域外法学研究资讯——数据法学（2025.1）

目录

1.《工作中的数据法》

Data Laws at Work

作者：Veena Dubal

2.《解释对话：专家重点研究，以了解GDPR中对解释的要求》

The explanation dialogues: an expert focus study to understand requirements towards explanations within the GDPR

作者：Alejandra Bringas Colmenarejo、Andrea Beretta、Salvatore Ruggieri、Franco Turini和Stephanie Law

3.《中国的跨境数据流通：从限制转向放松？》

Cross-border data flow in China: Shifting from restriction to relaxation?

作者：Shuai Guo、Xiang Li

4.《中国数据流通的困境和解决：数据作为考虑是解决方案吗？》

The dilemma and resolution of data circulation in China: Is data as consideration the solution?

作者：Xueting Fu

5.《没有余地给你！评估大型科技公司“增强隐私”技术的承诺》

NO COOKIES FOR YOU!: EVALUATING THE PROMISES OF BIG TECH'S 'PRIVACY-ENHANCING' TECHNIQUES

作者：Kirsten Martin, * William P. and Hazel B. White

6.《区块链证据的证明价值与证明地位》

Evidentiary value and evidentiary status of blockchain evidence

作者：Zelin Su

7.《言论确定性：算法言论与第一修正案的边界》

Speech Certainty: Algorithmic Speech and the Limits of the First Amendment

作者：Mackenzie Austin & Max Levy

8.《数据过度收集与滥用：基于中国滴滴案例与德国Facebook案例的比较法与经济学研究》

Excessive Data Collection and (Mis)use of Data: A Comparative Law and Economics Study on the Chinese Didi Case and the German Facebook Case

作者：Qian Li

9.《跨境隐私保护：反数据剥削中的公益诉讼》

Defending Privacy Across Borders: Public Interest Litigation in the Fight Against Data Exploitation

作者：Gizem Halis Kasap

10.《欧洲的调查性基因谱系学：为何应避免“数据主体明显公开”的法律依据》

Investigative genetic genealogy in Europe: Why the "manifestly made public by the data subject" legal basis should be avoided

作者：Taner Kuru

11.《“现在每个人都安全了”：构建越南数据隐私法规的含义》

Everyone Is Safe Now: Constructing the Meaning of Data Privacy Regulation in Vietnam

作者：Tu Thien Huynh

12.《第四次工业革命背景下数据库的知识产权保护》

Ip protection of databases under the Fourth Industrial Revolution

作者：Guzmán, JMB

13.《‘数据挖掘例外’在生成性人工智能（AI）中的作用——欧洲视角》

The role of the data mining exception in generative artificial intelligence (AI) - an european perspective

作者：Contardi, AM

14.《LexOptima：AI 支持的法律系统的承诺》

LexOptima: The promise of AI-enabled legal systems

作者：Becher, S and Alarie, B

主要内容

1. 《 工作中的数据法 》

Data Laws at Work

来源 ：《 耶鲁大学法律期刊 》 第 134 卷 T he Y ale L aw J ournal （ ssci ）

作者 ： Veena Dubal

摘要 ：

认识到越来越多的使用自动监控和决策系统进行劳动控制所造成的物质、身体和心理伤害，世界各地的司法管辖区正在考虑对工人进行新的数字权利保护。不足为奇的是，立法机构经常向欧盟（ EU）寻找灵感。欧盟通过2016年通过的《通用数据保护条例》、2024年的《人工智能法》和2024年的《平台工作指令》，将自己定位为数字权利的领导者，特别是为由“平台”调解的劳动的工人提供肯定的数字权利。然而，对这些法律的有效性知之甚少。

这篇文章开始填补这个知识空白。通过对法律的仔细分析和平台工作人员根据这些法律成功的战略诉讼，我认为目前的欧盟框架包含两个重大缺陷。首先，法律主要将工人定位为自由、自主的主体，在这样做时，它们犯了一个类别错误：工人与消费者不同，根据法律和教义从属于他们工作的公司。因此，这些法律所优先考虑的自由权利 ——如透明度和同意——不足以减轻通过自动化劳动管理造成的物质伤害。其次，本文认为，通过主要依靠透明度原则来检测、预防和制止违反劳动和就业法的行为，欧盟数据法没有解释工作场所算法管理系统经常造成现有工作法无法解决的新伤害的方式。这些伤害从根本上破坏了有关工人薪酬、评估和解雇的规范，源于数据处理系统的关系逻辑——即这些系统通过动态地将工人与他人进行比较来评估工人的方式，而不是根据履行所规定的职责客观地评估他们。基于这些分析，我建议未来的数据法应该以工作场所监管的旧方法为蓝本：它们应该旨在限制这些过程，而不仅仅是寻求阐明或评估有问题的数据流程。这些法律的规范北极星应该是禁止造成伤害的数字做法，而不仅仅是阐明其存在。

