Shanghai University of Political Science and Law, Shanghai
1 Raising the issue of cross-border data flow
Since the 18th National Congress of the Communist Party of China, our country has issued a series of policy documents on the digital economy, from the macro top-level design to the specific implementation of the strategy. Then, to the formulation of detailed measures, together, they constitute a solid foundation for promoting the development of the digital economy. Through the implementation of these policy documents, the digital economy has been promoted to the level of a national strategy, aiming to promote high-quality economic development through digital transformation. Among them, the “Global Digital Economy White Paper (2022)” issued by the Chinese Academy of Information and Communications said that China, the United States and Europe have formed a three-pole pattern of global digital economic development. In the construction of the digital economy system, the use of data is very critical. In the current environment of economic globalization, closed development is doomed to extinction; therefore, cross-border communication of data is an inevitable result of social development and helps to promote social development.
The concept of cross-border flow of data was first proposed by the Organization for Economic Cooperation and Development (OECD) in 1980, which mainly focuses on the cross-border flow of personal data. In the EU, the concept is defined by the General Data Protection Regulation (GDPR) in the form of “Transmission of personal data to a third country”. The Asia-Pacific Economic Cooperation (APEC) group uses different terms to describe the phenomenon, including “Cross-border data transmission” “Cross-border information flow” and “Information flow and cross-border”. In addition, the regional comprehensive economic partnership (RCEP) and the digital economy partnership (DEPA), when describing cross-border flows of data, state that “Electronic transmission of information across borders”. Although these national definitions and interpretations may differ in detail, they are generally consistent with the concepts in the aforementioned international agreements. In the context of Internet globalization, the trend of cross-border flow of data has become increasingly significant, which has become a key factor in promoting the balanced development of economic globalization and information technology globalization. While the cross-border flow of data has brought economic benefits, it has also attracted increasing attention to national security and personal privacy protection. (Tian, 2023)
The State Council issued the opinions on building a data-based system to better develop the role of data elements in December 2022. China should actively participate in the formulation of international rules for cross-border data flow, and explore the participation of regional international institutional arrangements for cross-border data flow. With the promulgation of the provisions on facilitating and regulating the cross-border movement of data, the original expression “Regulate and facilitate” in the draft has been adjusted to “Facilitate and regulate” to further demonstrate our country’s determination to promote the cross-border flow of data. However, in the international arena, the United States and the European Union have re-reached the “EU-US data privacy framework”, which has restored the rule system of cross-border data flow between the United States and Europe, but our country has been listed as one of the countries concerned by the United States. It can be seen from the comparison that such discriminatory provisions will not be conducive to promoting the cross-border flow of data in our country. At the same time, there are still a series of problems in domestic regulations, such as how to balance the contradiction between data security and development, or how to protect personal privacy while promoting economic development.
The cross-border flow of data can bring huge economic benefits, but it also contains multiple risks. As early as 1980, American scholars Ithiel De Sola Pool and Richard Jay Solomon proposed that for the cross-border flow of data, the problem is not just data transfer but also cross-border activity (De Sola Pool & Solomon, 1980), with a focus on legal conflicts between countries. Today, legal conflicts between countries still exist. Most scholars believe that the fragmentation of cross-border data flow will continue to exist, and international uniform rules are still lacking.(Hilgard, Patzak, & Wybitul, 2011; Walters, 2022) The advantages and disadvantages of cross-border data flow patterns and the balance between restrictions and development in cross-border data flow have become the focus of research. Some scholars believe that in the context of digital globalization, the problems related to digital governance are becoming more and more significant. The conflict between cross-border data flow and data localization is the focus of contradictions in cross-border data flow, and the contradictions and differences between domestic law and foreign law. In order to solve this problem and eliminate the data cross-border divide, scholars have started from two aspects: improving domestic regulations and increasing international exchanges, so as to balance the contradiction between cross-border data security and cross-border data development. Some scholars focus on data localization to protect data security, while others are more open to the cross-border flow of data and support the free flow of data to promote economic development. (Ma & Liu, 2024) Although the focus is different, most scholars focus on improving domestic regulations, protecting data security to balance the contradictions in cross-border data, and promoting the development of the digital economy, no specific measures are proposed on how to move closer to the existing cross-border data flow mechanism.
