18萬人Jt個(gè)人(X4W測(cè)*Hf者

AdattpcocwxMhoMipro???dp?r*on?l

irHormattenofowrorwmAtOfipfrwm

U上年1月1BR率人個(gè)人“

呷onof100.000

pertoracumu??v?*)fWK?Januery1ofth?

pfWkOU,yt**t*C*Ml

g上年1月1日皿計(jì)向”萬人■?個(gè)人俗

ptrtofhilMomatMof10,000pmcnt

cund?ti?n?JMHucy1ofther<*^ou，Z

注：桿別地.針對(duì)注留在學(xué)淺靂大R區(qū)內(nèi)地SP分/售港箱別行政區(qū)的個(gè)人信總處理者及隈々方.在學(xué)洸澳大R區(qū)內(nèi)地郃分與售港相融行政區(qū)之間的個(gè)人俱也改嚏流動(dòng),不含重要或圖的,可以總在標(biāo)〃合應(yīng)各室.

Inpaacutar.f(xPIp*ooess(xsandrecpencsregisteredintheMainlandpan~theGuangdong-HongKcng-l/acaoGreaterBayAfeaHongKongSAR.forcfoss-txxdefitowofpersonaldatabet?veentheMainlandpanoftheGuanpdong-

HengKorgMacaoG02rBayAreaandtheHongKongSARWaldoesnotooncainimportantdcKd.theopmonof611ngdstandardcontractisavartaWs

國(guó)際數(shù)據(jù)跨境規(guī)則系列10/55

Seriesor；InternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

(三)路徑豁免(或有)

(III)PathExemptions(ifany)

與此同時(shí)，為進(jìn)一步降低企業(yè)在數(shù)據(jù)跨境傳輸方面的合規(guī)成本，國(guó)家互聯(lián)網(wǎng)信息辦公室

在2023年9月28日出臺(tái)了《規(guī)范和促進(jìn)數(shù)據(jù)跨境流動(dòng)規(guī)定(征求意見稿)》(下稱“《征

求意見稿》”)，意圖為數(shù)據(jù)要素跨境流通“減負(fù)”。該《征求意見稿》主要明確了以下兩

占.

Meanwhile,inordertofurtherreducethecompliancecostofenterprisesincross-borderdata

transfer,theCyberspaceAdministrationofChinaissuedthe"ProvisionsonRegulatingand

PromotingCross-borderFlowofData(ExposureDraft)"(the"ExposureDraft^^)on28September

2023,withtheintentionofreducingtheburdenofcross-borderflowofdataelements.The

ExposureDraftclarifiesthefollowingtwomainpoints:

1.【新增豁免情形】符合以下情形之一的，不需要申報(bào)數(shù)據(jù)出境安全評(píng)估、訂立個(gè)人

信息出境標(biāo)準(zhǔn)合同、通過個(gè)人信息保護(hù)認(rèn)證：

LExemptions]Underanyofthefollowingcircumstances,itisnotrequiredtoapplyfor

securityassessmentforoutbounddatatransfers,theSCFiling,andPIPC：

?國(guó)際貿(mào)易、學(xué)術(shù)合作、跨國(guó)生產(chǎn)制造和市場(chǎng)營(yíng)銷等活動(dòng)中產(chǎn)生的數(shù)據(jù)出境，不包含

個(gè)人信息或者重要數(shù)據(jù)的；

wheredataoutboundtransferarisingfrominternationaltrade,academiccooperation,cross-

borderproductionandmanufacturing,marketingactivities,andothers,excludingthetransfer

ofpersonalinformationorimportantdata;

■不是在境內(nèi)收集產(chǎn)生的個(gè)人信息向境外提供：

providingpersonalinformationnotcollectedinChinatolocationsoutsideChina;

?為訂立、履行個(gè)人作為一方當(dāng)事人的合同所必需，如跨境購(gòu)物、跨境匯款、機(jī)票酒

店預(yù)訂、簽證辦理等，必須向境外提供個(gè)人信息的；

wherethepersonalinformationmustbeprovidedabroad,asitisnecessaryfortheconclusion

andperformanceofacontracttowhichtheindividualisaparty,suchascross-border

shopping,cross-borderremittance,airticketsandhotelbooking,visaprocessing,etc.

