动态报道 | 美国向WTO提交针对中国《网络安全法》相关措施的申辩文件
美国向WTO提交针对中国《网络安全法》相关措施的申辩文件
2017年9月25日,美国正式向WTO贸易服务委员会提交针对中国已经采用和正在发展中的《网络安全法》相关措施的申辩文件,指出如果中国《网络安全法》得以完全实施,将对以商业存在形式提供和以跨境为基础的贸易服务效果产生严重负面影响,日常商务运行中的跨境信息传输将会受到阻碍、甚至完全遭到禁止。
美方关注的相关措施包括《网络安全法》、《国家安全法》及其相关的《个人信息和重要数据跨境安全评估》和国家标准《信息安全技术数据出境安全评估指南》(草案)。
美方认为,中国强制要求“关键信息基础设施”(其在《网络安全法》中的定义非常广泛而模糊)的数据本地化存储,而跨境信息传输需经中国主管部门审查,这不可避免地阻碍跨境信息流动和破坏正常的商务运行。
由于外企必须经常将其数据回传总部及其他国家的分支机构,这些措施将对位于中国境外并向中国境内提供跨境服务的企业业务产生严重不利影响,因为这些企业非常依赖能访问中国客户的用户数据。
美方已向中方高层直接表达了这一担心,并且希望就潜在的贸易损害引起其他WTO成员的注意。美方请求中方在这些担心被澄清之前,暂缓发布和实施最终措施。
COMMUNICATION FROM THE UNITED STATES
MEASURES ADOPTED AND UNDER DEVELOPMENT BY CHINA
RELATING TO ITS CYBERSECURITY LAW
The following communication, dated 25 September 2017, from the delegation of the United States is being circulated to the Members of the Council for Trade in Services.
▌ 1. The United States requested the inclusion of this topic on the agenda for the Council for Trade in Services in order to express its concerns with certain measures China has adopted, and related implementing measures under development, that could significantly impair cross-border transfers of information.
This is one key aspect of U.S. concerns regarding China’s Cybersecurity Law and related measures. If these measures enter into full force in their current form, they could have a significant adverse effect on trade in services, including services supplied through a commercial presence and on a cross-border basis. We are bringing this matter before this Council because the potential effects extend across all service sectors and have bearing on the rights of other Members.
▌ 2. The measures of concern include:
The Cybersecurity Law, adopted in November 2016 and taking effect June 2017; and various implementing measures connected with the Cybersecurity Law and China’s National Security Law (adopted in July 2015), including the "Measures on the Security Assessment of Cross-Border Transfer of Personal Information and Important Data" and the "Draft National Standard – Information Security Technology – Guidelines for Data Cross-border Transfer Security Assessment."
▌ 3. China’s measures would disrupt, deter, and in many cases, prohibit cross-border transfers of information that are routine in the ordinary course of business. More specifically:
✦ a. The measures would apply to "network operators," which could encompass any foreign service supplier that has a website or uses the Internet to communicate with customers, suppliers, or affiliates. Such a broad definition means that the measures could have a negative impact on a wide range forei 45 33917 45 15262 0 0 1885 0 0:00:17 0:00:08 0:00:09 3504gn companies.
✦ b. The measures, which pertain to "important data" 1 and "personal information," would severely restrict cross-border transfers unless a broad set of burdensome conditions are met. These conditions would restrict even routine transfers of information, fundamental to any modern business. They include: (a) that the network operator (or in certain cases, a governmental authority) has performed a "security assessment;"(b) that the purpose of the transfer meets standards of legitimacy, necessity, and justification; and (c) that purported risks, including to national security, social and public interests, and lawful interests of individuals, are mitigated.
As one aspect of our concerns, a need to demonstrate the necessity of transfers is very troubling, since it impinges on commercial choices and longstanding business arrangements supported by robust trade rules, and many common transactions would not appear to meet the criteria set out.
✦ c. With respect to "personal information," in addition to the conditions already described, a "network operator" would appear to be required to obtain consent from each individual before any cross-border transfer can take place. This is an extraordinarily burdensome requirement that could disrupt business operations without contributing to privacy protections. Many less burdensome options exist to achieve privacy objectives, including compliance with international cross-border privacy frameworks, such as the APEC Cross-Border Privacy Rules System endorsed by China; contractual agreements between network operators and third party recipients; and third-party accreditation.
