The EU General Data Protection Legal System And China's Legal Response

With the development of Internet technology in the depth direction,data is exploding in an exponential manner,and the Internet has accelerated its international flow,and people's capability to collect and process data has become stronger and stronger,the world has entered the era of “data-driven”.At the same time,the demand for legal and reasonable regulation of data generation,processing and storage has increased.At a time when data is being treated as “new oil”,countries around the world are accelerating the speed of legislation on data protection and striving to occupy a favorable position in the international data economy competition.Among them,the protection of data legislation in Europe dates back to the 1940 s.In World War II,Fascism used computer-stored general data to grasp population information and accurately attack the Jewish nation,resulting in thousands of heinous tragedies.Since then,the concept of protection of personal information among European citizens has been established.At the same time,the legislatures of various countries have paid more attention to the protection of general data,and have strengthened the legislation and supervision,so that the legislative work of data protection in the EU in terms of legislative speed,legislative quality,and supervision plays a leading role in the world.The European Union's General Data Protection Regulations(hereinafter referred to as the “GDPR”),which came into effect in 2018,is called “the moststringent data protection law in history” and provides a legislative template version for data protection in other jurisdictions around the world.The creation of new types of rights,data cross-border rules,distribution of rights and obligations,institutional settings,and strong extraterritorialapplicationeffectiveness,andthe highfines settings bothaffectedglobally.The respondence is taken based on influence,this paper aims to introduce the legislative response to personal information and data protection in China combined with China's actual national conditions,through the introduction of the GDPR,from the dimension of global influencebroughtbyit,dividingitintotwoparts,qualitativeinfluenceandquantitativeinfluence.In the EU,because of the laws that can be directly applied to member states,the unification of data rules will effectively resist the data economic monopoly from other countries and help establishing EU single digital economy market;Specifically,in the credit reporting industry,the data subject exercising the forgotten right can erase certain key information,impairing the integrity and credibility of the credit report,increasing the risk of misjudgment of the fund provider's investment.Furthermore,if thedata subject opposes dataportraits andfeature analysis,the credit reporting agency cannot analyze the consumer's data for automated features,which will increase the difficulty and complexity of the credit business.Secondly,for the e-commerce industry,the marketing model for accurate advertising using data images will also be limited.In addition to the influence on the business community,there are influence on the choice of judicial jurisdiction.EU residents can directly file an independent private damages lawsuit on data protection issues,cancelling the pre-approval administrative procedures.And the case can no longer be transferred outside EU for trial,which highlights the EU's absolute requirements for data protection standards.It cannot reserve any space for the technology giant circumventing the law.At the same time,however,the GDPR has both advantages and disadvantages.The various restrictions on data exchange and data processing,while fully protecting the rights of data subjects,also hinder the smooth progress of network protection work.The operation of international cybercrime organizations usually uses shared data to jointly combat cybercrime,butthe tendency to protect the rights of data subjects will isolate the way data is shared,making it harder for cybercrime and providing potential,convenience for Internet criminals,leading a negativeimpactonoverall securityoftheInternet.From the perspective of quantitative change,the EU digital trade has been subject to the monopoly of the United States.The fragmentation of regulatory regulations has led to the backwardness of the digital industry and is quite unfavorable to the development of the EU's long-term digital economy.The validity of the GDPR has provided targeted legal support for the local digital economy,increased the cost and standards of data processing US multinationals enterprises pay trading in Europe,and indirectly released the vitality of local digital services.The reaction of the superstructure to the economic basement can be manifested in the development of information technology.Because the requirements of the GDPR for data processing capabilities,functions,and the exercise of rights are more advanced than the existing operational procedures,The advancement of science and technology can meet the compliance requirements,and promote the progress of global information technology research and development.At the superstructure level,the GDPR has driven the data protection legislation of many countries in the world.Many countries have followed EU in general data regulation path and institutional design ideas,enacting their own national general data protection law.California,Brazil,India and other regions have updated data bill with new data rights,specifying basic principles or extraterritorial