■按照依法制定的勞動(dòng)規(guī)章制度和依法簽訂的集體合同實(shí)施人力資源管理，必須向境

外提供內(nèi)部員工個(gè)人信息的；

forhumanresourcesmanagementinaccordancewiththelaborregulationsandrules

formulatedinaccordancewiththelawandcollectivecontractsconcludedinaccordancewith

thelaw,itisnecessarytoprovideabroadthepersonalinformationofinternalemployees;

國(guó)際數(shù)據(jù)跨境規(guī)則系列11/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

'緊急情況下為保護(hù)自然人然生命健康和財(cái)產(chǎn)安全等，必須向境外提供個(gè)人信息的;-

wherepersonalinformationhastobeprovidedoverseastoprotectthelife,health,and

propertysafetyofnaturalpersonsinanemergency;and

?預(yù)計(jì)一年內(nèi)向境外提供不滿1萬人個(gè)人信息的。

wherethePIPisexpectedtoprovidepersonalinformationoflessthan10,000individualsto

locationsoutsideChinawithinoneyear.

2.【鼓勵(lì)創(chuàng)新試點(diǎn)】自由留易試驗(yàn)區(qū)可自行制定本自制區(qū)需要納入數(shù)據(jù)出境安全評(píng)估、

個(gè)人信息出境標(biāo)準(zhǔn)合同、個(gè)人信息保護(hù)認(rèn)證管理范圍的數(shù)據(jù)清單(以下簡(jiǎn)稱負(fù)面清

單)，負(fù)面清單外數(shù)據(jù)出境，可以不申報(bào)數(shù)據(jù)出境安全評(píng)估、訂立個(gè)人信息出境標(biāo)準(zhǔn)

合同、通過個(gè)人信息保護(hù)認(rèn)證。

【EncouragingInncvativePilots】Pilotfreetradezonesmay,ontheirown,formulatelists

ofdatathatneedtobeincludedinthescopeofadministrationofsecurityassessmentforthe

datatobeprovidedabroad,standardcontractsforoutboundprovisionofpersonalinformation,

andcertificationforpersonalinformationprotection(the"NegativeList"),anddataoutbound

transferactivitiesoutsidetheNegativeListmaybecarriedoutwithoutapplyingforsecurity

assessmentforoutbounddatatransfers,theSCFiling,andPIPC.

目前該《征求意見稿》尚未正式出臺(tái)，但已明確釋放出促進(jìn)數(shù)據(jù)跨境自由流動(dòng)的強(qiáng)烈信

號(hào)。相信數(shù)據(jù)跨境有序合規(guī)自由流通的機(jī)制將很快建立起來。

TheExposureDrafthasnotyetbeenformallyissued,butithasclearlyreleasedastrongsignalto

pmmotcthefreeflowofdataoutboundtransfers.Itisbelievedthatamechanismfortheorderly

andcompliantfreeflowofdataacrossborderswillsoonbeestablished.

國(guó)際數(shù)據(jù)跨境規(guī)則系列

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

-數(shù)據(jù)出境實(shí)務(wù)30問答(30Q&As)—

二、中國(guó)數(shù)據(jù)出境實(shí)務(wù)問答

II、Q&AonChinesePracticesofOutboundDataTransfers

(一)數(shù)據(jù)出境安全評(píng)估10問

(I)10QuestionsonSecurityAssessmentforOutboundDataTransfers

QI：什么情形必須啟動(dòng)數(shù)據(jù)出境安全評(píng)估？

Underwhatcircumstancesmustsecurityassessmentforoutbounddata

transfersbeconducted?

Al:具備以下情形之一時(shí)，必須啟動(dòng)數(shù)據(jù)出境安全評(píng)估：

AscuuiilyasscsMiiciilluioutbounddataUansfcismustbeuoiiduclcdwhenuncof

thefollowingcircumstancesarises:

(1)數(shù)據(jù)處理者向境外提供重要數(shù)據(jù)；

whereadataprocessorprovidesimportantdataabroad;

⑵關(guān)鍵信息基礎(chǔ)設(shè)施運(yùn)營(yíng)者和處理100萬人以上個(gè)人信息的數(shù)據(jù)處理者向

境外提供個(gè)人信息；

whereakeyinformationinfrastructureoperatororaPIPofthedataofmore

thanonemillionpeopleprovidesabroadpersonalinformation;

⑶自上年1月1日起累計(jì)向境外提供10萬人個(gè)人信息或者1萬人敏感個(gè)

人信息的數(shù)據(jù)處理者向境外提供個(gè)人信息；或者

whereaPIPhasprovidedabroadpersonalinformationof100,000peopleor

sensitivepersonalinformationof10,000peopleintotalsinceJanuary1ofthe

previousyear;or

(4)國(guó)家網(wǎng)信部門規(guī)定的其他需要申報(bào)數(shù)據(jù)出境安全評(píng)估的情形。?

