判断个人信息要不要按“数据出境”来合规，真正的分界从来不是它去了哪个“国家”，而是它有没有越过中华人民共和国的“境”。问题在于，这个“境”究竟指什么。

在传统的法律语境里，“境”与国界重合：出了国界就是境外，无须细究二者。但数据治理是按“法域”划界的，而不是按主权或国界划界。多数情形下两者仍然重合，可一旦遇到香港，它们便首次分离：香港在主权上属于中国，在法域上却自成一体。于是同一条边界裂为两条，一笔在主权意义上“一国之内”的数据流动，在法律意义上却是“数据出境”。

设想一个常见的场景：一家内地公司要把一批客户个人信息（姓名、电话，乃至消费偏好）提供给香港的合作方。若按国界的旧直觉，双方同在一国之内，似乎签份保密协议、走个内部流程也就够了；可按法域的判准，数据已经跨过治理边界，必须按出境处理。向香港提供个人信息之所以构成出境、之所以既能享大湾区的便利又要承担香港本地的义务，根源都在这一条边界的分离。本文就沿着这条“法域之境”，把涉港个人信息出境的判断框架讲清楚。

一、数据法上的“境”是法域之境，而非主权之境

何以见得数据法上的“境”是按法域、而非按主权或地理划定的？实定法给了四重印证。

其一，《个人信息保护法》规范跨境提供时，所用表述是“向中华人民共和国境外提供”¹，而不是“国外”。“境外”与“国外”一字之差，是有意为之：前者指向法域边界，后者才指向国界。其二，“境外”的含义在我国法律体系中是确定的。《出境入境管理法》第八十九条界定的“出境”，明确包含由中国内地前往香港、澳门特别行政区²；出境的终点即是境外，既然由内地前往香港在法律上构成出境，香港相对于内地便属于境外。其三，香港虽是中国领土，却是单独法域、单独关税区，本就拥有独立的法律与治理边界。其四，就数据流动而言，国家网信部门与香港特区政府联合发布的文件，径直把内地与香港之间称为“跨境流动”³。

四者指向同一个结论：决定数据是否“出境”的，是它有没有越过法域的治理边界，而不是数据存放在哪台服务器，也不是当事人主观上把它当作“集团内部”还是“对外提供”。常有人以为“数据没出国就不算出境”，这恰恰是把主权或物理位置的直觉，错当成了法域之境的判准。只要个人信息被提供给香港一方（包括使香港主体能够访问、调取），自提供完成时起即已出境，《个人信息保护法》第三十八条、第三十九条设定的出境规则随之启动。

至于开篇设想的保密协议，它至多为接收方设定合同上的义务，并不能替代法律为出境规定的路径，以及单独同意、影响评估等程序；边界既已跨过，该走的出境合规一步也少不了。明确了“境在法域”这一点，接下来要回答的就不再是“要不要按出境处理”，而是“这笔出境应当落到哪一条路径、负担哪些义务”。

二、法域既已分离，向境外提供便触发内地法的成本核算：分档由三项限定共同框定，单独同意则取决于合法性基础

边界一旦跨过，内地法就要对这笔出境做一次“成本核算”：走哪条程序、再附加哪些义务。这件事的难处不在记住条文，而在准确判断这笔流动落在何处。

《个人信息保护法》第三十八条本设有安全评估、保护认证、标准合同三条出境路径。实务印象多停留在“必须经过安全评估”一条，这是 2024 年 3 月以前的旧况；国家网信办《促进和规范数据跨境流动规定》施行后，触发门槛大幅上调，并按数量分档⁴。判断走哪条路径，要先在三项要素上定位：接收人数有多少、是否包含敏感个人信息、是否涉及重要数据。

以非关键信息基础设施运营者、不含重要数据、自当年 1 月 1 日起累计计算：普通个人信息不满 10 万人的，免予安全评估、标准合同、保护认证这三项程序（但下文所述的单独同意与影响评估义务仍然存在）；普通个人信息 10 万至不满 100 万人，或者敏感个人信息不满 1 万人的，在标准合同与保护认证之间任选其一即可，二者是并列择一，而不是先签合同、再做认证的递进关系；普通个人信息 100 万人以上，或者敏感个人信息 1 万人以上，或者涉及重要数据，或者处理者本身就是关键信息基础设施运营者的，应当申报安全评估。同时触及多项条件的，从其最高一档适用。