In recognition of the material, physical, and psychological harms arising from the growing use of automated monitoring and decision-making systems for labor control, jurisdictions around the world are considering new digital-rights protections for workers. Unsurprisingly, legislatures frequently turn to the European Union (EU) for inspiration. The EU, through the passage of the General Data Protection Regulation in 2016, the Artificial Intelligence Act in 2024, and the Platform Work Directive in 2024, has positioned itself as the leader in digital rights, and, in particular, in providing affirmative digital rights for workers whose labor is mediated by “a platform.” However, little is known about the efficacy of these laws.

This Essay begins to fill this knowledge gap. Through close analyses of the laws and successful strategic litigation by platform workers under these laws, I argue that the current EU framework contains two significant shortcomings. First, the laws primarily position workers as liberal, autonomous subjects, and in doing so, they make a category error: workers, unlike consumers, are subordinated by law and doctrine to the firms for which they labor. As a result, the liberal rights that these laws privilege—such as transparency and consent—are insufficient to mitigate the material harms produced through automated labor management. Second, this Essay argues that by leaning primarily on transparency principles to detect, prevent, and stop violations of labor and employment law, EU data laws do not account for the ways in which workplace algorithmic management systems often create new harms that existing laws of work do not address. These harms, which fundamentally disrupt norms about worker pay, evaluation, and termination, arise from the relational logic of data-processing systems—that is, the way that these systems evaluate workers by dynamically comparing them to others, rather than by evaluating them objectively based on fulfillment of ascribed duties. Based on these analyses, I propose that future data laws should be modeled on older approaches to workplace regulation: rather than merely seeking to elucidate or assess problematic data processes, they should aim to restrict these processes. The normative north star of these laws should be proscribing the digital practices that cause the harms, rather than merely shining a light on their existence.

2. 《 解释对话：专家重点研究，以了解 GDPR 中对解释的要求 》

The explanation dialogues: an expert focus study to understand requirements towards explanations within the GDPR

来源 ：《 人工智能与法律 》 第 33 卷 Artificial Intelligence and Law（ ssci ）

作者 ： Alejandra Bringas Colmenarejo、Andrea Beretta、Salvatore Ruggieri、Franco Turini和Stephanie Law

摘要 ：

可解释的人工智能（ XAI）提供了理解不可解释的机器学习模型的方法。然而，我们对法律专家对这些解释的期望知之甚少，包括它们对欧盟立法的法律遵守和价值。为了缩小这一差距，我们提出了解释对话，这是一项专家重点研究，旨在揭示法律专家和从业人员对XAI的期望、推理和理解，特别关注《欧洲通用数据保护条例》。该研究由在线问卷和后续访谈组成，以信贷领域的用例为中心。我们使用接地理论提取了一组分层和相互关联的代码，并提出了参与专家对XAI的立场。我们发现，所提出的解释很难理解，缺乏信息，并讨论了数据控制者和主体的不同利益可能产生的问题。最后，我们为XAI方法的开发人员提出了一套建议，以及讨论法律领域的指示。除其他外，建议涉及解释的呈现、选择和内容、技术风险以及最终用户，而我们为解释的争议性、透明度阈值、知识产权以及相关方之间的关系提供法律指导。

Explainable AI (XAI) provides methods to understand non-interpretable machine learning models. However, we have little knowledge about what legal experts expect from these explanations, including their legal compliance with, and value against European Union legislation. To close this gap, we present the Explanation Dialogues, an expert focus study to uncover the expectations, reasoning, and understanding of legal experts and practitioners towards XAI, with a specific focus on the European General Data Protection Regulation. The study consists of an online questionnaire and follow-up interviews, and is centered around a use-case in the credit domain. We extract both a set of hierarchical and interconnected codes using grounded theory, and present the standpoints of the participating experts towards XAI. We find that the presented explanations are hard to understand and lack information, and discuss issues that can arise from the different interests of the data controller and subject. Finally, we present a set of recommendations for developers of XAI methods, and indications of legal areas of discussion. Among others, recommendations address the presentation, choice, and content of an explanation, technical risks as well as the end-user, while we provide legal pointers to the contestability of explanations, transparency thresholds, intellectual property rights as well as the relationship between involved parties.