This paper will start with the different models of cross-border data flow formed in the practice of various countries, and analyze the challenges faced by the current cross-border data flow by comparing the operation mechanisms of these models. In addition, this paper will also focus on how to enhance our country’s influence in the process of formulating international data cross-border flow rules, and how to explore and construct a data cross-border flow model with Chinese characteristics and in line with China’s national conditions.
Due to the non-negligible importance of data, the regulation of cross-border data transmission is becoming more and more strict. Considering the differences in political policies, economic conditions and development stages of different countries, each country has formulated its own unique rules to regulate the cross-border flow of data. The measures to regulate the cross-border flow of data in countries around the world can be divided into two cases: one advocates the free flow mode of cross-border flow of data, and the other advocates the prohibition mode of cross-border flow of data. This chapter will focus on the different patterns of cross-border data flow and analyze the causes and advantages of different patterns of data flow. Finally, it discusses how to establish the future data cross-border flow mode in our country.
The so-called “Free flow of data” refers to the state, ability and right of data controllers to move data from one country to another without restriction. (Xu, 2021) But freedom does not mean letting data flow freely across borders, all over the world. No country in the world imposes restrictions on the cross-border flow of data. The question is not whether there are restrictions, but rather the scope and extent of the restrictions. The United States and the European Union, the two major digital economies, both support the cross-border flow of data, but there are still differences between the two. The United States advocates data freedom; it has constructed a model of free flow of data around the world with the United States as the center, in line with its economic development and hegemony in the world. At the same time, the European Union is relatively conservative, allowing only the free flow of data within the EU. Based on the protection of human rights, a high standard of personal information protection system has been established as an insurmountable red line for the cross-border flow of data.
As a country with an important influence in the field of data, the United States realized the important role of cross-border data flows in promoting investment as early as the Reagan administration. (Zhang, 2019) The US government is planning to promote an initiative within the Organisation for Economic Cooperation and Development called Data Assurance. The goal of the initiative is to ensure that developed countries do not create new barriers to data flows and to encourage countries around the world to adopt more open and flexible cross-border data flow policies. Through these measures, the United States aims to promote the free flow of data while ensuring data security and privacy protection, and to contribute to a more open and interconnected global digital economy. This shows that the United States is a strong advocate and supporter of the free flow of data model. Take the US-Mexico-Canada agreement (USMCA), which explicitly states that parties to the agreement may not prohibit or restrict the cross-border transfer of information, including personal data, by electronic means. It aims to ensure the smooth flow of data internationally, while supporting business activities to drive economic growth and innovation.
However, the United States does not adhere to the principle of free flow of data when it comes to the cross-border flow of technological data and sensitive data in key scientific and technological and basic areas. Instead, it opted for close surveillance through its powerful “Long-arm jurisdictions” and vast intelligence networks. In particular, the United States has introduced a series of relevant laws, including the “Clarifying the legitimate use of foreign data act” (Cloud Act), which is a strong example. According to this principle, the U. S. government has the right to cross-border access and retrieval of data, and the implementation of “Data Controller” standards. (Zhang, 2019) This shows that under certain circumstances, the United States will take stricter measures to protect its national security and interests. With its dominant position in the field of digital economy and information technology, the United States vigorously advocates the principle of free flow of data.
In the field of cross-border data flow, the EU’s attitude towards cross-border data flow is different from that of the United States, which holds an incomplete free flow attitude and pays more attention to the protection of personal data rights. The basis of cross-border data flow is that the rights of personal data can not be infringed. At present, it is adopting a policy of “Strict outside and loose inside”, actively promoting the free flow of data among member states internally, and promoting the formation of a single digital market strategy. There needs to be an “Adequacy agreement” for data exchange between non-member states and the EU. (Voss, 2020) This ensures that the privacy and data protection rights of the data subject are respected and protected. On this basis, the EU has also actively signed cross-border data flow agreements with other countries to ensure the free flow of data between the two sides. The EU’s cross-border data flow model is based on its regional economic development to better promote the development of digital economy and trade between members, at the same time, many non-eu countries have to improve their data protection level to meet the requirements of the EU in order to establish a digital economy cooperation relationship with the EU, so as to protect the data security of the EU and the security of the market environment.
