The world's first data cross -border and evidence collection bilateral international agreement landing, the British and American "Data Interview Agreement" promoted the "Cloud Act" system formed

Southern Finance All Media Reporter Wu Liyang Intern Ye Ziling Beijing reported

With the rapid development of the digital economy worldwide, the frequency and scale of data flowing between countries and regions have also increased significantly, but on the other hand, with the acceleration of countries accelerating the establishment of related governance frameworks, the differences in the data governance system between countries Judicial barriers have also greatly increased the cost and difficulty of cross -border data governance.

Recently, the U.S. Department of Justice and the British Ministry of the Interior announced in a joint press release that the two countries have signed the "Data Access Agreement" (hereinafter referred to as the "Agreement"), which will allow law enforcement agencies of the two countries to ask each other to ask each other to obtain the other party. User Internet data.

The person in charge of the relevant agencies of the two parties stated that the agreement will strengthen the ability to hunting dangerous criminals on the basis of "maintaining strong supervision and protection of our citizens enjoying" and solving crimes such as organizational crimes and national security threats.

Relevant experts said in an interview with reporters that, as the world's first bilateral international agreement specifically for data cross -border evidence collection, the "Agreement" provides a type of reference model for the establishment of data flowing multilateral or bilateral rules between the country, but it also gives it to it, but it also gives it given to it. The law enforcement agency bypassing the current legislation and the court's referee activities, directly obtaining the power of personal information held by investigating enterprises, and the risks of potential infringement users in other countries' data privacy rights need to be vigilant.

American "Cloud Act" system

The formulation of the "Data Access Agreement" comes from the "Cloud Act" passed in March 2018 in the United States Congress. The bill authorizes the United States and cooperation with other countries to sign a bilateral administrative agreement to relieve each other to obtain electronic data for criminal investigation. Essence

The "Cloud Act" stipulates that the administrative department has the right to sign a bilateral agreement with foreign countries. On the basis of adopting sufficient measures to ensure the security of citizen data, the procuratorial organs have given the procuratorial organs to obtain the required multinational data in a simple way.

The "Data Interview Agreement", which was formulated in October 2019, was formulated in October 2019, and it was the first formal implementation of the bilateral agreement under the "Cloud Act" system that was officially landed. The U.S. Department of Justice stated that the agreement will allow law enforcement agencies in the United States and Britain to bypass possible legal obstacles and directly obtain electronic data about serious crimes from science and technology companies located in the other country, including terrorism , Children's sexual abuse and cyber crime.

The formulation of the agreement is indeed its realistic basis. Zhao Jingwu, assistant professor at the School of Law School of Beijing University of Aeronautics and Astronautics, pointed out in an interview with a reporter from Southern Finance and Economics that after the Brexit of the United Kingdom, the data cross -border transmission model between Britain and the United States will no longer follow the EU along the EU The GDPR system, and in the current social data cross -border governance, there is a general problem of "data collection of data collection" in cross -border law enforcement activities. Difficulties of data transfer data.

As one of the main causes of the "Cloud Act", the lawsuits between the US law enforcement and Microsoft have been tapped for several years. It was issued in the United States "Storage and Communication Act" in 1986. The bill stipulates that the United States searches allows the United States to make data that has no right to read and access to overseas.

However, Wu Shen Kuo, Assistant to the Dean of the Internet Research Institute of Beijing Normal University and deputy director of the Research Center of the China Internet Association, pointed out that before the "Cloud Act" was officially introduced, the United States was actually retrieved data to overseas according to the current law, and " The Cloud Act is equivalent to giving the contracting countries to retrieve the power stored in US data.

The core purpose of building the "Cloud Act" system is to output its own data governance rules, and then serve the US industry and national interests. Wu Shenjuo said that the concession made by the United States is to allow foreign governments to retrieve data from companies in the United States under the United States. In the end Value -based data circulation and utilization rules system.