“自当年 1 月起累计”“是否含敏感”“是否涉重要数据”三项限定缺一不可，漏算一项，结论就可能错置一档；重要数据尤其要留意：一旦被识别为重要数据，原则上不论数量多少都须申报安全评估，不享受任何数量豁免。

档位决定的是程序路径。在路径之外，还有两项义务并不随档位降低而免除：向个人单独告知并取得单独同意⁵，以及事前进行个人信息保护影响评估⁶。这里最见判断与查表之别的，是单独同意：它并不挂在“出境”这个动作上、凡出境必取，而是挂靠在这批信息处理的合法性基础上。只有当合法性基础本身就是“同意”时，单独同意才是必需的；如果依据的是“为订立、履行合同所必需”等其他合法事由，出境未必以单独同意为前提⁷。把“向境外提供一概都要单独同意”当成铁律，正是用清单思维代替了定位判断。

三、大湾区标准合同是“主权同一”带来的便利：框架内不设数量与敏感门槛、以备案替代安评，便利与位阶之争是同一枚硬币的两面

如果说前一节是法域分离带来的成本，那么大湾区标准合同就是它的另一面：主权同一带来的便利。

正因为香港在主权上属内、与内地同处一个国家，“湾区”才有可能成为一个相对独立的数据治理共同体。2023 年底，国家网信办与香港特区政府创新科技及工业局联合公布《粤港澳大湾区（内地、香港）个人信息跨境流动标准合同》⁸。它最实在的好处，是在框架适用范围内对出境个人信息的数量与敏感程度不另设门槛（重要数据除外）：原本因超过阈值而需要安全评估的情形，在大湾区框架下可以改走更轻的标准合同路径。

但这条更短的路有明确边界，不能一见便利就以为足够。其一是地域：内地一方限于大湾区内地九市，对象限于香港，超出范围即不适用。其二是数据类型：重要数据排除在外，仍按严格规则处理。其三是义务：被简化的只是评估的内容与路径，而不是义务本身的免除，影响评估仍要做、标准合同仍要备案。换言之，放宽的是安全评估的触发门槛，出境本身的义务一项也没有少。

便利的另一面，是一桩尚未定论的法律之争，出方案时应当如实点明。这一安排放宽的，是部门规章所设定的出境阈值，于是有一种意见认为“下位规则放宽上位规则”的疑问尚未完全消除；也有一种意见指出，《个人信息保护法》第三十八条本就授权“国家网信部门规定的其他条件”作为出境路径之一，大湾区标准合同若落入这一兜底条款，便未必构成位阶倒置。这场争论的实质，正是“主权同一能否软化法域分离”。它在实务中已是通行做法，但律师为客户出具方案时应当把这一背景讲清，而不是当作万无一失的捷径。

四、香港本地义务是“法域分离”的对价：香港侧没有生效的跨境移转专门管制，真正的约束来自使用目的限制等保障资料原则

法域分离是双向的。数据进入香港后，并不因为已在内地办妥出境手续就一身轻松，香港自有一套独立的治理逻辑，这是法域属外的对价。

数据入港后受香港《个人资料（私隐）条例》约束。其中有一处反差值得专门指出：该条例第 33 条本是限制个人资料移转至香港以外地方的条款，却自上世纪九十年代制定至今始终没有生效⁹。就“资料从香港再向外移转”而言，香港一侧并没有一条专门针对跨境移转的生效管制条款。

但“没有专门的跨境移转管制”不等于“没有约束”。香港的“异”，不在一道关卡，而在一套与内地并不对齐的目的约束。真正起作用的是它的保障资料原则，其中尤以使用目的限制为关键：超出收集时目的的新用途，需要另行取得资料当事人的明确同意；私隐专员公署也发布了跨境转移的建议合约条款供机构采用，但其性质是建议而非强制¹⁰。2021 年，香港进一步将“起底”行为入罪，为个人资料保护增加了刑事制裁。

对内地企业来说，这意味着：在内地完成出境程序，并不等于在香港一侧就没有义务。香港接收方如何使用、用在何处、是否再行转移，是另一套需要同时满足的规则，也为下一节两地口径的衔接埋下伏笔。（本节涉及的香港法概念及英文表述，以香港执业律师的意见为准。）

