Abstract: The concept of data sovereignty derives from national sovereignty theory, emphasizing on the exclusive rights of the nation. The data has some attributes of the “thing”, and thus the utilization of data is similar as that of thing. All these can attribute the exclusive control of the subject on the application of data. The broad concept of data sovereignty includes the national data power and personal data rights. The crossborder data flows have brought challenges to national sovereignty and posed issues regarding data retention, private relief and enterprise's compliance. The legislation of Cybersecurity Law in our country should provide the principle of data sovereignty, enhance the consciousness of national sovereignty, strengthen the national exclusive power on data and clarify the boundaries between the national power and the private rights regarding data, which can be helpful to deal with the challenge and issues posed by crossborder data flows.

Key words: data sovereignty, national sovereignty, crossborder data, exclusive rights, cyber security

摘要： 数据主权概念源自国家主权理论，强调国家主体对于数据的管控权.数据具有类似“物”的属性，人对数据的利用类似对物的利用.这都使得主体可以控制数据的使用.广义的数据主权包括国家数据权力与私人数据权利.数据跨境流动对数据主权带来了一系列挑战，包括给国家数据主权带来冲击、数据存留与否存在争议、私人权利救济难度增加以及企业法律遵从缺乏明确指引.我国网络安全立法应增加数据主权原则，可加强数据主权意识，强化国家数据管控权，与此同时，厘清公私主体之间的数据权界限，可对数据跨境问题有所裨益.

关键词: 数据主权, 国家主权, 跨境数据, 管控权, 网络安全法