Legal Regulation Of Cross-border Flow Of Personal Data And Chinese Solutions

Digital economy refers to a series of economic activities with digital knowledge and information as production factors,information network as important carrier and information technology as important driving force.In the context of globalization,the free flow of personal data across borders directly affects the development of the digital economy.At the same time,as an information transmission mechanism,the free flow of personal data across borders needs to take into account other interests.At the domestic level,countries have adopted unilateral regulation models to varying degrees based on differences in historical tradition,cultural level,industrial interests,market access,international situation,geopolitics and values.Judging from the international coordination mechanism,all countries have shown different degrees of restraint in an open framework.Therefore,how to resolve the conflict between the free flow of cross-border data and the value concept of data protection? How to coordinate different data processing mechanisms from the perspective of fragmented data segmentation.For the current situation of our country's data jurisdictions,how to establish a self-contracting mechanism based on the formation of a unified " Personal Information Protection Law",and how to join or even dominate bilateral or multilateral data cooperation.The above problems have led to the incompatible development of the regulation of cross-border flow of personal data with the top-level design and rule-making of data.Specifically,the paper is divided into five parts:In the first part,from the perspective of basic theory and through the method of historical research,the research scope,justification basis,historical origin and development,and value orientation of the regulation of cross-border personal data flow are explained,so as to clarify the basic meaning of the regulation of cross-border personal data flow,clarify the domestic and international two-tier regulatory paths,clarify the regulatory necessity of cross-border data flow based on the right to self-determination of personal information and the sovereignty of national data,trace back the regulatory background,and reveal the dispute over the value of personal data flow and regulation.The second part,from the perspective of domestic regulation,analyzes and compares the choice of regulation modes in Europe,America and Russia by means of comparative research.Among them,the EU' s ex ante adequacy protection model hasembedded alternative safeguard measures while retaining the adequacy determination.The post-accountability model in the United States is based on the industry's privacy protection rules and is accountable to organizations that violate the standards.However,in recent years,the United States has begun to strictly regulate personal data related to national security through legislation.Russia's strict localization model takes national security as its legislative purpose,requiring not only data to be stored on servers in the country,but also data backup to be kept in the country.The third part,from the perspective of international regulation and through the method of literature research,discusses the regulation of cross-border data flow in international multilateral agreements,the legal regulation of cross-border data flow in major regional trade agreements,and the competition and coordination of cross-border data flow regulation in the United States and Europe.Among them,from a multilateral point of view,OECD guidelines are only of exemplary significance,108 conventions have limited binding scope and binding force,WTO multilateral agreements are not clearly regulated,and WTO plurilateral agreements are shelved due to large differences among its members.From a regional perspective,APEC' s privacy framework is a replica of the U.S.model.TPP and USMCA are also led by the U.S.and adopt a "principle+exception" regulatory path,except that the latter cancels the "respective regulatory needs" clause.From a bilateral perspective,the United States and the EU have both implemented checks and balances through TTIP,and coordinated the cross-border flow of personal data between the two through the "Safe Harbor Agreement " and the "Privacy Shield Agreement ",and also achieved mutual recognition of APEC and EU.The fourth part,from the perspective of regulatory dilemma and way out,through empirical research methods,analyzes the problems faced by the regulation of cross-border flow of personal data under unilateral,regional and multilateral frameworks.On the one hand,the three regulation modes have defects in theoretical logic and practical effect.On the other hand,the crux of the regional and multilateral framework,namely the "exception" in GATS Article 14 and the explanation and clarification of TPP' s "legitimate public policy",cannot be solved.In addition,it is very difficult to reach a multilateral agreement,so it is urgent for all countries to improve and perfect their domestic legislation to promote regional coordination and finally reach a unified multilateral agreement.Therefore,the author puts forward the domestic path reconstruction of "negative list+legitimate public policy".At the sametime,regional and global enforcement mechanisms have also promoted the coordination of regulatory mechanisms in various countries.The fifth part,from the perspective of China's regulation,based on the analysis of the current situation of China's regulation,combined with the above-mentioned analysis of foreign countries and international routes,puts forward solutions.To this end,at the domestic level: China should step up the formulation of the "Personal Information Protection Law",reduce the localization of data on the premise of maintaining data autonomy,establish classification and evaluation mechanisms,establish privacy enforcement agencies and develop third-party certification agencies and stipulate protective extraterritorial jurisdiction.At the international level,China should actively join the CBPR system on the basis of the establishment of the aforementioned privacy enforcement agencies to facilitate cross-border data flow with the United States and Japan.Through the formulation of alternative safeguard measures,it meets the requirements of GDPR and facilitates the cross-border data circulation with the EU.In order to realize a wider cross-border data circulation,we should push forward our own ideas in the WTO and the regional negotiations led by China.