五、双法域合规不是两套清单相加，而是在分离的边界上做出统一判断：同一份授权文本须同时满足两地口径

回到开篇那家公司。它真正要解决的，从来不是“内地有几条、香港有几条”，把两份清单摆在一起逐条勾选。两套清单各自都不算难，难的是同一笔流动要同时落在两条分离的边界上，而这两条边界并不总是对齐。

最能说明这一点的，是合法性基础与使用目的在两地的错位。内地一方若以“为履行合同所必需”作为合法性基础，这笔出境本可不取单独同意；可是数据到了香港，接收方一旦要把它用于收集目的之外的新用途，香港的保障资料原则又要求另行取得当事人的明确同意。同一份授权文本，既要满足内地“要不要单独同意”的判断，又要为香港“改变用途须再同意”预留接口。这一处衔接没有处理好，两地各自看都合规，合到一笔交易里却留下缺口。

专业判断的价值，不在背出两地的义务清单，而在为一笔具体流动做出贯穿两法域的定位；这份判断的产出，不是一摞盖章的程序文件，而是一份经得起复核的“定位说明”。

判断得当，同一份名单就是一条合规又高效的通道；判断失当，轻则备案被退回，重则构成违法出境。也正因为如此，这类事情最好在数据传输之前，先交给熟悉两地规则的人审一遍。至于具体个案，仍要结合数据类型、数量以及所在自由贸易试验区的负面清单等逐项核查；本文给出的是判断的框架，而不是某一笔具体交易的结论。

香港只是这条边界分离最清晰的一个标本。可以预见，随着数据主权规则的展开，“境”会越来越多地按法域、而非按国界来划定；企业要及早建立的，是一套以法域为坐标的数据流动判断框架，而不是继续依赖以国界或服务器位置为坐标的旧直觉。

脚注 · Notes

1. 《中华人民共和国个人信息保护法》第三十八条（2021 年 8 月 20 日通过，2021 年 11 月 1 日施行）：个人信息处理者因业务等需要，确需向中华人民共和国境外提供个人信息的，应当具备下列条件之一：（一）依照本法第四十条的规定通过国家网信部门组织的安全评估；（二）按照国家网信部门的规定经专业机构进行个人信息保护认证；（三）按照国家网信部门制定的标准合同与境外接收方订立合同，约定双方的权利和义务；（四）法律、行政法规或者国家网信部门规定的其他条件。↩
2. 《中华人民共和国出境入境管理法》第八十九条（2013 年 7 月 1 日施行）：出境，是指由中国内地前往其他国家或者地区，由中国内地前往香港特别行政区、澳门特别行政区，由中国大陆前往台湾地区。↩
3. 《粤港澳大湾区（内地、香港）个人信息跨境流动标准合同实施指引》（国家互联网信息办公室、香港特别行政区政府创新科技及工业局，2023 年 12 月公布）；并参国家网信办《数据出境安全评估申报指南》《个人信息出境标准合同备案指南》（第二版，2024 年 3 月），将港澳台接收方列为“境外接收方”。↩
4. 《促进和规范数据跨境流动规定》（国家互联网信息办公室令第 16 号，2024 年 3 月 22 日公布并施行）第三条至第八条。门槛口径以“自当年 1 月 1 日起累计向境外提供”为准，并区分是否含敏感个人信息、是否含重要数据。↩
5. 《个人信息保护法》第三十九条：个人信息处理者向中华人民共和国境外提供个人信息的，应当向个人告知境外接收方的名称或者姓名、联系方式、处理目的、处理方式、个人信息的种类以及个人向境外接收方行使本法规定权利的方式和程序等事项，并取得个人的单独同意。↩
6. 《个人信息保护法》第五十五条：向境外提供个人信息等情形，个人信息处理者应当事前进行个人信息保护影响评估，并对处理情况进行记录。↩
7. 《个人信息出境标准合同办法》（国家互联网信息办公室，2023 年 6 月 1 日施行）附件《个人信息出境标准合同》第二条“个人信息处理者的义务”第（三）项：“基于个人同意向境外提供个人信息的，应当取得个人信息主体的单独同意。”即以“同意”为出境合法性基础时，方以单独同意为前提；合法性基础系其他法定事由的，不在此限。↩
8. 《粤港澳大湾区（内地、香港）个人信息跨境流动标准合同》及实施指引（2023 年 12 月 13 日公布）；其上位合作框架为国家网信办与香港特区政府创新科技及工业局《关于促进粤港澳大湾区数据跨境流动的合作备忘录》（2023 年 6 月 29 日签署）。适用内地一方限于大湾区内地九市，对出境个人信息的数量与敏感程度不设门槛，重要数据除外。↩
9. 香港《个人资料（私隐）条例》（第 486 章）第 33 条（限制个人资料移转至香港以外地方）自条例制定至今尚未生效。↩
10. 香港个人资料私隐专员公署（PCPD）发布的跨境资料转移建议合约条款（Recommended Model Contractual Clauses）属建议性、非强制。↩

