国际资讯 | 美国参议院通过国家安全一揽子计划（含TikTok剥离法案）等（4.24-4.25）

U.S. Senate Passes the National Security Package

美国参议院通过国家安全一揽子计划（含TikTok剥离法案）

On April 23, 2024, U.S. Senate passed the National Security Package, which includes The Protecting Americans from Foreign Adversary Controlled Applications Act:

• Mandates TikTok's independence from foreign influences, requiring TikTok to separate from ByteDance within 270 days to ensure the protection of American users' privacy and data while mitigating risks of espionage and propaganda dissemination.

• Empowers the U.S. Department of Justice to ensure compliance with divestiture mandates, while granting exemptions for non-threatening platforms, and strengthens legal measures to safeguard against foreign influence, particularly from the Chinese Communist Party.

2024年4月23日，美国参议院通过了国家安全一揽子计划，其中包括《保护美国人免受外国对手控制应用程序侵害法》：

• 规定TikTok独立于外国影响，要求TikTok在270天内与ByteDance分离，以确保能够保护美国用户的隐私和数据，同时降低间谍和宣传传播的风险。

• 授权美国司法部确保剥离授权得到遵守，同时对不具威胁性的平台给予豁免，并加强法律措施以防范外国影响，尤其是来自中国的影响。

上述资讯源自美国参议员官网，详见：

https://www.cramer.senate.gov/news/press-releases/senate-passes-stronger-national-security-supplemental-package

EU Commission Published Data Act Explained

欧盟委员会发布《数据法案》概览指南

On April 17, 2024, EU commission published Data Act explained, which is a comprehensive overview of the Data Act, including its objectives and how it works in practice.

2024年4月17日，欧盟委员会发布了《数据法案》概览指南，全面概述了《数据法案》，包括其目标和实际运作方式。

The Data Act is a law designed to enhance the EU’s data economy and foster a competitive data market by making data (in particular industrial data) more accessible and usable, encouraging data-driven innovation and increasing data availability. To achieve this, the Data Act ensures fairness in the allocation of the value of data amongst the actors in the data economy. It clarifies who can use what data and under which conditions.The Data Act was published in the Official Journal of the EU on 22 December 2023 and it will become applicable on 12 September 2025.

《数据法案》是一部旨在通过使数据（尤其是工业数据）更易获取和使用、鼓励数据驱动的创新和提高数据可用性来加强欧盟数据经济和促进有竞争力的数据市场的法律。为实现这一目标，《数据法案》确保在数据经济参与者之间公平分配数据价值，明确了谁可以使用什么数据以及在什么条件下使用。《数据法案》于2023年12月22日在《欧盟官方公报》上发布，将于2025年9月12日开始适用。

The Data Act complements the Data Governance Act, the first deliverable under the European strategy for data. The Data Governance Act became applicable in September 2023. While the Data Governance Act increases trust in voluntary data-sharing mechanisms, the Data Act provides legal clarity regarding the access to and use of data.

Together with other policy measures and funding opportunities, these two regulations will contribute to the establishment of an EU single market for data, making Europe a leader in the data economy by harnessing the potential of the ever-increasing amounts of data, in particular industrial data, for the benefit of the European economy and society.

《数据法案》是对《数据治理法》的补充，后者是欧洲数据战略的第一个可交付成果。《数据治理法》于2023年9月开始适用。《数据治理法》增强了人们对自愿共享数据机制的信任，而《数据法案》则为数据的获取和使用提供了明确的法律规定。这两项法规将与其他政策措施和资助机会一起，促进欧盟数据单一市场的建立，通过利用日益增长的数据，特别是工业数据的潜力，造福欧洲经济和社会，使欧洲成为数据经济的领导者。

Data Act Explained includes:

Following the general provisions (Chapter I) which set out the scope of the regulation and define key terms, the Data Act is structured into six main chapters:

• Chapter II on business-to-business and business-to-consumer data sharing in the context of IoT: users of IoT objects can access, use and port data that they co-generate through their use of a connected product.

• Chapter III on business-to-business data sharing: this clarifies the data-sharing conditions wherever a business is obliged by law, including through the Data Act, to share data with another business.

• Chapter IV on unfair contractual terms: these provisions protect all businesses, in particular SMEs, against unfair contractual terms imposed on them.

• Chapter V on business-to-government data sharing: public sector bodies will be able to make more evidence-based decisions in certain situations of exceptional need through measures to access certain data held by the private sector.

• Chapter VI on switching between data processing services: providers of cloud and edge computing services must meet minimum requirements to facilitate interoperability and enable switching.

• Chapter VII on unlawful third country government access to data: non-personal data stored in the EU is protected against unlawful foreign government access requests.

• Chapter VIII on interoperability: participants in data spaces must fulfil criteria to allow data to flow within and between data spaces. An EU repository will lay down relevant standards and specifications for cloud interoperability.