✦ d. In some circumstances, the outcome of the security assessment would result in an outright prohibition on cross-border data transfers. These circumstances are so broadly and vaguely defined – including when transfers would pose a risk to "national security," "economic development," and "social public interests," and when such transfer may be detrimental to public and national interests – that they could cover a nearly unlimited range of transactions.
✦ e. The measures would impose local data storage requirements on operators in "critical information infrastructure sectors," which the Cybersecurity Law defines in broad and vague terms. Cross-border transfers of data by these operators would be subject to review by China’s competent regulatory authorities. Such requirements would inevitably impede cross-border information flows and disrupt normal business operations.
▌ 4. Thus, the measures would impose special scrutiny, particular procedures, or bans on the cross-border transfer of expansive and loosely-defined categories of data. The result would be to discourage cross-border data transfers and to promote domestic processing and storage. The impact of the measures would fall disproportionately on foreign service suppliers operating in China, as these suppliers must routinely transfer data back to headquarters and other affiliates. Companies located outside of China supplying services on a cross-border basis would be severely affected, as they must depend on access to data from their customers in China.
▌ 5. In this regard, we note that China has undertaken market access and national treatment commitments under the General Agreement on Trade in Services for many services that would be affected by these measures. In addition, China’s cross-border commitments apply to a broad range of sectors – from accounting to financial data processing to travel services. None of these cross-border services is feasible without accessing data from China, much of which would appear to fall within the scope of the restricted or banned categories.
▌ 6. The United States has been communicating these concerns directly to high level officials and relevant authorities in China. We are bringing the matter to this forum in order to raise awareness among other Members of the nature of the pending measures and their potential impact on trade. We request that China refrain from issuing or implementing final measures until such concerns are addressed. We will keep the Council informed of any further developments on this matter.
1 Important data is defined as "data closely related to national security, economic development and societal and public interests." The Draft Guidelines provide broad descriptions of data that can fall within this definition and lists 27 sectors, including "Communications" and "Electronics and Information," as well as "Steel" and "Food and Drugs." There is also a 28th "Miscellaneous" category that includes inter alia any sector "closely linked with national security and social public interests." This definition is so broad that it could apply to any and all data.
1 Important data is defined as "data closely related to national security, economic development and societal and public interests." The Draft Guidelines provide broad descriptions of data that can fall within this definition and lists 27 sectors, including "Communications" and "Electronics and Information," as well as "Steel" and "Food and Drugs." There is also a 28th "Miscellaneous" category that includes inter alia any sector "closely linked with national security and social public interests." This definition is so broad that it could apply to any and all data.
文章来源:iPolicyLaw
LCOUNCIL推荐| 案例解析网络运营者在数据跨境转移将面临的“安全评估义务”
LCOUNCIL成立于2010年,秉承“专业分享,价值创造”为平台500多家在华跨国企业及本土大型民营上市企业长期提供专业法律服务:
分别为:反垄断、合规与反腐败、兼并与收购、银行金融、食品药品政府监管、证券与资本市场、反不正当竞争、劳动法、合同法、公司法、争议解决、知识产权、海关与贸易合规、广告合规、消费者权益保护、房地产与建设工程、政府调查与刑事辩护、信息技术与电子商务和法务管理与技能。
分别为:在线直播/视频直播、多功能网站、Synergy Group、Work Shop、High Table Group、闭门会议、良师益友、企业走访、年度高峰论坛、法律咨询、内训定制、平台合作项目、《每月速递》、专题研究报告、社交活动、微信小程序。
如您想了解LCOUNCIL更多资讯、报名参加活动或订阅LCOUNCIL《每月速递》,请点击官方网站链接(http://www.lcouncil.com)或与LCOUNCIL客服人员联系。
分享或评论 | 欢迎转发此文到您的朋友圈,并通过微信回复到LCOUNCIL微信公众账号,或联系我们即刻获得此互动安排。
关注 | 点击本文标题下方蓝色“LCOUNCIL”即可关注-微信号:LCOUNCIL2014