3 . 《 中国的跨境数据流 通 ：从限制转向放松？ 》

Cross-border data flow in China: Shifting from restriction to relaxation?

来源 ：《 计算机法律与安全评论 》 第 56 卷 Computer Law & Security Review（ ssci ）

作者 ： Shuai Guo、Xiang Li

摘要 ：

本文考察了中国在跨境数据流治理方面的最新发展。在网络安全法、数据安全法和个人数据保护法的总体框架下，中国建立了自己的跨境数据流制度。近年来，与国际普遍认为中国施加严格限制，特别是出于国家安全考虑，中国实际上一直在放宽对跨境数据流的监管，特别是对数字贸易的监管。本文提出了三个基本激励措施。首先，中国越来越需要通过国际贸易和投资实现经济增长。第二，中国打算在技术发展方面竞争，并带头制定国际数据治理规则。第三，中国正在寻求遵守国际标准，特别是国际自由贸易协定中规定的标准。本文进一步提出，这种范式转变将产生国际影响。首先，中国的做法需要在国际自由贸易协定的国内监管框架下进行审查。其次，中国目前的立法和司法实践是多方面的，考虑到了包括国际商业、国家安全和数据保护在内的各种因素，这可能有助于进一步发展国际跨境数据流规则。

This article examines China's latest development in the governance of cross-border data flow. Under the general framework of Cyber Security Law, Data Security Law, and Personal Data Protection Law, China established its own regime of cross-border data flow. In recent years, contrary to the general international perception that China imposes strict restrictions especially due to national security concerns, China has been de facto relaxing its regulations on cross-border data flow, especially for digital trade. This article suggests three underlying incentives. First, China is in an increasing need to gain economic growth through international trade and investment. Second, China intends to compete in technology development and take the lead in shaping international rules on data governance. Third, China is seeking to adhere to international standards, particularly those prescribed in international free trade agreements. This article further submits that this paradigm shift would have international implications. First, China's practices need to be examined under the domestic regulatory frameworks of international free trade agreements. Second, China's current legislative and judicial practices are multifaceted, taking into account various factors, including international business, national security, and data protection, which may contribute to the further development of international cross-border data flow rules.

4 . 《 中国数据流通的困境和解决：数据作为考虑是解决方案吗？ 》

The dilemma and resolution of data circulation in China: Is data as consideration the solution?

来源 ：《 计算机法律与安全评论 》 第 56 卷 Computer Law & Security Review（ ssci ）

作者 ： Xueting Fu

摘要 ：数据流通对中国数字经济的发展构成了重大挑战。在数据交换方面，交易活动有所下降。数据共享财团之间的交流外、严格的障碍导致了数据孤岛，产生了信任和合法性的危机。将个人数据视为考虑因素，通过激励个人通过经济利益和保护其个人权利共享数据的动机，可以为广泛的商业数据处理建立强大而全面的法律基础。因此，这连接了初级和二级数据元素市场，促进了数据流通，并加强了实体经济。在以个人数据为考虑的法律框架内，用户和企业之间的协议构成双边合同，其中个人有义务 “提供个人数据和/或授权处理”作为反履行。通过这种交换，企业以用户授权为前提，可以获得一个或多个持有、使用或操作数据的权利，从而实现数据产权的分离。企业获得的数据产权受注册对抗原则的约束。数据主体的继承人、交易中的先前或后续当事人以及侵权者都是绝对可以对抗的第三方，而后续被许可人对抗先前被许可方的能力取决于预先存在的数据产权是否已注册。即使数据产权来自非排他性许可证，企业仍然可以面对破产管理人并进行数据处理。

