第四次互联网技术革命以来，世界发展已进入信息时代，数据作为新型资源要素得到各国重视。数字经济在全球范围内的蓬勃发展已经使得数据跨境流动成为全球背景下各国博弈的重心，其中尤以数据跨境调取问题亟待各国解决。在网络犯罪概念不断泛化、电子数据证据作用显著提升、数据跨境调取需求大幅增加的背景下，数据跨境调取的模式已经成为各国立法关注的重点。尤其近些年来，利用信息网络技术实施犯罪的行为日益猖獗，其危害范围遍及全球，司法机关不得不面临犯罪数据存储地全球化的现实。从影响后果来看，网络犯罪在全球层面产生的深刻影响无法忽视，强化合作治理网络犯罪已经是大势所趋。然而，在打击网络犯罪的路径选择上，联合国层面全球性的公约尚未出台，《布达佩斯网络犯罪公约》也无法覆盖全部国家，各国出现了严重的分歧。美国出台《云法案》以“自我赋权”的形式使其可以在未经外国政府授权的情况下向信息网络服务提供商调取数据，实质上扩张其全球范围内的数据主权辖域，构建了数据跨境调取的单边模式。欧盟也在酝酿效仿《云法案》创建属于欧洲的数据出示令。美欧两大立法趋势使得全球数据跨境调取模式开始呈现严重的单边倾向，不仅挑战了基于司法协助条约的传统数据跨境调取制度，也忽视了对于国家主权尤其是数据主权的尊重。我国政府历来旗帜鲜明地反对这种数据跨境调取的单边模式。在目前数据跨境调取法律法规并不完善的情况下，我国应当基于数据主权原则继续完善数据跨境调取法律法规，同时积极推动更高效的双边司法协助协议落地。我国也要在联合国层面贡献中国力量与中国方案，促使取得全球共识的国际公约尽快出台。面对数据跨境单边调取时，我国要依法做好数据分级分类保护，严防核心数据与重要数据出境。同时企业也要答好数据跨境调取这一“必答题”，合规应对数据跨境调取。

本文主体有以下六部分组成：第一章，阐明本文写作的背景及研究意义，从数据跨境调取的管辖权分配、合法路径以及最新立法评析三个角度对国内外相关文献进行综述，并点明本文的创新和不足之处；第二章，对数据跨境调取的相关概念进行明晰，同时介绍数据跨境调取的现实背景；第三章，对全球数据跨境调取立法进行梳理，从多边、双边、单边三种主要模式出发，评析各种模式的局限性；第四章，基于对于全球相关立法的梳理，分析我国目前在数据跨境调取方面的立法与实务现状，并提出基于数据主权的中国路径选择。第五章，着重关注企业合规应对数据跨境调取的措施，从识别合规要求、强化应对能力与完善管理体系三大方面为企业提出有益的建议。结语对全文进行回顾总结，并展望未来规范与技术的协同发展方向，对本文尚未探析的领域进行简要阐明。

Since the fourth Internet technology revolution, the world development has entered the information age, and data as a new resource element has gained the attention of all countries. The vigorous development of the digital economy in the global context has made the cross-border flow of data the focus of national games in the global context, among which the issue of data cross-border access in particular needs to be urgently addressed by all countries. In the context of the continuous generalization of the concept of cybercrime, the significant increase in the role of electronic data evidence, and the significant increase in the demand for data cross-border access, the mode of data cross-border access has become the focus of legislative attention in various countries. In particular, in recent years, the use of information network technology to commit crimes has become increasingly rampant, and its scope of harm is global, and judicial authorities have to face the reality of globalization of crime data storage places. From the perspective of the consequences, the profound impact of cybercrime at the global level cannot be ignored, and strengthening cooperation to combat cybercrime has been the general trend. However, in the choice of the path to combat cybercrime, a global convention at the UN level has not yet been introduced, and the Budapest Convention on Cybercrime cannot cover all countries, and there are serious differences among countries. The U.S. introduced the Cloud Act in the form of "self-empowerment" to enable it to retrieve data from information network service providers without the authorization of foreign governments, essentially expanding its global data sovereignty jurisdiction and building a unilateral model for data cross-border access. The EU is also contemplating creating a European data production order, following the example of the Cloud Act. The two major legislative trends in the U.S. and Europe have led to a serious unilateral trend in the global data access model, which not only challenges the traditional data access system based on mutual legal assistance treaties, but also ignores the respect for national sovereignty, especially data sovereignty. Our government has always been clearly opposed to this unilateral model of data cross-border access. In the current situation where the laws and regulations on data cross-border access are not perfect, China should continue to improve the laws and regulations on data cross-border access based on the principle of data sovereignty, and at the same time actively promote the implementation of more efficient bilateral judicial assistance agreements. China should also contribute Chinese power and Chinese solutions at the UN level to promote an international convention with global consensus as soon as possible. In the face of unilateral data access across the border, China should do a good job of classifying and protecting data in accordance with the law, and strictly prevent core data and important data from leaving the country. At the same time, enterprises should also answer the "must answer" question of data cross-border access and comply with data cross-border access.

The main body of this paper consists of the following six parts: Chapter 1, which clarifies the background and significance of this paper, reviews the relevant domestic and foreign literature from three perspectives of data cross-border transfer jurisdictional allocation, legal path and latest legislation, and points out the innovation and shortcomings of this paper; Chapter 2, which clarifies the relevant concepts of data cross-border transfer and introduces the realistic background of data cross-border transfer; Chapter 3, which compares the global data cross-border transfer legislation. Chapter 4, based on the review of global legislation, analyzes the current legislative and practical status of data cross-border access in China, and proposes a Chinese path based on data sovereignty. Chapter 5 focuses on the measures for enterprises to comply with data cross-border access, and provides useful suggestions for enterprises in three aspects: identifying compliance requirements, strengthening response capabilities and improving management systems. The concluding remarks review and summarize the whole paper, and look forward to the future synergistic development of regulation and technology, and briefly clarify the areas not yet explored in this paper.