International Regulation Of Transborder Data Flow And China's Response

In recent years,the wave of big data has swept across the world,Data has become a common productive factor.Competition among countries has gradually turned to the control of data resources.Under the background of globalization and digitization,cross-border collection,storage,use and transfer of personal data has become a common phenomenon in global trade.Transborder flows of personal data is conducive to the development of domestic economy and innovation of technology,but for national security,personal information protection and other purposes,the state will restrict data for cross-border transfer.Since data cross-border transfer involves the coordination of domestic and international rules,there are multiple regulatory objectives.Data cross-border transfer exists the conflict between personal data protection(especially personal privacy)and the free cross-border transfer of data,as well as the conflict between national security and the free transfer of data of data.The complete restriction of the free flow of data and the complete liberalization of data across borders without regulation are not conducive to the development of a national economy.Therefore,how to balance the relationship between these regulatory objectives is the theoretical basis for studying the rules of data cross-border transfer.For each country or region,regional organization,and international organization,coordinating these regulatory objectives is the basic goal of establishing rules of cross-border data flow,and it is also the reason for differences and conflicts exist in data cross-border flow rules among countries or regions.Since the OECD proposed the concept of “Transborder Data Flows” in the 1970 s,various countries have formulated their own regulations of personal data protection.It is undeniable that due to the early start and wide range of applications,the personal data protection law in Europe has the most far-reaching impact in the world.Because of the historical tradition of protection of human rights,the EU has adopted a “adequate level of protection” assessment standard in rules of transborder data flows.However,Because the process of identification is too cumbersome and the EU's own high level of personal data protection,few countries can actually meet the “adequate level of protection” standard.The development of “Standard Contractual Clauses” and “the Binding Corporate Rules”have alleviated the strict restrictions on the cross-border flow of data to some extent.Based on industry self-discipline,APEC takes industry self-discipline as its starting point and formulates another cross-border data flow rule based on the principle of "accountability" which is different from the EU model.It should be emphasized that the United States has played a leading role in the formulation of the APEC rules by leveraging its political and economic strength and its influence in the Asia-Pacific region.It should be emphasized that the United States,with its own political and economic strength and influence in the Asia-Pacific region,played a leading role in the formulation of APEC's rules of transborder data flows.The two sets of regulatory systems differ in value orientation,ways of regulation,and regulatory effectiveness,but they gradually show a trend of integration.The cross-border transfer of personal data has a characteristic of globalized,and the excessive restriction of cross-border data flow in many countries is actually not conducive to the development of global trade,especially e-commerce transactions.It is necessary to deepen the international cooperation on cross-border data flow.Whether by bilateral cooperation or multilateral cooperation mechanism,it is difficult to formulate a set of uniform data cross-border flow rules.The failure of the Safe Harbor Agreement between the United States and Europe is the best proof.However,it is in this constant alternation of conflicts and cooperation that we can better promote the unification of different international rules.“Cybersecurity Law of the People's Republic of China” promulgated in 2017 coordinated the regulations of cross-border data flow in various fields,and formed a regulation system of "one law,one method,two standards" in regulating transborder data flows.There are hills whose stones are good for working jade.The legislation on cross-border transfer of data in China started late,and there are also many shortcomings.According to the international regulatory system between the EU and the United States and the cooperation practices between various countries and regions,how to improve China's security assessment system,enterprise self-discipline,personal data legislation,and how to enhance the voice of the country in international rule-making,will become an important issue to be considered in the future.