Font Size: a A A

Research On The Legal Regulation Of Cross-border Movement Of Personal Data

Posted on:2020-08-27Degree:MasterType:Thesis
Country:ChinaCandidate:Y KongFull Text:PDF
GTID:2416330623453500Subject:International Law
Abstract/Summary:PDF Full Text Request
The large-scale cross-border flow of personal data has a driving role in the global economy and has a traction on the development of the industry.In particular,the flow of cross-border data is of great importance to today's world economy.However,the cross-border flow of data has also caused a huge threat to personal privacy and national information security.Many countries have begun to formulate regulations to restrict the flow of data and the inflow,which has brought great negative impact on economic development.Therefore,how to balance the good data protection at the international level and ensure the free flow of cross-border data,while taking into account the autonomy of data protection,has become a difficult problem today.Various international statutes are also actively working to solve the above three major problems.China should also learn from the existing regulatory methods for cross-border movement of personal data,establish appropriate regulatory policies,protect China's data security,and reduce the impact of cross-border movement of personal data on China's economy.To achieve the free flow of personal data in the world,we should first reach a consensus on the concept of cross-border flow of personal data.From the current legislation on cross-border data flow,we can sum up the data in the cross-border flow of personal data."The understanding can be divided into two categories:First,the country represented by the European Union holds the"personal data theory",that is,the unprocessed data in the ordinary sense;Second,the country represented by the United States holds the "personal identifiable information theory",that is,the information that has been processed and processed by the data.Although “personal data” and “personally identifiable information” are slightly different in meaning,they are often mixed in practice and have fundamental differences in legal documents.Some scholars believe that cross-border data flow regulations should also include government data.The author believes that government data is divided into two types,one is state secrets and national security information.Such information involves the core interests of the country.The state strictly maintains confidentiality and restrictions,and there is no need for cross-border flows and necessity;The second is the data disclosed in accordance with the law,which falls within the scope of relevant laws and regulations such as the State Administrative Law and does not involve the supervision of cross-border data flows.Therefore,this article does not include cross-border mobile regulation of government data into the discussion.As economic globalization is proceeding in an unstoppable trend,global cross-border data flows are also flooding the world.The cross-border movement of personal data is not only the result of economic globalization,but also a lubricant for economic globalization.Along with the development of technology,scandals such as “prism gates” that infringe on personal data have also occurred frequently.It is not uncommon for users to leak data on certain platforms in China.Therefore,the significance of legislation to protect personal data is self-evident,and countries have actively developed domestic data protection laws.On the one hand,the domestic data protection law protects the security of citizens' personal data.On the other hand,it also hinders the cross-border movement of personal data and even forms new trade barriers.Therefore,the legislation of cross-border movement of personal data should have double legislative value: it must ensure the free flow of cross-border data,and the security of personal data should be well protected.However,since the Second World War,the development of privacy law has promoted the initiation of cross-border mobile legislation for personal data,but so farthere has not been a unified international legislative document with coercive and binding nature.At present,the framework of the legal system for cross-border mobile data has only a globally unified policy guidance document at the international level.Such as the first global standard "Guidelines on privacy protection and personal data flow",the first international organization standard "Guidelines on privacy protection and personal data flow";At the regional level,there are relatively complete and binding legal systems,such as the European General Data Protection Regulations(GDPR)and the APEC Privacy Protection Framework.These legal systems are governed by legislation that ensures the cross-border movement of data and the protection of personal data.Although the legal framework for cross-border movement of personal data is already very rich,the effect of actual implementation remains to be questioned.For example,data protection agencies in 11 of the 27 EU member states cannot fully perform their duties.This shows that the data protection agency can only implement part of the requirements for data transfer in a fragmented and case-by-case manner,and it is impossible to fully implement the EU regulations on the cross-border movement of personal data.The regionalized cross-border flow system of personal data guarantees the free exchange of data between countries in the region to a certain extent.However,the cross-border data outside the region has caused obstacles.How to establish a unified cross-border flow mechanism for personal data has become an urgent problem to be solved.Whereas the OECD's Guide to Privacy Protection and Personal Data Flows and the APEC Privacy Protection Framework provide two possible models for cross-border transfer of personal data and different restrictions on cross-border data transfer across the world,the author believes that there are three possibilities for convergence of future cross-border data flows: First,the inclusion of alternative rules in the third country appropriateness assessment model;Second,add a list of countries that meet the appropriateness assessment under the data controller guarantee model;Third,the integration of binding company rules(BCRs)and cross-border privacy rules systems(CBPRs).Of course,whether the above three possibilities for integration can be achieved depends to a large extent onwhether and to what extent different countries are willing to give up their control over data.In addition to the differences in national legislation on cross-border data flows that can hinder cross-border data flows,the need for data localization is a real obstacle to cross-border data flows worldwide.Data localization is not a new issue.As