The circulation of data presents a significant challenge to the development of China's digital economy. On data exchanges, trading activity has declined. Off-exchange, stringent barriers between data-sharing consortia have resulted in data silos, producing crises of trust and legitimacy. Treating personal data as consideration, by incentivising individuals' motivation to share data through both financial gain and the protection of their personal rights, can establish a robust and comprehensive legal basis for extensive commercial data processing. Accordingly, this connects primary and secondary data element markets, facilitates data circulation, and strengthens the real economy. In the legal framework of personal data as consideration, the agreement between users and enterprises constitutes a bilateral contract, wherein individuals are obliged to "provide personal data and/ or authorise processing" as counter-performance. Through this exchange, enterprises, predicated on user authorisation, can secure one or more rights to hold, use or operate the data, thereby achieving a separation of data property rights. The data property rights enterprises acquire are governed by the principle of registration confrontation. The data subject's inheritors, prior or subsequent parties in transactions, and infringers are all third parties that could be confronted absolutely, while a subsequent licensee's ability to confront a prior licensee hinges on whether the pre-existing data property rights have been registered. Even when data property rights derive from a non-exclusive licence, the enterprise can still confront the bankruptcy administrator and proceed with data processing.

5.《 没有余地给你！评估大型科技公司 “增强隐私”技术的承诺 》

NO COOKIES FOR YOU!: EVALUATING THE PROMISES OF BIG TECH'S 'PRIVACY-ENHANCING' TECHNIQUES

来源：《乔治城法律技术评论》 2025年 1 月 Georgetown Law Technology Review

作者： Kirsten Martin, * William P. and Hazel B. White

摘要：我们研究了大型科技公司最近部署或计划部署的一系列 “隐私增强“技术背后的三个共同原则:(1)限制第三方对个人数据的访问，(2)使用推断并尽量减少原始数据的使用和保留，以及(3)确保个人数据永远不会离开用户的设备。我们的文章对这些原则提出了挑战，但并不是基于为实现这些原则而提供的技术无法实现其既定目标。相反，我们认为，当隐私增强技术不解决侵犯隐私的行为时，这些原则本身就不足。通过哲学分析和技术审查，我们揭示了原则与健全的隐私概念之间的错位。我们通过一系列阶乘用户研究来强化我们的研究结果，这些研究表明原则与用户的实际隐私期望之间存在惊人的差距。从我们的研究结果中可以得出的最普遍的结论是，任何创建成功的隐私增强系统的努力都必须从明确采用有意义的隐私概念开始。

We examine three common principles underlying a slew of‘privacy -enhancing' techniques recently deployed or scheduled for deployment by big tech companies: (1) limiting access to personal data by third parties, (2) using inferences and minimizing use and retention of raw data, and (3) ensuring personal data never leaving users' device. Our Article challenges these principles, but not on the grounds that techniques offered to implement them fail to achieve their stated goals. Instead, we argue that the principles themselves fall short when the privacy enhancing technique does not address privacy-violating behavior. Through philosophical analysis and technical scrutiny, we reveal the misalignment between the principles and a sound conception of privacy. We reinforce our findings empirically with a series of factorial vignette user studies, which demonstrate a surprising gap between the principles and users' actual privacy expectations. The most general conclusion that can be derived from our findings is that any effort to create successful privacy-enhancing systems must start with the explicit adoption of a meaningful conception of privacy .

6 . 《区块链证据的证明价值与证明地位》

Evidentiary value and evidentiary status of blockchain evidence

来源：《国际证据与证明杂志》第 29 卷第 1 期，第 58 页 International Journal of Evidence and Proof

作者： Zelin Su

摘要：

本文对区块链证据的证明价值与地位进行深入研究，认为其证据价值具有双重性质，体现在它不能绝对防篡改，只能提供证据真实性的周期性保证，而常用的联盟链并不具备公有链的所有好处。同时，区块链证据在整个证据系统中占据着独特的地位，它作为一种证据存储机制，本质上是一种反映证据收集过程和结果的电子证据。同时文章强调区块链证据不仅仅是传统证据的替代品，而是代表了传统证据功能和有效性的升级，认为区块链证据规则的完善应该与 “技术中立”的基本立场保持一致；在解决真实性、道听途说和原创性问题时，必须区分链上和链下，并在现有的电子证据规则和意见证据规则的框架内提出改进建议，从而释放区块链证据的潜力。

Issues regarding the authenticity and integrity of electronic evidence have plagued judges worldwide. From a statistical viewpoint, the main cause of the judicial puzzle in dealing with electronic evidence lies in its special physical properties and judges' lack of necessary expertise. With its technical development and widespread application, blockchain technology is showing significant power and is gradually supplanting judges and expert witnesses, who have played a central role in the identification of electronic evidence's authenticity and integrity. In two recent cases, Chinese courts have confirmed for the first time that electronic data stored on or generated by blockchain met the requirements of authenticity and integrity and proposed a specific procedural test to identify blockchain evidence. Although blockchain technology may revolutionise the rules of evidence, it contains inherent risks. Its application in electronic evidence may also indicate the fusion between decentralised technology and the traditional, centralised juridical mechanisms.