*《數(shù)據(jù)出境安全評(píng)估辦法》（國(guó)家互聯(lián)網(wǎng)信息辦公室，國(guó)家互聯(lián)網(wǎng)信息辦公室令第11號(hào),

國(guó)際數(shù)據(jù)跨境規(guī)則系列K

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

OthercircumstancesprescribedbytheCyberspaceAdministrationotChinator

whichdeclarationforsecurityassessmentforoutbounddatatransfersis

required.

特別地，該境外包含香港特別行政區(qū)、澳門特別行政區(qū)以及臺(tái)灣地區(qū)。

Inparticular,thisterritoryincludestheHongKongSpecialAdministrativeRegion,

theMacaoSpecialAdministrativeRegion,andTaiwan.

Q2:數(shù)據(jù)出境行為具體包含哪些？

Whatconstitutesanactofoutbounddatatransfer?

A2:數(shù)據(jù)出境行為包括向境外提供或允許境外訪問境內(nèi)數(shù)據(jù)，具體包括以下三

種情形：

Actsofdataoutboundtransfersincludeprovidingorallowingaccesstodatawithin

theterritoryfromoutsidetheterritory,specificallyincludingthefollowingthree

situations:

(1)數(shù)據(jù)處理者將在境內(nèi)運(yùn)營(yíng)中收集和產(chǎn)生的數(shù)據(jù)傳輸、存儲(chǔ)至境外；

Thedataprocessortransfersandstoresthedatacollectedandgeneratedinits

operationswithintheterritoryabroad;

⑵數(shù)據(jù)處理者收集和產(chǎn)生的數(shù)據(jù)存儲(chǔ)在境內(nèi)，境外的機(jī)構(gòu)、組織或者個(gè)

人可以查詢、調(diào)取、下載、導(dǎo)出；

Datacollectedandgeneratedbydataprocessorsarestoredintheterritoryand

canbequeried,accessed,downloaded,orexportedbyinstitutions,

organizations,orindividualsabroad;

⑶國(guó)家網(wǎng)信辦規(guī)定的其他數(shù)據(jù)出境行為。2

2022.07.07發(fā)布,2022.09.01實(shí)施)第4條規(guī)定。

Article4.MeasuresfortheSecurityAssessmentofOutboundDataTransfer(CyberspaceAdministration

ofChina.OrderNo.l1oftheCyberspaceAdministrationofChina,issuedon7July2022.effectivefrom

1September2022)

2《數(shù)據(jù)出境安全評(píng)估申報(bào)指南(第一版)》(國(guó)家互聯(lián)網(wǎng)信息辦公室，2022.08.31發(fā)布，

2022.08.31實(shí)施)“一、適用范圍”規(guī)定。

“1.ScopeofApplication'*ofGuidelinesfbrtheApplicationfbrSecurityAssessmentfbrOutboundData

Transfers(FirstEdition)(CyberspaceAdminislrationofChina,issuedon31August2022,effective

from31August2022)

國(guó)際數(shù)據(jù)跨境規(guī)則系列14/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

OtheractsotoutbounddatatransfersstipulatedbytheCyberspace

AdministrationofChina.

?實(shí)操演練1

PracticalExercise1

Q：跨境電商平臺(tái)有許多商家，如何申報(bào)數(shù)據(jù)出境安全評(píng)估？跨境電商場(chǎng)景下平

臺(tái)方與品牌方，誰來發(fā)起安全評(píng)估？

Q:Cross-bordere-commerceplatformshavemanymerchants,howtodeclare

securityassessmentforoutbounddatatransfers?Inthecontextofcross-bordere-

commcrccbetweentheplatformsandthebrands,whowillconductthesecurity

assessment?

A：需要區(qū)分場(chǎng)景。根據(jù)數(shù)據(jù)實(shí)際由平臺(tái)還是品牌方傳輸出境，品牌方自行傳輸

出境的場(chǎng)景卜，品牌方申報(bào)；平臺(tái)傳輸出境的場(chǎng)景卜，平臺(tái)統(tǒng)一申報(bào)。

A:Thereisaneedtodistinguishthescenarios.Itisbasedonwhetherthedataareactually

transmittedbytheplatformsorthebrands,ifthebrandstransmitthedataoutsidethe

territoryofthePeople'sRepublicofChinathemselves,:hcbrandsshouldmakethe

declaration.IftheplatformstransmitthedataoutsidetheterritoryofthePeople's

RepublicofChina,theplatformshouldmakeaconsolidateddeclaration.

?實(shí)操演練1延伸

VariationofPracticalExercise1

境內(nèi)A公司員工在境外出差，將A公司業(yè)務(wù)經(jīng)營(yíng)中史理的重要數(shù)據(jù)通過硬盤方

式提供給境外B公司。

AnemployeeofCompanyAwithintheterritoryisonbusinesstripoutsidetheterritory

andprovidesimportantdataprocessedbyCompanyAinbusinessoperationtoCompany

Babroadviaaharddrive.