"In the final analysis, it is still a kind of externalization of international geopolitics and the specific implementation of the field of data governance." Wu Shenkuo said.

In addition to Britain, the United States is also constantly incorporated its digital economy in the "Cloud Act" system. In December last year, the United States and Australia also put a similar Cloud Act agreement on the agenda. The agreement is still being reviewed by the US Congress and the Australian Parliament. It is reported that the United States is still negotiating similar agreements with Canada and the European Union.

Xixue Xixue, deputy director of the China University of Political Science and Law, pointed out that the current international data governance rules are still fragmented. Due to the different considerations of each country, there are no consensus on many principles. The international rules system has not entered the phase of essential application.

"The implementation and effectiveness of the agreement promoted the trend of the rules of data international governance, but it will inevitably trigger the attention and vigilance of relevant institutions and enterprises in other countries and enterprises to obtain international cooperation in cross -border data, and began to evaluate this category International rules on the positive or negative impact of international business, "said Shang Xixue.

The risk of infringing privacy

However, with the official level of green lights in the series of bills, the people have a small word for the bill. Non -profit international legal organization Electronic Frontier Foundation (EFF) issued a statement as early as 2018 that the "Cloud Act" allows U.S. police to force Google and other service providers The country's privacy law also believes that the bill will make the current legal procedure of the Supreme Court of the United States lose meaning. Zhao Jingwu said that this suspicion is unreasonable, because according to the content of the "Data Access Agreement", law enforcement agencies can completely bypass the current legislation and court judgment activities to directly obtain personal information held by investigations. The relevant provisions may be overhead. More importantly, the data type allowed by the agreement also includes communication information.

In order to reflect the emphasis on privacy and personal information protection, the "Agreement" is particularly in Article 3 "the effectiveness of domestic law and agreement", Article 4 "purpose restrictions", and Article 7 "the principle of minimizing purpose", ninth ninth In terms of "Privacy and Data Protection", the provisions of the information protection obligations of relevant law enforcement departments, such as cases that involve cases that may cause major harm to other citizens or national security, such as terrorism, major violence crimes, trafficking children, etc. No information on the other party's citizen can be provided, and those who have undergone systemic training can view relevant information.

Shang Xixue pointed out that, in view of the domestic personal information protection legislation, it is generally aimed at data controller in the social and economic field, not state organs, and there are exceptions to the use of personal information. The implementation of personal information protection depends on the restrictions of national authorities to retrieve personal information.

From the content of the "Agreement", after obtaining the "appropriate authorization" of the court, the law enforcement department can ask companies to master user data directly to provide customer -related personal data. "This will inevitably cause the public to violate privacy and data security security and data security. Doubt. "

Zhao Jingwu also said that the "Agreement" requires cross -border transmission without affecting any other legal basis or other important interests in domestic law, and the important public interests of the British parties and proper pursuit of legitimate interests will be properly pursued As a specific content of "other important interests". However, the issuance of this data retrieved command allows the designated agencies to negotiate with each other, and there are still quite a few vague expressions in data cross -border transmission.

It is worth noting that at the time after the "Cloud Act" was officially passed, Apple, Google, Microsoft, and Meta, which had a small word for government data, signed a support for the "Cloud Act The joint letter, "The bill will give consumer protection necessity."

Zhao Jingwu believes that after the "Agreement" was officially implemented, cross -border data flow between enterprises needs to consider the obligation of data submission of the agreement, and it is necessary to re -evaluate and adjust the scope and type of data cross -border flow.

"The agreement currently only stipulates that the two countries must not share each other's data with the third party, and whether the data stored in the third -party countries in the two countries is also unclear within the scope of allowing the law enforcement authority to be retrieved by the" Agreement ", which may constitute a pair of pairs. The threat of third -party national data security. "Its further analysis stated that the global legislative system of data cross -border flow shows the fragmented development trend of bilateral or multilateral protocols, or it will be further strengthened.