7 . 《言论确定性：算法言论与第一修正案的边界》

Speech Certainty: Algorithmic Speech and the Limits of the First Amendment

来源：《斯坦福法律评论》第 77 卷，第 1 页 Stanford Law Review

作者： Mackenzie Austin & Max Levy

摘要：

本文认为对机器学习算法的输出是否真正属于第一修正案所定义的 “言论”表示怀疑的研究有很多，但尚未有人提出一种可行的方法来清晰区分言论与非言论。因而本文提出了一种基于“言论确定性”（speech certainty）原则的方法，以成功划定这一界限。该原则的基本理念是：只有当说话者在其发言时知晓其所说内容，该内容才能被视为言论。这一理念植根于第一修正案的文本、历史及目的，并已融入现代言论学说中的编辑裁量权（editorial discretion）和表达行为（expressive conduct）理论。文章认为这一基本原则曾被忽视，是因为迄今为止所有言论都被默认为具有“言论确定性”，因此无需特别阐明其存在。然而，机器学习改变了这一现状。与传统代码不同，仔细观察机器学习算法的工作原理可以发现，创建这些算法的程序员永远无法确定其输出内容。由于该输出缺乏“言论确定性”，它不应被视为程序员的言论。因此，本文主张，机器学习算法的输出不应享有第一修正案的保护。

Machine learning algorithms increasingly mediate our public discourse—from search engines to social media platforms to artificial intelligence companies. As their influence on online speech swells, so do questions of whether and how the First Amendment may apply to their output. A growing chorus of scholars has expressed doubt over whether the output of machine learning algorithms is truly speech within the meaning of the First Amendment, but none have suggested a workable way to cleanly draw the line between speech and non-speech. This Article proposes a way to successfully draw that line based on a principle that we call “speech certainty”—the basic idea that speech is only speech if the speaker knows what he said when he said it. This idea is rooted in the text, history, and purpose of the First Amendment, and built into modern speech doctrines of editorial discretion and expressive conduct. If this bedrock principle has been overlooked, it is because, until now, all speech has been imbued with speech certainty. Articulating its existence was never necessary. But machine learning has changed that. Unlike traditional code, a close look at how machine learning algorithms work reveals that the programmers who create them can never be certain of their output. Because that output lacks speech certainty, it’s not the programmer’s speech. Accordingly, this Article contends that the output of machine learning algorithms isn’t entitled to First Amendment protection. It reveals that the question of how an algorithm works is constitutionally significant. With the Supreme Court in Moody v. NetChoice demanding further inquiry into what constitutes protected expressive activity for social media platforms, that question can no longer be ignored. By failing to distinguish between traditional and machine learning algorithms, we risk sleepwalking into a radical departure from centuries of First Amendment jurisprudence. Protection for the output of machine learning algorithms would, for the first time in the Constitution’s history, protect speech that a speaker does not know he has said. Speech certainty provides a novel and principled approach to conceptualizing machine learning algorithms under existing First Amendment jurisprudence.

8 . 《 数据过度收集与滥用：基于中国滴滴案例与德国 Facebook案例的比较法与经济学研究 》

Excessive Data Collection and (Mis)use of Data: A Comparative Law and Economics Study on the Chinese Didi Case and the German Facebook Case

来源：《中国比较法杂志》 2025 年第 13 卷 CHINESE JOURNAL OF COMPARATIVE LAW

作者： Qian Li

摘要：

本文认为数据的过度收集和滥用数据会导致两种市场失灵（即市场支配地位和信息不对称）并存，这反过来又在数字市场中相互影响，同时引发对竞争法和数据保护法的担忧。基于此，文章建立了一个法律和经济学框架，以研究欧盟和中国的主导技术企业对过度数据收集和滥用数据所引起的担忧的分歧。德国竞争监管机构 Bundeskartellamt 发现，占主导地位的社交网络平台 Facebook 滥用其主导地位，未经同意过度收集和滥用用户数据，而中国国家互联网信息办公室则通过数据保护法解决了占主导地位的网约车企业滴滴引起的类似担忧。基于对德国 Facebook 案和中国滴滴案的对比分析，在滥用市场支配地位下，以市场界定和支配地位确定为前提，采取竞争法处理优势技术经营者过度收集和滥用数据的行为，执法成本高昂，同时有助于最大限度地降低错误成本。 尤其是在没有数据保护实施的情况下出现漏报。相比之下，数据保护方法将是一种具有成本效益的事前干预市场的方式，可以减少过度收集和滥用数据的可能性，减少竞争的排他性或剥削性影响，并降低从收集和处理大量数据中受益的市场进入壁垒。

