中圖分類號：TP315
文獻標識碼：A
DOI:10.19358/j.issn.2097-1788.2023.11.008
引用格式：聶磊磊.從認證全過程視角理解與完善個人信息保護認證制度［J］.網絡安全與數據治理，2023，42（11）：39-45.

Understand and improve the personal information protection certification system from the perspective of the whole certification process

Abstract： Compared with other export systems in the cross-border provision of personal information, personal information protection certification can achieve a balance between personal information security and free flow, and has freer mobility than the security assessment system, and has more stable security than standard contracts. Today, when the global data economy is gradually dominant, the personal information protection certification system has great implementation value. At the same time, as a key part of personal information protection certification, certification bodies are required to have fair and professional qualifications, maintain objectivity and neutrality in certification and give full play to their due professional level. However, the personal information protection certification system has just started in China, and the relevant laws and regulations are not perfect, and there are deficiencies in several aspects of specific implementation, mainly including pre-certification start, certification review and post-certification responsibility. Therefore, the combination of voluntary certification and compulsory certification should be adhered to before certification; Expand the scope of subjects that can apply for certification in certification, and establish a hierarchical and classified certification standard system; Improve the dual remedies of private law and public law after certification.

Key words : personal information export; personal information protection certification; certification bodies; the whole process of certification; equity of interests