Compared with the United States, the European Union and China, Singapore’s influence in the digital economy market is not outstanding. Still, its domestic data-related laws and international agreements have a certain influence; it has broken through the encirclement of the digital economies of China, the United States and Europe and explored a road suitable for its own digital economy and trade development. As the main initiator of DEPA, Singapore has formulated and promoted the operation of DEPA, forming a “Small but fine” model of cross-border data flow to promote the economic development of all parties in member states. In the field of digital economy, a set of high-standard rules has been established, and a relatively mature data economy trade mechanism has been developed. The free cross-border flow of data, including personal information, is encouraged in principle. However, a relatively conservative position has been taken in dealing with the cross-border flow of data; contracting states are required to refrain from implementing measures that mandate the local storage or processing of data.(Li, Chai, & Zhai, 2023) At the same time, all parties, including individuals, enterprises and government departments, have shown great concern about the full openness of data and the free cross-border flow of data. This concern aims to ensure the freedom of data flow, while taking into account data security and privacy protection, in order to promote the healthy development of the digital economy and international cooperation. While continuing to limit the right of self-regulation, the United States stressed that the free flow of data is different from the cross-border flow of data patterns.
India’s cautious approach to cross-border data transfers stands in marked contrast to the principles of free flow of data espoused by the US and Europe. It has shown hesitation in engaging in global discussions on issues related to data flow, data protection and data localization. This stance reflects India’s unique considerations in ensuring data security, protecting user privacy and supporting the development of its domestic industry. India is not involved in World Trade Organization negotiations on e-commerce; has not signed the Osaka Declaration on the Digital Economy; and has withdrawn from negotiations on the Regional Comprehensive Economic Partnership. These initiatives reflect India’s conservative and cautious approach to the cross-border flow of data. It can be argued that India imposes a strict model of control over the cross-border flow of data, both private and public, which can not be transferred across borders without explicit government approval. For the time being, India has chosen not to cooperate and is committed to establishing its data protection regime, a view contrary to that of most countries in the world, but in terms of localized management of some types of data, it is still instructive for our country.
Although countries have different views on the cross-border flow of data, there is still a lot of room for exploration between the two extremes of free flow of data and strict prohibition of data flow. In general, some countries, such as the African Group, Russia, Turkey, Indonesia, Vietnam and Nigeria, tend to impose stricter controls on the cross-border flow of data; this can be interpreted as a “Data restriction” stance. Other countries, including Canada, Japan, South Korea, Singapore, Chile, Colombia, Mexico and Paraguay, are more in favour of “Free flow of data”, that is, they encourage the free flow of data across borders while ensuring that it is secure. (Nivedita, 2018)
The basis of digital trade is data flow, and when data flow goes wrong, digital trade will inevitably fail to operate well. In order to ensure the free cross-border flow of data, it is not only necessary to adjust domestic laws and regulations and regulatory systems, but also to form relatively unified rules for cross-border data flow internationally to reduce conflicts of interest between countries. This is the best way to promote the cross-border flow of data, but it is also the current problem. The contradiction between data cross-border security and data cross-border development can not be balanced within a country, and it will be more difficult to form a unified understanding when this problem is extended to the international community. The consequent fragmentation and inequality of international regulation are more serious, which is worth further study.
Since the 2022 “Data exit security assessment methods” was published, because the method is too cautious about the cross-border flow of data, only considering the cross-border security of data and not considering the cross-border development of data, as a result, many cross-border businesses have been shut down, the flow of digital economy and trade is not smooth, and the level of the economy has declined. The promulgation of the provisions on promoting and regulating the cross-border flow of data represents the latest attitude of our country towards the cross-border flow of data, and makes a callback to the policy of cross-border flow of data. In many dimensions, it reduces the obligation of cross-border data flow undertaken by enterprises. The cross-border security conditions of data have been appropriately relaxed, but strict regulatory requirements have been made for the cross-border flow of important data, such as personal information, so as to promote the cross-border flow of data on the premise of protecting data security. However, how to balance cross-border data security and cross-border data development is still a trial and error. Whether this provision can promote the development of the digital economy still needs to be tested by time. With the gradual improvement and unification of data cross-border standards, we are facing a complex challenge: the collection, use, sharing, trading and flow of data involve many participants, and the scenarios are changing. There are differences in data protection among domestic participants, which makes it difficult to promote cross-border data flow in full compliance with uniform standards. Further research is needed to find the right balance between ensuring data security and promoting economic development. (Liang, 2023)
Two important parts of the data circulation market are the data asset registration market and the data transaction market, and the two markets influence and interact with each other. From a single data product, data product registration is a necessary prerequisite for data flow transactions. However, the current situation of domestic data circulation transactions is not ideal. The number of data products listed on data exchanges is very small, and the problem appears in the registration of data assets. There is no unified standard for the registration path of digital assets at home, and the regulation of the data asset confirmation path in local data regulations is still fragmented. Although the state has issued relevant policies and standards for the registration of digital resources, there is no specific operation plan, and there is no unified data asset registration system to regulate data assets and promote data circulation transactions. The introduction of data regulations in various places has led to different opinions and standards for the registration of digital assets, which will cause unhealthy competition in the market and lead to resources being tilted to places with simple procedures or high registration effectiveness. The development of the data flow market is not balanced.
