In general, this article has a certain reference, and a brief introduction can be understood as a security risk and security control measures in the process of data circulation.
However, I reserve a little problem, the "cross-domain control" proposed by ** is still comprehensively solved through various means such as management, technology, and operation mechanism, if it is only understood from the definition, it is easy to understand that it can be solved through the technology platform, and there is a certain difference between the two.
The definition of "cross-domain control" means that after the data leaves the owner's domain, the data owner can still effectively control the data flow process to avoid its abuse or unintended use.
In addition to this main problem, there are also highlights, 3Chapter 1 analyzes the responsibilities, obligations and rights and interests in the process of data security circulation from the perspective of legal liability, which is a relatively thorough article on legal liability analysis that I have seen at present.
The main points of the collation are as follows:
I. 3Chapter 1, Data Circulation Security Specifications and Problem Analysis, the main contents include:
Firstly, the protection obligations of data security holders in existing laws and regulations are introduced, including four special obligations and two special obligations.
Then, according to the responsibility system, it is pointed out that the allocation of the safety responsibility of the holder in the existing safety regulations is unreasonable, and the overall content is demonstrated by citing precedents.
The current normative liability system for the holder's breach of data security obligations is a comprehensive statutory liability system that combines public law liability and private law liability, and consists of administrative liability, criminal liability and civil liability. If the three types of liabilities are competing, the liability shall be pursued against the data holder in the order of civil liability, administrative liability, and criminal liability. In public law, the dual penalty system for criminal liability and administrative liability, and the principle of unlimited liability may make the data holder bear excessive criminal and administrative liability. In private law, civil liability emphasizes fault liability, and joint and several liability makes it possible for the data holder to bear civil liability that is inappropriate for his or her actions. Finally, solutions are proposed in Chapter 4 based on existing problems.
2. The basic idea of cross-domain data management and control. Including management, technology and legal means, among which the technical measures across the control include: 1. Beforehand, objective: data can be confirmed. The technical measures that can be adopted include trusted remote verification, blockchain, digital signatures, timestamps, and CA certificates;
2. In the matter, the goal; Data can be used but not visible", data can be counted as unrecognizable, and data use can be defined". Among them, the technical measures adopted by "data availability and invisibility" include multi-party secure computing, privacy set intersection, hidden query, homomorphic encryption, and federated learning. The technical measures used in "countable unrecognizable" include controlled anonymization, obfuscation techniques, and differential privacy; The technical measures adopted by "use definable" include trusted access control and trusted secret computing.
3. After the fact, the goal: the technical measures used for data circulation traceability include data identification, data tracking, credible audit, and zero-knowledge proof.
3. In formulating the security responsibilities of data circulators, ** provides some specific suggestions, such as:
Data holders can clarify their responsibilities by using data circulation rules and data circulation agreements.
In the process of data circulation, if the data holder has fulfilled its security obligations, the data holder shall be subject to compliance reduction or exemption from liability.
In the circulation of data, the principle of independent responsibility for the use of data by data users must be established. February** Dynamic Incentive Program