Whether personal information must be handled as a “data export” turns, in the end, not on which “country” it goes to, but on whether it has crossed the “border” of the People’s Republic of China. The real question is what that “border” means.

In the traditional legal setting, the “border” coincides with the national frontier: cross the frontier and you are outside the territory, with no need to look further. But data governance draws its lines by “jurisdiction,” not by sovereignty or national frontier. In most cases the two still coincide; with Hong Kong, however, they part company for the first time: Hong Kong belongs to China in sovereignty, yet is a jurisdiction of its own. The single border splits in two, and a data flow that is “within one country” in sovereign terms is an “outbound transfer” in legal terms.

Consider a common scenario: a mainland company wishes to provide a Hong Kong partner with a batch of customer personal information (names, telephone numbers, even consumption preferences). On the old instinct of national frontiers, both sides are within one country, so a confidentiality agreement and an internal process might seem enough; but on the test of jurisdiction, the data has already crossed a governance border and must be handled as outbound. That a provision to Hong Kong constitutes an outbound transfer, and that it both enjoys the convenience of the Greater Bay Area and bears Hong Kong’s local obligations, all trace back to this one separation of borders. This article follows that “jurisdictional border” to set out the framework for judging an outbound transfer of personal information involving Hong Kong.

I. In data law, the “border” is one of jurisdiction, not of sovereignty

How do we know that the “border” in data law is drawn by jurisdiction rather than by sovereignty or geography? The positive law gives four confirmations. First, where it governs cross-border provision, the Personal Information Protection Law (PIPL) uses the expression “provide … outside the territory of the People’s Republic of China”¹, not “abroad”; the difference is deliberate, the former pointing to a jurisdictional border, the latter to a national frontier. Second, the “exit” defined in Article 89 of the Exit and Entry Administration Law expressly includes travel from the mainland to the Hong Kong and Macao Special Administrative Regions²; the destination of an exit is, precisely, outside the territory, so that since travelling from the mainland to Hong Kong constitutes an exit in law, Hong Kong is, relative to the mainland, outside the territory. Third, Hong Kong, though part of China’s territory, is a separate jurisdiction and a separate customs territory, with its own legal and governance boundary. Fourth, as regards data flows, the instrument jointly issued by the national cyberspace authority and the Government of the Hong Kong SAR characterises movement between the mainland and Hong Kong, in so many words, as “cross-border flow”³.

The four point to one conclusion: what decides whether data is “outbound” is whether it has crossed the jurisdictional governance border, not which server holds it, nor whether a party subjectively regards it as “internal to the group” or as “provision to an outsider.” The common belief that “data that has not left the country is not outbound” is exactly the error of taking an instinct of sovereignty or physical location and mistaking it for the test of the jurisdictional border. From the moment personal information is provided to the Hong Kong side (including being made accessible to, or retrievable by, a Hong Kong entity), it has been transferred outside the territory, and the cross-border regime under Articles 38 and 39 of the PIPL is engaged.

As for the confidentiality agreement of the opening scenario, it does no more than impose contractual obligations on the recipient; it cannot substitute for the pathway, the separate consent, or the impact assessment that the law prescribes for an outbound transfer. The border once crossed, not a single step of outbound compliance can be omitted. Once “the border lies in the jurisdiction” is understood, the question is no longer “whether to treat the transfer as outbound,” but “which pathway this outbound transfer falls on, and which obligations it carries.”