Cross-border data security and cross-border development of the two concepts to the extreme will result in two very different attitudes towards the cross-border flow of data. One is the no-flow attitude of data represented by India, that is, obvious data localization, and the other is the free flow of data across borders represented by the United States. And the contrasting attitudes to the cross-border flow of data between the three digital economies of the US, China and Europe. The United States aims to promote economic and trade, emphasizing the free flow of data. At the same time, the European Union attaches importance to personal information protection, opening up the cross-border flow of data within the region and restricting it outside the region. China pays more attention to data security and national security, and considers the security of the cross-border flow of data more than development. Each country has formulated the rules of cross-border data flow from the perspective of its development, without considering the impact of cross-border data on regional or even global scope, however, due to the large value orientation conflicts of countries in the cross-border flow of data, the establishment of “Data WTO” is still in the game among major powers.
Due to the divergence of value orientation among countries in the world, all countries have established corresponding cross-border data flow systems based on their interests, leading to the international community’s fragmentation in the cross-border flow of data into the “Balkan state” that is fragmented. In the international data cross-border flow market, not only are the rules of cross-border data flow between countries not well-connected, but there are also differences in the regulation of cross-border data flow between regional agreements. In order to trade, some countries have established bilateral free trade agreements or digital economic trade agreements and made corresponding compromises and concessions; however, there are no unified rules for cross-border data flow in the world. This fragmented state of global data cross-border flow hinders the exchange of digital economy and trade, which is not conducive to the exchange of digital economy and trade between countries and the construction of unified rules for global data cross-border flow.
At present, the initiative of global data cross-border rules is still in the hands of European and American countries, in particular, the recent signing by the Biden administration of the executive order on preventing access by the United States of America to a wide range of sensitive personal and government-related data on United States citizens, explicitly protects Americans’ sensitive personal data from being accessed or used by countries of concern. The bill aims to prohibit data brokers from profiting from Americans’ data and from selling such sensitive information to foreign adversaries or foreign-controlled entities, particularly data involving members of the United States military service, to protect personal privacy and national security. The U.S.-China Science and Technology Cooperation Agreement, which has been in force since 1979 and contains extensive scientific data, expired on Feb. 27, 2024, and has not been renewed. This will lead to a further breakdown in the scientific relationship between China and the United States. All this suggests that the flow of data across international borders is not entirely unimpeded. In our country, there are even phenomena that are targeted and not recognized, which have brought greater obstacles to the cross-border circulation of data.
In summary, the cross-border flow of data is facing significant problems and challenges in both the domestic and international environments. The core goal of data flow is to promote the prosperity of data transactions and then promote the vigorous development of the digital economy. However, the current domestic mechanism in the data flow trading market is not perfect; there are many deficiencies. At the same time, the problem of international data cross-border flow is more complex and prominent, which needs more in-depth and comprehensive discussion and solution. The existence of these problems not only affects the effective use of data but also hinders the sustained and healthy development of the digital economy.
In the case that the “American model” and the “EU Model” have been formed, our country has chosen to join the Digital Economy Partnership Agreement to promote the cross-border flow of data. In this process, we are committed to balancing the delicate relationship between cross-border data security and cross-border data development, and eliminating data trade barriers has become an urgent task. This not only helps our country to occupy a more advantageous position in the global digital economy, but also lays a solid foundation for the safe flow and effective use of data. However, there are differences between China’s existing data exit legal system and the regulation of cross-border data flow required by digital economy trade agreements, which has become the biggest obstacle for our country to integrate into the global data trade system. From the following points, we will talk about how our country should link up with the global digital economy and trade and promote the development of our digital economy and trade.
