Research On The EU Adequacy Decision Assessment Under Transborder Data Flows

In the context of big data,large-scale and complicated transborder data flow has become commonly to see,the condition of which also promotes the continuous reform and development of the global governance system.As one of the most complex areas in the current policy game between countries and regions,cross-border data governance has been paid more attention.It not only concerns the security of personal data,but also has a far-reaching impact on the business interests of enterprises and the maintenance of national security.Since the 1970 s,the EU started to enact rules to ensure that the security risks of EU citizens' personal data were effectively controlled in the process of cross-border data circulation;on the other hand,it also made great efforts to expand the influence of EU rules in the field of personal data protection and strive for the right to speak in this field,so as to obtain institutional dividends.The ‘adequacy decision' assessment in third countries is not only an important promoter of the globalization of its rules,and but also takes a fundamental position in the personal data protection system constructed by the EU.Based on the Data Protection Directive adopted by the European commission in 1995,the system is based on the dynamic process analysis of data flow and allows the data controller to transfer the data freely within the EU with the express consent of the data subject.However,when the data transfer destination is outside the EU,the free transmission of EU data within the territory can only be realized if the personal data protection status of the country(region)is determined to be “adequate” by the European Commission.Arguably,the system has created a “Great Wall” for personal data protection within the EU,while lifting the “iron curtain” for third countries seeking access to EU data.On January 23,2019,the European Commission adopted a “adequate decision” on the level of data protection in Japan,allowing the free flow of personal data across two economic zones,thus creating the world's largest data security zone.Since then,13 countries(regions)around the world have been granted “permission” by the EU to access the EU citizens personal data resources without additional authorization and evaluation.The personal data protection system in US is quite different from that in EU.In order to meet the economic demand between the Europe and the United States and maintain both sides' economic and trade relations,the two parties signed two agreements,which would be regarded to meet the EU requirements of "adequate" protection.With the help of a series of official documents and plenty of governance practices,“adequate protection” evaluation system has become more detailed,which not only has built the safety evaluation model of cross-border data flows,and,more importantly,based on the updated factor,to provide the world perfect personal data protection system framework.In fact,the top design of personal data protection along with the specific safety assessment rules have not been built in China where data localization policy is executed.On the one hand,it inevitably creates the new trade barriers in digital economy era.On the other hand,it can not effectively protect personal data and national security.The EU assessment system not only can provide enlightenments for the construction of China's own cross-border data flow security assessment system,but also suggestions for the improvement of China's domestic personal data protection system.Firstly,the paper will take the macroscopic perspective to give an brief explanation on the global governance rules on transborder data flows.The background and contents of EU documents which build the personal data protection standard system framework will be introduced especially.The EU “adequate protection” assessment system is built with the clarification of relevant rules and practical practice.By 95 Directive,documents adopted by the 29 working group,and the GDPR plays important rules in the process of standardization.On the other hand,Both the Safe Harbor Agreement and the Privacy Shield Agreement,also helps to make the definition more clearly.In particular,the improvement measures taken by the US to meet the requirement of EU provide ideas for other countries in the world to improve their data governance.However,it is undeniable that there are certain political considerations for the EU to promote the construction and improvement of the evaluation system.China should start to build a top-level standard system to provide specific rules for security assessment and cross-border data transfer.Especially in the aspect of safety evaluation,that is,national authorities shall join the abovementioned system to protect personal data and national security in the process of cross-border data flows.At the same time,we shall clarify the data management regulatory agencies,and gradually get rid of the single data localization measures,and also strengthen the collaborative effect among enterprises,government and industry,which will greatly improve the level of data governance in China in the era of digital economy.