early as the 1970 s,data localization policies have emerged along with the rapid development of computer information technology and the Internet.Early data localization policies were concentrated in developing countries,as feared the tide of economic globalization.Many developing countries believe that the cross-border movement of personal data will only benefit developed countries,and accelerate the economic aggression,data plundering of developed countries against their own countries,and even the state's political power and social stability.As early as 1979,Brazil established the “Special Secretariat for the Information Industry” to review the cross-border flow of data and decide whether to approve the cross-border flow of the data.The “Prism Gate” incident in 2013 pushed the security issue of cross-border flow of personal data to the forefront,and more than 20 countries have developed data localization policies since then,and data localization has become a global trend.According to the restrictions on the cross-border flow of personal data,the data localization policy can be roughly divided into the following three modes: First,the rigidity is prohibited from flowing;Second,the flexible flow-free mode;Third,the local backup flow mode.The “data localization” data collected or generated in the country is stored in the country,so the policy requirements contain multiple objectives of a country: national security,public morality or public order,personal privacy protection,and domestic law enforcement needs.However,such requirements usually do not meet the goals of policy designers.Sometimes they are not conducive to local businesses and consumers,and often have negative consequences for domestic companies and foreign companies they target.At the same time,the data localization policy itself still has many problems,such as the necessity of data localization measures.Some peoplethink that the data localization measures are an overreaction to the US “prism plan”and aim to satisfy the people's demands;In addition,the lack of local data protection is insufficient,and the lack of transparency in policy implementation is also the problem of data localization.Today,with the increasingly close global economic relations,more and more countries and regions need to exchange data,and cross-border transmission of personal data has become more and more common.As the world's second largest economy,China has huge cross-border data flow needs and has great potential for development.According to the statistics of the Ali Research Institute,the scale of cross-border e-commerce transactions in China reached 4.8 trillion yuan in 2015,a year-on-year increase of 28%.It is estimated that by 2020,the scale of cross-border e-commerce transactions will reach 12 trillion yuan,accounting for about 37.6% of China's total import and export volume.In addition,more and more Chinese companies are growing into global companies and are beginning to “go global”.Coupled with the broad development space brought by the national “Belt and Road”strategy to cross-border e-commerce,cross-border data flow has great significance for China's foreign trade and economic development.On the other hand,new technologies such as cloud computing,big data,mobile Internet,and intelligent terminals that are rapidly spreading have brought new threats to privacy and data security.The practical need to protect personal information security and national information security is growing.In this context,based on the current international pattern of cross-border movement of personal data,examining the relevant legislation in China and exploring the specific path of constructing cross-border rules for data in China is an important task before us.From a historical perspective,50 years ago,Germany,France,Italy,the Netherlands,Belgium,and Luxembourg were still planning the construction of the European Community.The cross-border flow of data between Europe and the United States has just begun.At that time,the focus of cross-border data negotiations was political autonomy and economic security.At that time,the global business ofcomputer and Internet technology was already in operation in the United States.At that time,China was still still trying to explore the normalization of Sino-US relations and economic construction.Fifty years later,the United States is the strongest country in the world,and six of the world's top ten Internet companies belong to the United States.China's rise has become the world's second largest economy,and its Internet development speed has also risen sharply in recent years.Internet giants such as Huawei and Baidu have emerged.The United States began to suppress China on the grounds of safeguarding national security,protecting intellectual property rights,and protecting citizens' privacy.For example,this year's "cross-cutting" of Huawei's multinational business is the best example.Europe has been transformed from the European Community to the European Union.The overall economic form is relatively stable,and the development of cross-border data has not yet grown by leaps and bounds.There are also fewer large international Internet companies.In the era of the European Community,personal data security as part of the right to privacy as a bargaining chip between Europe and the United States,the European Union still uses personal data security as a bargaining chip with the United States,but personal data security has evolved from privacy rights to An independent basic human right that can greatly protect the security of personal data.Although the cross-border flow of data in China is developing rapidly and the demand for cross-border data flow is large,in the field of data cross-border flow regulation,China started late.In recent years,the government has begun to pay attention to the problem of cross-border transmission of data.However,there is still no independent law on the cross-border flow of data,and the relevant content is scattered among various laws,regulations and departmental regulations.The stone of other mountains can attack jade.Since the necessary restrictions on cross-border data transmission help to protect against domestic and foreign network security threats,protect data security and citizens' privacy rights,it is in line with China's actual needs,and China is not perfect in this respect.Therefore,China should learn from the more successful international regulatory methods,establish appropriate regulatory policies,protect China's data security,and reduce theimpact of data cross-border movements on China's economy.However,specific restrictions should still be considered in coordination with existing relevant international rules.
Keywords/Search Tags:Data Security, Data Protection Law, Data Flow Regulation
PDF Full Text Request
Related items