Q：該A公司是否應(yīng)當(dāng)啟動(dòng)數(shù)據(jù)出境安全評(píng)估？

Q:ShouldCompanyAconductasecurityassessmentforoutbounddatatransfers?

A：通過硬盤傳輸亦屬于數(shù)據(jù)出境，應(yīng)當(dāng)事前通過所在地省級(jí)網(wǎng)信部門向國(guó)家網(wǎng)

信部門申報(bào)數(shù)據(jù)出境安全評(píng)估。

A:Transferringdataviaaharddrivealsoconstitutesoutbounddatatransfers,so

CompanyAshoulddeclareasecurityassessmentforoutbounddatatransferstothe

nationalcyberspaceadministrationdepartmentviatheprovincial-levelcyberspace

administrationdepartmentinadvance.

國(guó)際數(shù)據(jù)跨境規(guī)則系列15/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

Q3:如何識(shí)別“重要數(shù)據(jù)”？

Howtoidentify*'importantdata**?

A3:重要數(shù)據(jù)，是指一旦遭到篡改、破壞、泄露或者非法獲取、非法利用等，

可能危害國(guó)家安全、經(jīng)濟(jì)運(yùn)行、社會(huì)穩(wěn)定、公共健康和安全等的數(shù)據(jù)。3

Importantdatareferstodatathatmayjeopardizenationalsecurity,economic

operation,socialstability,publichealth,safety,etc.,ifitistamperedwith,damaged,

leaked,illegallyaccessed,orillegallyutilized,etc.

在重要數(shù)據(jù)識(shí)別時(shí)，應(yīng)當(dāng)優(yōu)先參考所屬行業(yè)、領(lǐng)域、地區(qū)數(shù)據(jù)安全管理相

關(guān)規(guī)定(例如汽車數(shù)據(jù)對(duì)應(yīng)的《汽車數(shù)據(jù)安全管理若干規(guī)定(試行)》(下

稱“《汽車數(shù)據(jù)規(guī)定》”)，其次可參考《網(wǎng)絡(luò)數(shù)據(jù)安全管理?xiàng)l例(征求意見

稿)》中相關(guān)定義：

Whenidentifyingimportantdata,priorityshouldbegiventotakingreferencefrom

relevantregulationsondatasecuritymanagementoftheindustry,field,andregion

towhichitbelongs(e.g.,automobiledatacorrespondstothe"SeveralProvisions

onAutomotiveDataSecurityManagement(forTrialImplementation)",

"ProvisionsonAutomobileData"),andtoalesserextent,totherelevantdefinitions

inthe"RegulationsfortheAdministrationofNetworkDataSecurity(Exposure

Draft)

(1)未公開的政務(wù)數(shù)據(jù)、工作秘密、情報(bào)數(shù)據(jù)和執(zhí)法司法數(shù)據(jù)；

Unpublishedgovernmentdata,workingsecrets,intelligencedata,andlaw

enforcementandjudicialdata;

⑵重點(diǎn)行業(yè)和領(lǐng)域安全生產(chǎn)、運(yùn)行的數(shù)據(jù)、關(guān)鍵系統(tǒng)組件、設(shè)備供應(yīng)鏈

數(shù)據(jù)；

Dataonsafeproductionandoperationofkeyindustriesandfields,keysystem

components,andequipmentsupplychaindata;

3《數(shù)據(jù)出境安全評(píng)估辦法》(國(guó)家互聯(lián)網(wǎng)信息辦公室，國(guó)家互聯(lián)網(wǎng)信息辦公室令第II號(hào),

2022.07.07發(fā)布，2022.09.01實(shí)施)第【9條規(guī)定。

Article19,MeasuresfortheSecurityAssessmentofOutboundDataTransfers(OrderNo.11ofthe

CyberspaceAdministrationofChina,issuedon7July2022,effectivefrom1September2022)

國(guó)際數(shù)據(jù)跨境規(guī)則系列16/55

SeriesonInternationalDataCross-BorderRulesRules

中國(guó)數(shù)據(jù)出境實(shí)務(wù)實(shí)操白皮書

WhitePaperonChinaOutboundDataTransfersPractice

(3)達(dá)到國(guó)家有關(guān)部門規(guī)定規(guī)模或者精度的基因、地理、礦產(chǎn)、氣象等國(guó)

家基礎(chǔ)數(shù)據(jù)；

Nationalbasicdatasuchasgenetics,geography,minerals,meteorology,etc.

thathavereachedt