effectiveness of the legislative.At the same time,China also added the Personal Information Protection Law to the National People Congress' s legislative plan in 2018.Although China has responded to data protection in many existing laws and regulations,the overall provisions are too principled.In view of the fact that other countries in the world have established or improved their national data protection legal systems with GDPR regulatory wave,considering escorting China's external digital economy and obtaining legislative guarantees and support at the institutionallevel,thelegislationofdataprotectionshouldalsoberefined.In fact,China's existing norms have the rudimentary form of these kind of individual rights,but they are too general.To carry out the legal transplant,it is necessary to introduce dialectically based on China's national conditions,taking into account the two projects of rights protection and free flow of data.The author believes that for the principle of informed consent,given the huge size of Internet users in China,consent shall be the most important source but not the only source of legitimacy for personal information processing.Because China's digital economy is still in the ascendant stage,over-emphasizing the consent elements of data subjects will largely hinder the processing efficiency and even further affect the development of digital trade.Second,the principled rules should be refined and clearly defined.For example,in addition to express consent,certain special actions can be classified into the presumptive consent category;increasing the criteria for consent when dealing with sensitive information;attributing the burden of proving consent to data operators;adding the means of protection for juveniles and consider the authorization and consent of his or her guardian;ensuring that the consent can be withdrawn at any time.In the specific rights setting,in view of the balance of freedom of speech and the right to know,the right to be forgotten should be strictly restricted,and may be deleted or can be handled anonymously under statutory conditions to realize the accuracy and completeness of the information;for the right to data portability,because the technical requirements are too high,it may increase the operating costs of SMEs(small and medium-size enterprise),and bring investment pressure on production and design,so the necessity and possibility of introducing this right arenotobvious.In the rules of cross-border transportation of personal information,it is necessary to establish a coordination concept of data sovereignty and data circulation,and establish flexible circulation rules based on data localization.In principle,the control,storage and processing of data should be carried out in the country,but exceptions can be extended to increase the flexibility of the rules.The author believes that this aspect relies more on the establishment of international rules.The solution to the fragmentation of multinational assessment standards is the key to promoting globaldata securityandfreecirculation.In terms of the extraterritorial effect of the law,the GDPR greatly expanded the scope of jurisdiction by establishing an extraterritorial application clause to regulate the global treatment of the general data of EU residents.Moreover,more and more countries choose to try changing from territorial jurisdiction to personal jurisdiction.As a result,if the domestic data processing requirements are not met,all enterprises that conduct overseas business in China must adopt various compliance measures to adapt to the general data protection standards and requirements of each country because of the extraterritorial clause.If the same international standard is adopted,the company will not apply two sets of domestic and overseas standards for data compliance,and the production and operation costs will not be greatly increased and not be forced to be disadvantaged in the international competition of digital trade.On the other hand,if China ignores the establishment of this clause,the security of storing or processing the general data of Chinese residents who are outside the country cannot be guaranteed.Based on the above two points,while improving the requirements of national laws for universal data protection,it is necessary to establish an extraterritorial application clause to include the behavior of multinational enterprises that collecting,storing and processing Chinese resident data into the scopeofthe norm.Finally,the rule of jurisdiction for data protection cases shall be clarified.Considerring the current stage of data industry and the allocation of judicial resources,it is recommended to set up an administrative pre-procedure.If the complaint or the respondent is dissatisfied about the judgement of administrative authority,they could file a lawsuit to the court which is the administrativelocated.All in all,in the current global data legislation,China must respond to this in legislative work,accelerating the legislative process of the Personal Information Protection Law,improving the standards and requirements of data controllers and processors for data collection,storage and processing,clarifying data circulation rules,advocating the establishment of global unifiedcirculation standards,and establishing extraterritorial applicable provisions to maintain data sovereignty.In order to strive to link with international leading standards and occupy a favorable position in the global digital trade competition,a sound legal system to escort the digital economy isessential.