Cross -border data collection needs to respect data sovereignty

Although there are many problems such as privacy, many interviewed experts also pointed out that there are indeed many practical problems in the current cross -border data collection of law enforcement agencies and even cross -border data governance.

Due to the rapid development of Internet technology, criminal crimes involving all types of finance, data and other fields are often carried out in the form of cross -border remote operations. This has increased the difficulty of investigation and evidence collection of law enforcement agencies. It is difficult to implement specific criminals.

Shang Xixue pointed out that traditional international criminal judicial assistance procedures and their real work are relatively inefficient, and there is a risk of diplomatic risk to remote evidence from other countries to unilaterally. Therefore, today's digitalization, bilateral or multilateral data collection agreement is an efficient international criminal judicial assistance for some countries.

In addition, the conclusion of related agreements may also be considered by countries for their own interests. Wu Shenjuo pointed out that although the United Kingdom has relatively complete and strict personal data protection regulations, from the perspective of the United States and Britain's Political Alliance and the joint creation of data circles, Britain has also signed a strategic demand for signing related agreements with the United States in terms of enhancement of its own data retraction capabilities. Essence

"As mentioned earlier, the United States had been retrieved data and stored foreign data before the" Cloud Act "was introduced. The abolition of the death penalty, the two sides also specifically agreed not to use the data retrieved based on the agreement to investigate the death penalty case. This can actually be seen as the concession of the United States, which is also the result of the game compromise between the two sides. "Wu Shenjuo analyzed.

In terms of promoting international criminal judicial cooperation and improving relevant laws and regulations such as cross -border data collection, my country has also conducted active exploration in recent years.

In October 2018, the sixth meeting of the 13th National Committee of the National Adults voted and approved the "International Criminal Judicial Assistance Law", which was implemented from the date of announcement.

Article 4) of the International Criminal Judicial Assistance Law clearly stipulates that the People's Republic of China and foreign countries carry out international criminal judicial assistance in accordance with the principle of equality and reciprocity. International criminal judicial assistance shall not harm the sovereignty, security and public interests of the People's Republic of China, and shall not violate the basic principles of the law of the People's Republic of China. Without the consent of the competent authority of the People's Republic of China, foreign institutions, organizations and individuals shall not conduct criminal proceedings stipulated in this Law within the territory of the People's Republic of China. Assistance. In July 2021, the General Office of the Central Committee of the Communist Party of China and the General Office of the State Council issued the "Opinions on Stringing Securities Illegal Activities in accordance with the law", proposing "strengthen cross -border supervision and cooperation. Improve data security, cross -border data flow, confidential information management and other related related related Laws and regulations ... Explore the effective paths and methods of strengthening international securities law enforcement cooperation, actively participate in international financial governance, and promote the establishment of law enforcement alliances that combat cross -border securities illegal crimes.

Shang Xixue pointed out that the data of the data alone has the competition and control of the basic resources of data in the country. In the field of data collection and case investigation, the interest relationship between the country is becoming more complicated. For our country, in international criminal judicial assistance, we must always adhere to the principle of data sovereignty. Under the premise of data security guarantee, cooperation based on its own actual demand to screen for national or regions, steadily promote the international cooperation of cross -border data collection and evidence collection, and gradually gradually gradually promote the obtaining evidence collection of cross -border data. Realize the digital transformation of the traditional cross -border evidence collection system.

Wu Shenfang pointed out that in the background of the increasingly hot era of data games, we need to build our own complete data rules system, and at the same time, through effective international cooperation and international games to achieve the output of rules, and in this process, to achieve higher levels of higher levels The coordination of rules, through bilateral and multilateral consultations, form effective data sovereignty rules.

"The most important thing is to form your own law enforcement alliance, build an effective, powerful, and tangible data circulation and utilization rules, ultimately serve industrial development, serve my country's national strategy, and maximize the balance and coordination of cross -border strategic interests." Wu Shen Kuo said.

- END -