On The Legal Regulation Of The Cross-border Flow Of Personal Information

The most important difference between personal information and personal privacy is how to determine whether the information is private,whether the same information has privacy and how the secret level is different in different situations.Personal information can be transferred across borders by "providing information to third parties" and "accessing or viewing information by third parties".The EU has a long history of human rights protection.It has long regarded citizens' right to information as a basic human right,and has established a series of restrictions on the cross-border movement of personal information based on GDPR.Legislation norms;the United States has signed a series of bilateral or multilateral agreements and uses the “data controller standards” of the CLOUD Act to maintain its dominant position in the information industry and to meet its long-term need for free flow of information and data,and to promote information and The cross-border flow of data maintains established ownership and occupancy advantages for data to maximize economic benefits.The two legal systems are quite different in three aspects.The first is the difference in value orientation: the United States pays attention to the economic value brought by the free flow of information and adopts a loose legislative model,while the European Union pays attention to the protection of personal information and adopts a strict legislative model.The second is the difference of regulatory paths: the eu carries out pre-emptive regulation based on the principle of "sufficiency";The United States conducts ex post facto regulation based on the principle of "accountability".Finally,the differences in regulatory results: the eu has shown a strong influence in the formulation of international rules for cross-border data flows,while the us has enhanced its own voice in the formulation of international rules for cross-border data flows.China has not yet carried out special legislation on personal information,but the "Guide",the "Network Security Law" and its accompanying "Evaluation Methods","Evaluation Guide" and "Safety Regulations" and other laws and regulations constitute a cross-border movement of personal information in China.Rules and regulation.Although the Civil Code's Personality Rights(three drafts of the draft)separately regulates personal information,it is not involved in cross-border movement.Compared with developed countries,China's work on transnational protection of personal information has been carried out relatively late.There are still many shortcomings.It needs to be in the two directions of “improving domestic legal regulation” and “developing international cooperation to join the CBPR system”.The information classification protection,the establishment of the statutory network operator self-assessment supervision mode,the "development of security assessment rules" and the "joining the CBPR system" are improved.