International Regulation Of Cross-Border Flows Of Personal Data

With the development of information construction and big data,more and more cross-border flows of personal data are happening,which becomes one of motive powers of economic globalization.Cross-border flows of personal data promote the economic development,but it may infringe personal rights of data subject.Therefore cross-border data flows should be regulated to promote the free flow of personal data and protect personal rights.At present,there are two different modes-EU and APEC approaches.Study on these rules can help us have a better understanding of their rules,besides,it can also provide some helpful references to improve our own rules on cross-border flows of personal data.The first chapter is an overview of cross-border flows of personal data.It clarifies the definition of personal data and cross-border flow.It also analyses the nature of personal data.In my opinion,personal data has dual values,that is to say,personality right and property right.However,problems arise because of the dual values.When regulating cross-border flows of personal data,the relation between economic development and protection of personal rights has to be considered.In addition,the conflicts between data subject and commercial organizations can't be omitted.There are two approaches-EU and APEC approaches to solve the foregoing issues.The second chapter discusses the EU approach.It mainly introduces the rules of GDPR.About the principles of cross-border flows of personal data,both the adequacy protection principle and principles concerning data processing need to be obeyed.With regard to the methods of cross-border flows of personal data,EU has put forward some creative rules,including adequacy assessment,safeguard measures and exceptions.The third chapter is the APEC approach.It mainly discusses the principles of APEC Privacy Framework and CBPR,which aims at promoting the free flow of personal data.Also the weakness of APEC approach is explored.The fourth chapter makes a comparison between EU and APEC approach.By comparison,EU and APEC has its own strengthens and weaknesses.The EU approach is better to protect personal rights,while the APEC approach is more favorable to develop economy and promote free flow of data.But the two approaches are not contrary to each other.They have shown a tendency of integration.Only by learning from each other,can they be improved and can the dual aims be achieved.The last chapter lies in the establishment of rules regulating cross-border flows of personal data in China.After introducing the relevant legal practice in China,suggestions for improving Chinese regulation of cross-border flows of personal data are put forward.First,a special personal data protection law should be formulated.Second,combine our own reality and refer to the EU and APEC approach at the same time when designing rules on cross-border flows of personal data.On the basic principle,take the accountability approach and strictly stipulate the obligations of the controllers.With regard to the methods,adopt the mode of security assessment and provide for some exceptions.Finally China should take active part in the international cooperation on cross-border flows of personal data.