According to the Shanghai Data Exchange Report, at present, our country can refer to a variety of property rights registration routes for data asset registration. It is not difficult to find that these property rights registrations have some commonalities, that is, through property rights registration, to determine the ownership, and by the authority to issue registration certificates, improve credibility and play a role in publicity, protection of transactions and enhance efficiency. Data assets also need to go through this process to determine ownership and facilitate transactions. However, in our country, there is no clear and unified data asset registration authority to issue a property rights registration certificate to prove the effectiveness of digital assets. Therefore, our country should establish a unified data asset registration platform, formulate a unified data asset registration basis, and combine the specific work and experience of various provinces, cities and industries, promote unified data asset registration regulations, in order to promote data flow transactions.
Against the backdrop of the digital economy and trade, the status of free trade zones has become increasingly prominent. By abolishing commodity tariffs, free trade zones have provided a broader market for digital products and data flows, and promoted the rapid development of the digital economy. In this open market environment, the relevant system of cross-border flow of data can be piloted, starting from the small-scale institutional innovation of the free trade zone, to achieve cross-border flow of data and promote the development of the digital economy and trade. In the provisions on promoting and regulating the cross-border flow of data, the establishment of a negative list system in the free trade zone is proposed, but there is no specific operational plan for how the negative list system should be created. This requires each free trade zone in our country to formulate the corresponding negative list system in combination with the realistic characteristics of the free trade zone and the specific circumstances of the industry. From the initial formulation to the follow-up monitoring, a series of actions is a new attempt to provide valuable experience for promoting the cross-border flow of data and the development of the digital economy and trade.
The main difference between China’s law on cross-border data flows and its digital economy agreements (Deas) is the definition of regulatory powers. Deas provides a framework for the exercise of regulatory powers, requiring contracting parties to adhere to eight basic principles in order to reduce unnecessary regulatory burdens. These articles begin by affirming the regulatory powers of the parties in the cross-border flow of data, while establishing principles based on the free flow of data. In particular, it was noted that restrictions on data flows were permitted as an exception only for legitimate public policy objectives. In addition, these provisions introduce the principles of non-discrimination and necessity as criteria for assessing the reasonable use of public policy exceptions in order to prevent their abuse. This shows that Deas aims to balance the freedom of data flow with the exercise of regulatory rights, ensuring the convenience of data flow while protecting the public interest and individual privacy. By clarifying the boundaries and principles of the Regulatory Authority, DEAS provides a more flexible and predictable legal environment for the cross-border flow of data. The establishment of this regulatory framework not only satisfies the free flow of data across borders but also can better protect data security.(Ma, & Mao, 2022)
Before the promulgation of the provisions on promoting and regulating the cross-border flow of data, the regulatory strategy of cross-border flow of data in our country has always adhered to the principle of prior supervision, this kind of supervision mode leads to the need to go through a complex review process before the data is exported, which reduces the efficiency of data export. (Cory & Dascoli, 2021) As a result, “China is the world’s most data-constrained country, followed by Indonesia, Russia and South Africa” (Wang, 2023), the US industry think tank said in a report. The promulgation of the provisions on promoting and regulating the cross-border flow of data has changed the focus of our country’s supervision of cross-border data flow from “Ex ante” to “Ex post facto”, and broadened the scope of data security assessment, the “Data security logic” and “Economic and trade promotion logic” should be combined to promote the free cross-border flow of data. The provisions clearly describe the situation without a security assessment declaration, which greatly reduces the compliance cost of data exit and improves the efficiency of data exit in our country. However, the departure of personal information and important data still needs to go through a network security review or a declared data exit security assessment. This paper clarifies the red line of data outbound security, and on this basis, helps to promote the free outbound flow of data.
