On Data Security Protection Obligations of Internet Service Providers

Abstract

Multiple legal departments must coordinate for internet service providers to meet their data security protection duties. The data security requirement of ISPs necessitates the coordination of multiple legal entities. Observing the data protection obligations of Internet service providers through the lens of a single legal department or a single regulatory regulation is skewed. A better strategy is to concentrate on the issue at hand and to think broadly. By constructing a comprehensive and multi-level data security protection obligation system for Internet service providers based on the "behavior-consequence" model, it is possible to realize the conceptualization and systematization of norms and develop a comprehensive picture of data security. The normative framework of data security protection for ISPs must be constructed using abstract notions, legal principles, and external systems. The "rule-principle" style of legal system construction enables the synchronization of formal and substantive justice, as well as stability and correctness. The normative framework focusing on data security protection is favourable to Internet service provider compliance governance. Effective compliance governance can make ISPs more attentive to the use and security of data.