• Chapter IX on enforcement: Member States must designate one or more competent authority(ies) to monitor and enforce the Data Act. Where more than one authority is designated, a ‘data coordinator’ must be appointed to act as the single point of contact at the national level.

《数据法案》概览指南包括：

总则（第一章）规定了法案的适用范围并定义了关键术语，《数据法案》分为六个主要章节：

• 第二章 关于物联网背景下企业与企业和企业与消费者的数据共享：物联网对象的用户可以访问、使用和转移他们通过使用联网产品共同生成的数据。

• 第三章 关于企业间数据共享：明确了企业依法（包括通过《数据法案》）有义务与其他企业共享数据的数据共享条件。

• 第四章 关于不公平合同条款：这些条款保护所有企业，尤其是中小企业，免受强加给他们的不公平合同条款的影响。

• 第五章 关于企业与政府的数据共享：在某些特殊需要的情况下，公共部门机构将能够通过获取私营部门持有的某些数据的措施，做出更多基于证据的决策。

• 第六章 关于数据处理服务之间的切换：云计算和边缘计算服务提供商必须满足最小必要的要求，以促进互操作性并实现切换。

• 第七章 关于第三国政府非法访问数据：存储在欧盟的非个人数据受到保护，免受外国政府非法访问请求的影响。

• 第八章 关于互操作性：数据空间的参与者必须满足允许数据在数据空间内部和之间流动的标准。欧盟存储库将为云互操作性制定相关标准和规范。

• 第九章 关于执行：成员国必须指定一个或多个主管机构来监督和执行《数据法案》。如果指定了一个以上的主管机构，则必须指定一名“数据协调员”，作为国家层面的单一联络点。

上述资讯源自欧盟委员会官网，详见：

https://digital-strategy.ec.europa.eu/en/factpages/data-act-explained

UK FCA Publishes its Approach to AI regulation

英国FCA公布人工智能监管方法

On April 22, 2024, the Financial Conduct Authority (FCA) published its 'AI Update' detailing its approach to the regulation and supervision of artificial intelligence (AI) following the release of the Government's response to the AI Regulation White Paper consultation.

2024年4月22日，英国金融行为监管局（以下简称“FCA”）发布了“人工智能更新”，详细介绍了在英国政府发布对人工智能监管白皮书咨询的回应后，FCA更新的对人工智能的监管方法。

The FCA highlighted that its regulatory approach focuses on identifying and mitigating risks rather than prohibiting specific technologies. Further, the FCA explained that its approach involves assessing the implications of technologies like AI, blockchain, and cloud infrastructure on financial markets and consumer protection.

FCA强调，该监管方法侧重于识别和降低风险，而非禁止特定技术。此外，FCA还解释说，该监管方法包括评估人工智能、区块链和云基础设施等技术对金融市场和消费者保护的影响。

According to the FCA, the principle of proportionality guides its regulatory actions, aiming to balance restrictions with the expected benefits of AI. The FCA noted that it follows an outcomes-based approach to regulation that allows firms flexibility to innovate and adapt to technological changes while ensuring consumer protection against emerging harms. Notably, the FCA stated that many AI-related risks are not unique to AI and can be managed within existing regulatory frameworks.

据FCA称，合比例性原则指导其监管行动，旨在对平衡限制与人工智能的预期效益。FCA指出，此次更新遵循一种基于结果的监管方法，允许公司灵活地进行创新和适应技术变革，同时确保能够保护消费者免受新出现的危害。值得注意的是，FCA指出，许多与人工智能相关的风险并非人工智能所独有，可以在现有监管框架内进行管理。

上述资讯源自dataguidance，详见：

https://www.dataguidance.com/news/uk-fca-publishes-its-approach-ai-regulation

FTC官网发布详见：

https://www.fca.org.uk/publications/corporate-documents/artificial-intelligence-ai-update-further-governments-response-ai-white-paper

欧盟委员会发布欧盟-美国数据隐私框架救济流程指南

European Commission Publishes Guidance on Redress Processes for EU Claims under the EU-U.S. Data Privacy Framework

The European Data Protection Board published guidance on redress processes for EU claims under the EU-U.S. Data Privacy Framework. The guidance documents include Q&A information, a template form for complaints to the U.S. Office of the Director of National Intelligence's Civil Liberties Protection Officer and a template form for commercial-related complaints to EU data protection authorities.

2024年4月24日，欧洲数据保护委员会发布了关于欧盟-美国数据隐私框架下欧盟索赔补救流程的指南。指导文件包括问答信息、向美国国家情报总监办公室公民自由保护官投诉的模板表格以及向欧盟数据保护机构投诉的商业相关投诉模板表格。

指南全文参见：

https://www.edpb.europa.eu/our-work-tools/our-documents/other-guidance/information-note-data-transfers-under-gdpr-united-0_en

上述资讯源自IAPP，详见：

https://iapp.org/news/a/edpb-issues-guidance-for-personal-data-transfers-to-us/

01

想要获得更多资讯内容

请扫码关注我们

M姐 数据合规评论

微信号｜M_DigitalLawandLife