【作者】 王慧；

【导师】 曾令健；

【作者基本信息】 西南政法大学 ， 法律（法学）， 2023， 硕士

【摘要】 数据分类分级保护制度事关国家安全和发展大局,目前我国主要将数据分类为个人信息和重要数据,分级为核心数据、重要数据和一般数据。在数据分类方面,当前分类规范主要基于总体国家安全观,根据不同保护重点,对个人信息和重要数据进行划分,存在分类价值单一、基本概念模糊不清等问题;在数据分级方面,则存在核心数据识别认定不明、重要数据分级规则不清,一般数据定级要素混乱等问题。本文对我国数据分类分级保护制度立法和治理现状进行梳理,分析欧盟、东盟和美国数据分类分级保护制度经验,对我国分类分级保护制度进行研究。除引言和结语外,本文从以下四个部分展开:第一部分,阐述数据分类分级保护制度的概念界定与重要意义,为下文的立法分析奠定基础。数据分类是根据数据相同属性或者特征将数据进行划分和归类,数据分级是根据一定的标准将数据划分成不同的等级,并据此构建起相应的保护体系。数据分类分级具有保障数据安全,促进数字经济发展的重要意义。第二部分,通过梳理我国数据分类分级保护制度的立法现状和治理现状,进而厘清数据分类分级保护制度存在的立法不足。就数据分类规范而言,主要存在分类价值单一和重要数据概念含糊不清等问题,就数据分级规范而言,存在核心数据的内涵、认定主体、认定规则不明确,重要数据是否要分级、分为几级,一般数据的定级因素和等级划分模糊不清等问题。第三部分,以欧盟、美国和东盟为代表,梳理域外数据分类分级保护制度的经验,为下文的立法完善建议提供思路。欧盟的数据分类和数据分级逻辑,美国对受控非机密信息的管理与保护,以及东盟的《数据管理框架》对我国数据分类分级保护制度的构建具有重要的参考价值。数据分类分级清单并非数据安全治理的终点,在建立数据分类分级保护制度后,需要为不同等级的数据提供相应的管控措施,才能促使数据分类分级保护制度发挥实效。第四部分,针对我国数据分类分级制度的立法缺陷,提出立法完善措施。对于数据分类价值单一的问题,可以从资源利用角度开展分类,对于重要数据内涵不明确的问题,通过内涵优化和外延细化进行厘清;对于核心数据认定不清的问题,可以参照国家秘密的界定,通过明确核心数据的认定主体,细化核心数据目录认定,设置严格的认定程序,强化认定结果监督等方面来构建核心数据认定规则;对于重要数据识别和界定模糊的问题,可以通过明确重要数据识别的影响因素,加大标准化建设、设置专门的数据保护机构等方式,完善重要数据的识别认定;对于一般数据标准之间存在差异化的情形,本文认为,各标准中的定级因素其内涵具有同一性,可以统一,并在统一上述定级因素的前提下建设性地提出了一般数据的分级标准。更多还原

【Abstract】 The data classification and grading protection system concerns national security and the development of the overall situation,and at present,China mainly classifies data into personal information and important data,and grading into core data,important data and general data.In terms of data classification,the current classification norms are mainly based on the overall national security concept,and personal information and important data are divided according to different protection priorities,with problems such as single classification value and ambiguity of basic concepts;in terms of data classification,there are problems such as unclear identification of core data,unclear rules of important data classification,and confusion of general data grading elements.This paper compares the current status of legislation and governance of China’s data classification and grading protection system,analyzes the experience of data classification and grading protection system in EU,ASEAN and the United States,and conducts a study on China’s classification and grading protection system.Except for the introduction and concluding remarks,this paper proceeds from the following four parts:In the first part,the concept definition and importance of data classification and classification protection system are elaborated to lay the foundation for the legislative analysis below.Data classification is to divide and categorize data according to the same attributes or characteristics of data,and data classification is to divide data into different levels according to certain criteria,and build up a corresponding protection system accordingly.Data classification and grading is of great significance to ensure data security and promote the development of digital economy.In the second part,the legislative status and governance of China’s data classification and grading protection system are reviewed to clarify the legislative shortcomings of the data classification and grading protection system.In terms of data classification regulation,there are mainly problems such as single classification value and ambiguous concept of important data,and in terms of data classification regulation,there are problems such as unclear connotation of core data,recognition subjects and recognition rules,whether important data should be graded and divided into several levels,and ambiguity of grading factors and grade classification of general data.In the third part,the EU,the US and ASEAN are taken as representatives to sort out the experience of the extraterritorial data classification and grading protection system and provide ideas for the following legislative improvement proposals.The data classification and data hierarchy logic of the EU,the management and protection of controlled unclassified information in the US,and the Data Management Framework of ASEAN have important reference values for the construction of the data classification and hierarchy protection system in China.The list of data classification and grading is not the end of data security governance;after establishing the data classification and grading protection system,corresponding control measures need to be provided for different levels of data in order to make the data classification and grading protection system effective.In the fourth part,the legislative defects of China’s data classification and grading system are addressed,and legislative improvement measures are proposed.For the problem of single value of data classification,the classification can be carried out from the perspective of resource utilization;for the problem of unclear connotation of important data,it can be clarified through connotation optimization and extension refinement;for the problem of unclear identification of core data,it can refer to the definition of state secrets,and construct the rules of core data identification by clarifying the subject of core data identification,refining the identification of core data catalog,setting strict identification procedures,and strengthening the supervision of identification results.For the problem of ambiguous identification and definition of important data,the identification of important data can be improved by clarifying the factors influencing the identification of important data,increasing the construction of standardization,and setting up special data protection institutions,etc.For the situation of differentiation among general data standards,this paper believes that the connotation of the grading factors in each standard is the same and can be unified.The paper also constructively proposes the grading standard of general data on the premise of unifying the above grading factors.更多还原