非法获取计算机信息系统数据罪的行为对象是数据信息，而非数据本体。本罪的数据信息，包括但不限于法律已经予以明确保护的个人信息、隐私、商业秘密、知识产权的电子化信息类型。本罪的保护法益为数据安全法益。对数据安全法益的保密性、可用性、完整性和安全状态，采取数据权限模式识别，即应当在个人数据、企业数据、公共数据的不同权利内容下，予以对应的界定。对非法获取计算机信息系统数据罪的构成要件行为采用复合行为说的观点主张，本罪行为必须具备违反国家规定、侵入或者其他技术手段、获取数据的递进关系，但本文认为，这一主张与体系解释存在冲突，导致着手认定的不当提前和处罚范围的不当限缩。只有采取单一行为说，将侵入或其他技术手段作为获取数据的方式，才能实现刑法第285条三款规定的文义解释与体系解释的融洽性，且与数据信息安全法益相吻合。非法获取计算机信息系统数据罪的行为要素，包括侵入、其他技术手段和获取数据。对侵入的界定，以授权模式为标准，首先需要对授权内容进行合法性、公平性审查，其次从技术原理上分类甄别计算机信息系统安全防护措施，最后从规范目的界定实质的计算机信息系统安全防护措施，逐步验证“侵入”的实质违法性。基于权限模式下的数据信息安全法益和同类解释规则，“其他技术手段”和“侵入”的上位概念是“以未经授权的技术手段获取数据”，这是对非法获取数据单一行为的限缩。“获取”数据，是指复制、下载、创建数据副本，实现行为人对数据代码的控制，数据控制无需独占性、排他性，不包括单纯知悉。在“定性＋定量”的立法模式框架下，要注重“定性”对罪质罪量的均衡评价，比较不同罪名间定罪量刑标准的合理性，基于法益性质的差异，限缩适用“情节特别严重”。行为人无正当依据，无视平台所设置的合法有效的爬虫协议，突破平台设置的计算机信息系统防护措施和数据安全防护措施，爬取他人具有价值属性和权利基础的数据的，构成非法获取计算机信息系统数据罪。批量注册互联网账号的行为，不构成非法侵入计算机信息系统罪与非法获取计算机信息系统数据罪，应以行为所侵害的具体法益确定适当的罪名。

The object of the crime of illegally obtaining data from computer information systems is information, not the data itself. The information of this crime include, but are not limited to, electronic information types of personal information, privacy, trade secrets, and intellectual property rights that have been expressly protected by law. The legal interest of this crime is data security. The confidentiality, availability, integrity, and security status of legal interests in data security are to be identified by data authority patterns, that is, they should be defined accordingly under the different rights content of personal data, enterprise data, and public data.The argument of adopting the composite act theory on the constitutive elements of the crime of illegally obtaining computer information system data asserts that this crime must have a progressive relationship of violating state regulations, intrusion or other technical means, and obtaining data at the same time, but this article argues that this proposition conflicts with the system interpretation, resulting in the improper advance of the initial determination and the improper limitation of the scope of punishment. Only by adopting a single act theory and using intrusion or other technical means as a means of obtaining data can the harmony between the literal interpretation and the systematic interpretation provided for in the third paragraph of Article 285 of the Criminal Law be realized, and it is consistent with the legal interests of data and information security.The elements of the offence of illegally obtaining data from computer information system include trespassing, other technical means and access to data. To define intrusion, based on the authorization model, it is first necessary to review the legality and fairness of the authorized content, secondly, classify and screen the security protection measures of the computer information system from the technical principle, and finally define the substantive security protection measures of the computer information system from the purpose of the specification, and gradually verify the substantive illegality of the "intrusion". Based on the legal interests of data information security under the permission model and the rules of interpretation of the same kind, the higher-level concepts of "other technical means" and "intrusion" are "obtaining data by unauthorized technical means", which is a restriction on the single act of illegally obtaining data. "Acquisition" of data refers to copying, downloading, and creating copies of data to achieve the actor‘s control over the data code, and data control does not require exclusivity or exclusivity, and does not include intelligence. Under the framework of the "qualitative + quantitative" legislative model, it is necessary to pay attention to the balanced evaluation of the quality and quantity of crimes by "qualitative", compare the reasonableness of the conviction and sentencing standards between different crimes, and limit the application of "especially serious circumstances" based on the differences in the nature of legal interests.Where the perpetrator ignores the lawful and effective crawler protocol set up by the platform without a legitimate basis, breaks through the computer information system protection measures and data security protection measures set up by the platform, and crawls the data of others with valuable attributes and rights basis, it constitutes the crime of illegally obtaining computer information system data. The act of registering Internet accounts in bulk does not constitute the crime of invading computer information systems or the crime of illegally obtaining computer information system data, and the appropriate crime should be determined based on the specific legal interests infringed by the acts.