Research And Reference On The Rules Of Cross-border Transfer Of Personal Data In The European Union

Since the Snowden incident,the cross-border flow of personal data has gradually become a global concern,and countries have formulated relevant regulatory policies in order to strengthen domestic data security protection.At present,all countries have begun to regulate the cross-border flow of personal data.Among them,the EU GDPR rules have attracted worldwide attention.At the same time,the bilateral data flow agreement signed by the EU also reflects the different policy values and mutual compromises in practice when countries face this issue.China has also gradually tightened its legislation on the flow of personal data,and the EU' s richer legislation and judicial practice on the cross-border flow of personal data is of great significance for the formulation of relevant rules in China.This article analyzes the inevitability of the cross-border flow of personal data in the context of contemporary digital trade.However,the rights attributes of personal data and the security impact that it may have on national societies make countries have to regulate their cross-border flows.Therefore,the main question studied in this article is how to balance the protection of personal data subjects and national interests in the context of the global cross-border flow of personal data.In the context of this larger issue,three legal issues that must be faced in regulating the cross-border flow of personal data are proposed: First,which cross-border movements of personal data need to be included in the scope of regulation,and which personal data can be assessed abroad without harming national security or the rights of data subjects?Second,when personal data leaves the country,it will inevitably lead to a significantreduction in the data subject's control over the data.At this time,how should the data transmitter protect the rights of the data subject? Third,in a third country that is the receiving country of data,it has been out of the legal jurisdiction of the data exporting country.What protection standards should the third country meet as a receiving place for personal data? The research content involved in this article will be limited to the above three legal issues.This article consists of the following sections.The introduction introduces questions,clarifies the research value,research significance,main research methods and thesis structure of this article,conducts a literature review,and points out the main innovations and deficiencies of this article.In Chapter 1,the economic nature of personal data determines the inevitable cross-border movement of personal data and the positive role of promoting free cross-border movement in international digital trade,but its rights attributes also determine the need for countries to regulate the cross-border movement of personal data Regulation.First of all,in order to balance the relationship between promoting free trade and protecting national social security and the rights and interests of data subjects,consider what kind of personal data can meet the requirements of the country.Secondly,when the personal data out of the country itself may bring more or less harm to the data subject,think about how to strengthen the data subject's control over their personal data and ensure the realization of their rights and interests.Finally,in order to avoid the possible negative impact of personal data flowing into third countries on data exporting countries and their citizens,what kind of protection standards should the third country as the data receiving country have? After raising the three major legal issues mentioned above,the meaning of "personal data" and "cross-border data flow" discussed in this article is then clarified.In Chapter 2-4,analyzes the EU' s answers to the three major questions studied in this article from the perspective of EU internal legislation and justice.Chapter 2 answers the first legal question.The European Union first clarified that personal data that needs to be regulated should be "identifiable".At the same time,the EU divides the types of personal data by using "general data" and "sensitive data" as standards,and stipulates corresponding cross-border flow restrictions based on the above types of personal data.When determining whether personal data should be evaluated for cross-border transmission,the GDPR provides a unique data protection impact assessment mechanism(DPIA),which clarifies the circumstances and content of evaluations.Chapter 3 answers the second legal question.The EU responds in three ways to protecting the rights of data subjects when personal data flows across borders.First,the principled rules need to run through the entire process of cross-border flow of personal data;Secondly,the content of the notification of the data transmitter should be accurate and detailed,and the method of notification should be simple,clear and easy to obtain;Thirdly,the "valid" consent of the data subject must be obtained and the validity elements must be met.Chapter 4 answers the third legal question.In the GDPR,the European Union clarified that the premise of free transfer of personal data with the European Union is that the data receiving place outside the European Union meets the "sufficient" protection standard.Among them,the European and American "Privacy Shield Agreement" signed by the European Union and the EU-Japan bilateral data cross-border flow agreement It provides an important basis for judging the adequacy standard.In addition,the EU also affirmed that the standard contract clauses and binding company rules are complementary,allowing data transmitters and data receivers to negotiate and meet the corresponding rules.In Chapter 5,put forward some suggestions for the cross-border flow of personal data in China on the basis of summarizing the above-mentioned EU' s rules.China already has some regulations on three major legal issues,but there are deficiencies.First of all,there are inconsistencies in the classification and protection of personal information,and excessive compliance costs have also been set for enterprises in the assessment of the exit of personal information.Second,the lack of a unified personal information protection law leads to the inability to protect information subjects when leaving the country.Finally,The lack of clear standards for receiving information brings uncertainty to the protection of personal information after receiving it.Next,we propose corresponding improvement measures.First,set stricter exit standards for sensitive data and reduce the difficulty of evaluation;second,clarify the elements ofdata subject protection in the existing rules,and clarify the relationship between different regulations;finally,we must actively use Alternative rules and participate in the negotiation of bilateral agreements.In the concluding part,the context of the article and the logic of the argument are sorted out.The EU 's rich internal legislation and judicial practice and the signing of bilateral agreements are the key research objects of this article,but the fundamental purpose is to improve the legal framework of China 's personal information departure in recent years.