在个人数据跨境传输治理探索中，欧盟逐渐形成了以《通用数据保护条例》为代表，以保护公民基本权利、对内打破数据流动壁垒、对外强调数据主权为价值取向，以“充分性认定”及“白名单”制度、长臂管辖制度、国际合作为主要特点的个人数据跨境传输制度，产生了广泛的国际影响。我国也建立了以维护国家安全为首要指导原则，以“数据本土化”为基础的个人数据跨境传输机制。为进一步融入数字全球化，借鉴欧盟有关经验，我国可通过适当增强个人数据跨境传输自由度，构建个人数据跨境传输国家的分类、梯度式管理机制，与欧盟建立“部分”充分性认定协议，以及拓展国际合作空间等措施，进一步完善个人数据跨境传输制度体系。

In the exploration of governance of cross-border transfers of personal data, the EU has gradually formed a system for the cross-border transfer of personal data, represented by the GDPR, with the values of protecting the fundamental rights of citizens, breaking down barriers to data flow internally and emphasising data sovereignty externally, and with the main features of the "adequacy determination" and "white list" system, the long-arm jurisdiction system and international cooperation, which has had a widely international impact. China has established a mechanisms for the cross-border transfer of personal data based on "data localisation", with national security as the primary guiding principle. To further integrate into digital globalisation, and drawing on the EU experience, the system of cross-border transfer of personal data in China can be further improved by appropriately enhancing the freedom of cross-border transfer of personal data, establishing a classification and gradient management mechanism for countries that transfer personal data across borders, establishing a "partial" adequacy agreement with the EU, and expanding the scope of international cooperation.

D97

科技创新2030—“新一代人工智能”重大项目“重点领域人工智能伦理风险及对策研究”（2020AAA0105301）；中国科学技术信息研究所创新研究基金面上项目“人工智能数据安全风险及治理研究”（MS2023-10）