II. Once the jurisdictions part, providing data outbound triggers a cost assessment under mainland law: the tier is fixed by three qualifiers together, while separate consent turns on the lawful basis

Once the border is crossed, mainland law must run a “cost assessment” on the transfer: which procedure to follow, and which further obligations attach. The difficulty lies not in remembering the provisions, but in judging accurately where this particular flow falls. Article 38 of the PIPL provides three outbound pathways: a security assessment, protection certification, and a standard contract. The common impression stops at “a security assessment is required,” which was the position prior to March 2024; following the entry into force of the Provisions on Promoting and Regulating Cross-Border Data Flows issued by the Cyberspace Administration of China, the triggering thresholds were substantially raised and tiered by volume⁴. To judge which pathway applies, one must first locate the flow on three elements: how many recipients, whether sensitive personal information is involved, and whether important data is involved.

For a processor that is not a critical information infrastructure operator, that does not involve important data, and counting cumulatively from 1 January of the year: fewer than 100,000 individuals of ordinary personal information are exempt from all three procedures, namely security assessment, standard contract and certification (the separate-consent and impact-assessment obligations below nonetheless remain); 100,000 to fewer than 1,000,000 individuals, or fewer than 10,000 individuals of sensitive personal information, call for a standard contract or protection certification at the processor’s election, the two being alternatives rather than a sequence of contract first and certification afterwards; 1,000,000 individuals or more, or 10,000 individuals or more of sensitive personal information, or any involvement of important data, or where the processor is itself a critical information infrastructure operator, require a declared security assessment. Where more than one condition is met, the highest applicable tier governs.

The three qualifiers, “cumulatively from 1 January,” “whether sensitive,” and “whether important data,” are indispensable; omit one, and the conclusion may fall into the wrong tier. Important data warrants particular care: once it is identified as important data, a security assessment is, in principle, required regardless of volume, with no volume-based exemption.

What the tier determines is the procedural pathway. Beyond the pathway, two obligations do not fall away with a lower tier: separate notice to, and separate consent from, the individual⁵, and a prior personal information protection impact assessment⁶. Here the difference between judgment and checklist is clearest in separate consent: it does not attach to the act of “outbound transfer” such that every transfer must obtain it, but attaches to the lawful basis on which the information is processed. Only where the lawful basis is itself “consent” is separate consent required; where the basis relied upon is “necessity for the conclusion or performance of a contract” or another lawful ground, the transfer need not be predicated on separate consent⁷. To treat “every outbound provision requires separate consent” as an inviolable rule is precisely to substitute checklist thinking for the work of positioning.

III. The Greater Bay Area standard contract is a convenience born of shared sovereignty: within the framework it sets no volume or sensitivity threshold and replaces the security assessment with a filing

If the preceding section is the cost of jurisdictional separation, the Greater Bay Area standard contract is its other face: a convenience born of shared sovereignty. It is precisely because Hong Kong belongs, in sovereignty, within China, sharing one country with the mainland, that the “Bay Area” can become a relatively self-contained data-governance community. At the end of 2023, the Cyberspace Administration of China and the Innovation, Technology and Industry Bureau of the Government of the Hong Kong SAR jointly issued the Standard Contract for the Cross-Border Flow of Personal Information within the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland, Hong Kong)⁸. Its most practical benefit is that, within the scope of the framework, it sets no threshold as to the volume or sensitivity of the personal information transferred (important data excepted): a situation that would otherwise require a security assessment for exceeding the thresholds may, within the GBA framework, instead proceed by the lighter standard-contract route.

But this shorter route has clear boundaries, and one should not be too quick to celebrate. The first is territorial: on the mainland side it is confined to the nine mainland GBA cities, and the recipient is confined to Hong Kong. The second concerns the type of data: important data is excluded and remains subject to the stricter rules. The third concerns the obligations: what is simplified is only the content and route of the assessment, not the obligations themselves; an impact assessment must still be carried out, and the standard contract must still be filed. In other words, what is relaxed is the threshold that triggers a security assessment, while not a single one of the outbound obligations falls away.

