摘要： 作为企业合规的特殊场域,数据刑事合规指的是数据企业等经营主体针对数据处理各环节可能涉及犯罪的风险点,进行犯罪预防、识别和应对,以追求获得刑事利益的一种专门活动。在我国力推大合规建设的背景下,此类实践对于促进智能社会共治、发展新兴数据产业和提升司法办案效果具有突出的价值。而鉴于我国数据犯罪治理存在着“口袋罪名”“沾边管辖”“动态标线”等现实特点,数据刑事合规只能践行相对性定律,即指向数据处理行为的罪名群、追求合理性的结果。基于这一社会规律,各数据经营主体应当确立同数据业务形态相契合的三色方略,包括数据处理要远离刑事究责的红线、警惕行政处罚的黄线(区)以及畅行于民事、行政上无责等绿区。

关键词: 刑事合规, 数据合规, 企业合规, 数据犯罪, GDPR合规

Abstract: As a specific field of corporate compliance, criminalized data compliance refers to a special activity in which commercial entities including data enterprises prevent, identify and respond to criminal risks involved in each section of data processing in order to pursue criminal benefits.Under background of our country engaging in promoting legal compliance, these practices have the outstanding value for promoting intelligent social co-governance, developing emerging digital industrial economy and improving judicial effectiveness.Due to our country's data-crime governance has its practical characteristics, such as pocket charge, borderline jurisdiction, and dynamic standards, the criminalized data compliance can only practice with the rule of relativity; that means it points to the specific crime groups of data-processing behavior, and pursues the rational goal.Based on this social rule, all data operators shall establish a three-color strategy consistent with its own business, including that the data processing shall be far away from the red line of criminal responsibility, pay attention to the yellow line/zone of administrative punishment and be free in the green zone without civil, administrative or other responsibility.

Key words: Criminalized Compliance, Data Compliance, Corporate Compliance, Data Crime, GDPR Compliance