The excessive data collection and (mis)use of data can result in the coexistence of two market failures—namely, market dominance and information asymmetry—which in turn interact with each other in digital markets and trigger simultaneous concerns about competition law and data protection law. This article establishes a law and economics framework to study the divergence in response to the concerns caused by excessive data collection and (mis)use of data by dominant technology undertakings in the European Union and China. The German competition authority, the Bundeskartellamt, found that Facebook, a dominant social network platform, abused its dominant position by excessively collecting and misusing user data without consent, whereas the Cyberspace Administration of China addressed similar concerns caused by Didi, a dominant ride-hailing undertaking, via data protection law. Based on the comparative analysis of the German Facebook case and the Chinese Didi case, a competition law approach to deal with excessive data collection and the (mis)use of data by a dominant technology undertaking results in high enforcement costs due to the prerequisites of market definition and dominance determination under abuse of dominance, while contributing to minimizing error costs, especially false negatives in the absence of data protection enforcement. In contrast, a data protection approach would be a cost-effective way to intervene in the market ex-ante by decreasing the likelihood of excessive collection and misuse of data, reducing the exclusionary and/or exploitative effects of competition and lowering the market entry barrier that benefits from the collection and processing of significant amounts of data.

9 . 《跨境隐私保护：反数据剥削中的公益诉讼》

Defending Privacy Across Borders: Public Interest Litigation in the Fight Against Data Exploitation

来源：《荷兰国际法评论》 NETHERLANDS INTERNATIONAL LAW REVIEW

作者： Gizem Halis Kasap

摘要：

本文探讨了公益诉讼在应对跨境数据剥削这一日益严峻问题中的关键作用。在数据自由跨境流动的时代，跨国公司常常利用法律漏洞逃避责任，对个人隐私和数据安全构成严重威胁。传统的法律途径虽然能够解决个人申诉，但在遏制大规模滥用行为方面往往力不从心，且难以应对广泛数据滥用带来的集体社会影响。然而，公益诉讼使个人、公民社会组织及倡导团体能够推动更广泛的结构性变革，从而在全球范围内促进企业问责与合规。通过对法律框架、实际案例研究以及国际管辖复杂性的全面分析，本文认为公益诉讼至关重要 ——不仅作为私人执法的补充，更是作为执行数据保护法和保护集体数字权利的变革性工具。这一分析凸显了公益诉讼在推动司法能动性及适应全球数字挑战方面的潜力，标志着其成为实现公平数据隐私保护的有力途径。

This paper examines the pivotal role of public interest litigation in tackling the escalating issue of cross-border data exploitation. In an era where data flows freely across jurisdictions, multinational corporations often exploit legal loopholes to bypass accountability, posing serious risks to individual privacy and data security. Traditional legal avenues, while addressing personal grievances, often fall short of deterring large-scale abuses and do little to address the collective societal impacts that arise from widespread data misuse. Public interest litigation, however, enables individuals, civil society organizations, and advocacy groups to push for more extensive, structural changes that foster greater corporate accountability and compliance on a global scale. Through a thorough review of legal frameworks, real-world case studies, and the intricacies of international jurisdiction, this paper argues that public interest litigation is essential—not just as a complement to private enforcement but as a transformative tool for enforcing data protection laws and protecting collective digital rights. This analysis highlights the capacity of public interest litigation to prompt judicial activism and adapt to global digital challenges, marking it as a powerful pathway toward equitable data privacy protection.