The other face of the convenience is an unsettled legal question, which should be stated candidly when advising. What this arrangement relaxes are thresholds set by departmental regulation, so on one view the question of “a lower-ranking rule relaxing a higher-ranking one” has not been entirely dispelled; on another view, Article 38 of the PIPL itself authorises “other conditions provided by the State cyberspace authority” as one of the outbound pathways, so that if the GBA standard contract falls within this catch-all, no inversion of legal hierarchy necessarily arises. The substance of this debate is precisely whether shared sovereignty can soften jurisdictional separation. It is the prevailing approach in practice; but when advising a client this background should be made clear, rather than treated as a fail-safe shortcut.

IV. Hong Kong’s local obligations are the price of jurisdictional separation: no in-force statutory control over cross-border transfer, the real constraint being purpose limitation among the data protection principles

Jurisdictional separation runs both ways. Once the data enters Hong Kong, it does not become weightless merely because the outbound formalities have been completed on the mainland; Hong Kong has its own independent governance logic, and that is the price of being a jurisdiction apart. Once in Hong Kong, the data is subject to the Personal Data (Privacy) Ordinance. One contrast deserves specific mention: section 33 of the Ordinance, which restricts the transfer of personal data to places outside Hong Kong, has, since its enactment in the 1990s, never come into operation⁹. As to “data being further transferred out of Hong Kong,” the Hong Kong side has no in-force statutory provision directed specifically at cross-border transfer.

But “no dedicated control over cross-border transfer” does not mean “no constraint.” Hong Kong’s difference lies not in a checkpoint but in a set of purpose-based constraints not aligned with the mainland’s. What in fact operates are the data protection principles, and in particular the limitation on the purpose of use: a new purpose going beyond that for which the data was collected requires the further express consent of the data subject; the Privacy Commissioner for Personal Data has also issued recommended model contractual clauses for cross-border transfers for organisations to adopt, though these are advisory rather than mandatory¹⁰. In 2021, Hong Kong further criminalised “doxxing,” adding criminal sanction to personal-data protection.

For a mainland enterprise, this means that completing the outbound procedures on the mainland side does not entail the absence of obligations on the Hong Kong side. How the Hong Kong recipient uses the data, for what purposes, and whether it onward-transfers it, is a separate set of rules to be satisfied at the same time, and it lays the ground for reconciling the two sides’ positions in the next section. (The Hong Kong-law concepts and English terms in this section are subject to the opinion of Hong Kong qualified counsel.)

V. Dual-jurisdiction compliance is not the sum of two checklists but a single judgment made along the separated border

Return to the company of the opening. What it truly needs to resolve has never been “so many provisions on the mainland, so many in Hong Kong,” to be set out as two checklists and ticked off one by one. Neither checklist is, in itself, hard; the difficulty is that one and the same flow must sit on both of the separated borders at once, and those two borders are not always aligned. The clearest illustration is the mismatch, across the two sides, between the lawful basis and the purpose of use. If the mainland party relies on “necessity for the performance of a contract” as its lawful basis, the outbound transfer need not obtain separate consent; yet once the data reaches Hong Kong, the moment the recipient wishes to put it to a new use beyond the purpose of collection, Hong Kong’s data protection principles require the further express consent of the data subject. One and the same authorisation text must both satisfy the mainland’s question of “whether separate consent is needed” and leave room for Hong Kong’s “fresh consent on a change of purpose.” Where this junction is mishandled, each side may look compliant on its own, yet a gap is left once they are combined into a single transaction.

The value of professional judgment lies not in reciting the two sides’ obligation checklists, but in making, for a specific flow, a single positioning that runs across both jurisdictions; its product is not a stack of stamped procedural documents, but a reviewable “positioning memo.”

Judged well, the same customer list is a compliant and efficient channel; judged badly, it leads at best to rejection of the filing and at worst to an unlawful outbound transfer. It is for this reason that matters of this kind are best reviewed, before any data is transferred, by someone conversant with the rules on both sides. As for the individual case, it remains necessary to verify the specifics one by one, including the type and volume of the data and the negative list of the pilot free trade zone concerned; what this article offers is the framework for judgment, not the conclusion for any particular transaction. Hong Kong is only the clearest specimen of this separation of borders: as data-sovereignty rules unfold, the “border” will increasingly be drawn by jurisdiction rather than by national frontier, and what enterprises should establish early is a framework for judging data flows by reference to jurisdiction, rather than the old instinct that takes the national frontier or a server’s physical location as its coordinates.