Abstract:In the era of big data, it is not a once-and-for-all thing to establish a data compliance plan on the network platform. Network platforms’ anomie in violation of data compliance management obligations will continue to appear, which will easily bring serious systemic risks, thus endangering the legitimate rights and interests of citizens and public safety, and even national security. At the moment when the enterprise compliance reform is being further promoted, it is necessary to deeply analyze the violation of data compliance management obligations of online platforms and its criminal responsibility from the theoretical level based on the legal forward-looking perspective.Combined with the current situation of relevant laws and regulations and data criminal compliance of network platform, it can be concluded that the data compliance management obligation of network platform has the efficiency of data crime prevention and punishment, and the specificity of obligation content is related to the effectiveness of data compliance plan, which determines that it has the qualification of criminal law obligation. At the same time, before the online platform violates the data compliance management obligations, it should be determined that the basis of the online platform’s criminal responsibility is the revised organizational responsibility theory with the enterprise’s criminal compliance plan as the core. Moreover, the basis of the online platform’s criminal responsibility for violating such obligations lies in the guilt-blaming function of the effective criminal compliance plan. However, in view of the violation of important data compliance management obligations by the network platform, the existing criminal law imputation path is mainly identified as the crime of omission as a joint crime or refusing to perform the obligation of information network security management. After careful analysis, it will be found that both of these schemes have disadvantages in practical application and it is difficult to reasonably regulate such behaviors.Therefore, it is necessary to make criminal legislation to determine the specific criminal responsibility of the network platform for violating the important obligation of compliance management of data as soon as possible. It is necessary to systematically examine the setting of specific charges according to the principle of constitutional proportionality. First, it is necessary to examine whether the behavior regulation meets the requirements of specific criminal policies and the eligibility conditions of criminal law legal interests with the principle of purposeful legitimacy. The second is to examine whether the illegal act violates the ethics of data responsibility and whether the subject of the act has the status of supervisor guarantor by the principle of necessity of means. The third is to examine whether behavior regulation can effectively avoid the damage of specific legal interests and optimize the benefits of data compliance based on the principle of balance between purpose and effect, and then confirm that legislation should add the crime of violating important data compliance management obligations in the form of intentional omission. Specifically, the crime should be set in the crime of disturbing public order in the first section of Chapter VI of the Specific Provisions of the Criminal Law as Article 286. Moreover, regarding the setting of the constitutive requirements of this crime, three points should be made clear. First, the content of this crime’s obligation includes both important data and core data. Second, the elements of this crime’s result should be considered with the seriousness of the circumstances, instead of setting ordering correction. Moreover, the serious circumstances should be comprehensively judged from the aspects of data security level, damage status and the effectiveness of data compliance plan according to the actual threat of inaction to relevant legal interests. Third, the subjective form of this crime can only be intentional and not negligent. This criminal law regulation scheme can not only comprehensively and effectively regulate the serious behaviors of data processors such as network platforms that violate important data compliance management obligations, but also provide clear applicable guidance for judicial personnel to investigate the legal responsibilities of relevant data processors for violating data compliance management obligations, thus contributing to the substantive, standardized and long-term development of enterprise data criminal compliance.
2024, Vol. 54 