10 . 《欧洲的调查性基因谱系学：为何应避免 “数据主体明显公开”的法律依据》

Investigative genetic genealogy in Europe: Why the "manifestly made public by the data subject" legal basis should be avoided

来源：《计算机法律与安全评论》第 56 卷 COMPUTER LAW & SECURITY REVIEW

作者： Taner Kuru

摘要：

文章提出调查性基因谱系学作为一种有效的调查工具，在过去几年中逐渐兴起并广受欢迎，尤其是在 “金州杀手”被捕后，这一成功也促使欧盟的执法机构开始尝试使用该技术。然而，在欧盟数据保护框架下，应基于何种法律依据访问基因谱系数据库用户的个人数据以用于调查目的，仍存在模糊性，这可能使调查性基因谱系学在欧洲的合法性与正当性受到质疑。因此，本文探讨了《执法指令》第10(c)条所规定的“数据主体明显公开”的法律依据是否可用于此类目的。基于分析，本文认为，鉴于相关个人数据并非在所有情况下均“明显”被“公开”，且并非均由“数据主体”披露，因此该法律依据不能用于此类目的，并在此基础上提出了一种确保该方法在欧盟数据保护框架下合法性的前进路径。

Investigative genetic genealogy has emerged as an effective investigation tool in the last few years, gaining popularity, especially after the arrest of the Golden State Killer. Since then, hundreds of cases have been reported to be solved thanks to this novel and promising technique. Unsurprisingly, this success also led law enforcement authorities in the EU to experiment with it. However, there is an ambiguity on which legal basis in the EU data protection framework should be used to access the personal data of genetic genealogy database users for investigative purposes, which may put the legality and legitimacy of investigative genetic genealogy in Europe at stake. Accordingly, this article examines whether the “manifestly made public by the data subject” legal basis enshrined in Article 10(c) of the Law Enforcement Directive could be used for such purposes. Based on its analysis, the article argues that this legal basis cannot be used for such purposes, given that the personal data in question are not “manifestly made” “public”, and they are not disclosed “by the data subject” in all cases. Therefore, the article concludes by suggesting a way forward to ensure the lawfulness of this investigation method in the EU data protection framework.

11 . 《 “现在每个人都安全了”：构建越南数据隐私法规的含义》

Everyone Is Safe Now: Constructing the Meaning of Data Privacy Regulation in Vietnam

来源：《亚洲法律与社会杂志》第 1-29 页（ ASIAN JOURNAL OF LAW AND SOCIETY ）。

作者： Tu Thien Huynh

摘要：

本文探讨了越南独特的数据隐私监管方法及其对隐私法既定理解的影响。虽然全球数据隐私法规以个人自由和信息流的完整性为前提，但最近越南关于个人数据保护的第 13/2023/N Đ -CP 号法令（以下简称 PDPD）优先考虑国家监督和对信息流的集中控制，以维护集体利益和网络空间安全。新的监管逻辑将数据隐私置于政府机构的监管之下，并使隐私法领域远离本已遥远的司法权力。这促使人们探索监管机构和受监管社区理解数据隐私法规方式的细微差别。本文借鉴了社会建构主义对监管和话语分析的描述，探讨了在 PDPD 起草期间，监管机构与受监管者之间的认知互动。在国家政策举措建立的复杂语义网络中，参与者之间的动态突出了这一过程，其中默许假设和规范性信念指导了各个社区的行为者如何偏爱一种类型的数据隐私监管思维。研究结果表明，隐私法的改革可能不会为个人带来“更多的隐私”，而且全球隐私监管的分歧可能不容易通过文化和制度差异来解释。

This article explores Vietnam’s distinctive approach to data privacy regulation and its implications for the established understandings of privacy law. While global data privacy regulations are premised on individual freedom and integrity of information flows, the recent Vietnamese Decree 13/2023/NĐ-CP on Personal Data Protection (herein PDPD) prioritise state oversight and centralised control over information flows to safeguard collective interests and cyberspace security. The fresh regulatory logic puts data privacy under the regulation of government agencies and moves the privacy law arena even further away from the already distant judicial power. This prompts an exploration of the nuances underlying the ways regulators and the regulated communities understand data privacy regulation. The article draws on social constructionist accounts of regulation and discourse analysis to explore the epistemic interaction between regulators and those subject to regulation during the PDPD’s drafting period. The process is highlighted by the dynamics between actors within a complex semantic network established by the state’s policy initiatives, where tacit assumptions and normative beliefs direct the way actors in various communities favour one type of thinking about data privacy regulation over another. The findings suggest that reforms to privacy laws may not result in “more privacy” to individuals and that divergences in global privacy regulation may not be easily explained by drawing merely from cultural and institutional variances.