The cross-border flow of data plays an important role in the development of the global economy and trade, and it is regarded as an indispensable field of interest by all countries. In particular, the developed countries represented by the United States and the European Union are actively promoting the construction of a new pattern of cross-border data flow. Despite the differences in positions and attitudes among countries, the ultimate effect is positive, which promotes the integration of data information and avoids the redundancy and fragmentation of international and regional data protection policies, and promotes the implementation of data protection policies, enhanced Policy Synergy, which in turn strengthens the protection of cross-border data flows, effectively preventing countries from creating barriers to data flows.(Ma, & Li, 2021)
Our country has joined RCEP and is negotiating with DEPA and CPTPP. The provisions on promoting and regulating the cross-border flow of data formally exempts four scenarios: entry and exit of overseas data, international contracts in which the individual is a party, cross-border personnel management, and emergency assistance, this removes barriers to the cross-border movement of personal information in all conventional international affairs and facilitates global and unified personnel management by multinational corporations. Transnational corporations need to recognize the value of data and their responsibility to protect personal information in cross-border data flows. Multinational companies with operations across the Asia-Pacific region should actively promote the alignment of their Privacy policies with Cross-Border Privacy Rules systems (CBPRS). Despite the complexity of the process and the need to submit annual requalifications, CBPRS certification enables companies to demonstrate their commitment to privacy and gain trust and a competitive advantage in international trade. Multinationals with a presence in the EU should bring themselves into compliance with Standard Contractual Clauses (SCCS) or certification procedures through Binding Corporate Rules (BCRs). The prospect of meeting certification standards is a set of rules within the enterprise group that can be universally applied for personal data management. When the number of companies with a high level of privacy protection reaches a certain number, they can learn from the “Safe Harbor” model and actively negotiate with key trading partners, such as the European Union, in order to reach a bilateral agreement to regulate the flow of data between the two sides. As far as the cross-border flow of personal information of private subjects is concerned, we must adhere to the red line of the cross-border flow of important data and sensitive personal information, and when necessary, we can invoke the principle of reciprocity. Other countries have included our country among the countries of concern; rather than allowing sensitive data to flow to our country, we could have adopted the same strategy and restricted the outbound flow of our important data.
In the transitional period when the rules have not yet been unified, our country needs to carry out in-depth forward-looking discussion and research on the global governance framework of cross-border data flow, so as to be able to make strategic layout in advance, it aims to play an active and leading role in the process of international rule-making, rather than being a passive adaptor of rules. (Xu, 2018) While following the international trend, we can learn from Singapore’s experience and draw on the Belt and Road Initiative. We are committed to respecting the sovereignty, security and development interests of all countries. China will actively promote the cross-border flow of data under the Belt and Road Initiative through bilateral or multilateral data protection cooperation. (Hong, 2021) Through such cooperation, we can jointly explore best practices in cross-border data flows, build an open, inclusive and secure digital economy environment, and achieve win-win results.
On the one hand, when constructing multilateral rules, we can draw lessons from the provisions in RCEP on the system of cross-border flow of data, recognising exceptions to “Reasonable public policy objectives” and “Essential security interests” in the movement of data across borders, parties are given the freedom to decide on their own “Reasonable public policies” and “Essential security interests”, respecting the sovereignty, security and development interests of all countries. On the other hand, in the construction of bilateral regulations, on the basis of not touching the safety red line, actively promote the free flow of cross-border data between the two countries, and regularly inform the implementation, supervision and enforcement. Bilateral regulations are combined with multilateral rules, just like Singapore’s Deas and other bilateral agreements signed with Australia, the United Kingdom and South Korea, to promote the development of its digital economy and trade. To promote the cross-border flow of data and the development of the data economy, we should give priority to the cross-border regulation of regional flows, supplemented by bilateral free trade agreements.
In this way, our country can not only contribute Chinese wisdom and Chinese solutions to global data governance, but also play a greater influence on the international stage, promote the construction of more fair, reasonable and open international rules for the cross-border flow of data, and inject new vitality into the development of the global digital economy.
The ultimate purpose of promoting the cross-border flow of data is to achieve the development of the digital economy and trade. At present, China, the United States and Europe are the three major economies in the global digital economy and trade. The United States advocates the free flow of data and opposes data localization and server localization. The EU emphasized the protection of privacy, intellectual property rights and consumer rights, while the representative of China emphasized digital sovereignty and data governance. These three forces reflect the values and policy orientations of different regions in the field of the digital economy. These three modes have irreconcilable differences in many fields, and the realization of uniform rules is far from being achieved. At present, what our country can do is to maintain an open attitude, continue the open trend of the provisions on promoting and regulating cross-border data flow, and further improve the domestic data flow market to promote cross-border data flow. At the same time, multinational enterprises are encouraged to apply to join the CBPRS and BCRS systems to promote the secure use of multinational enterprises’ data and further promote cross-border trade transactions. The “Belt and Road” initiative is a good idea for cross-border data flow, which can carry out special cooperation on the basis of meeting the sovereign security of all countries, as far as possible to achieve a wider range of data can flow in a safe and orderly manner, stimulate the potential of the “Belt and Road” cooperation, and promote the development of data economy and trade in our country.
[1] Cory, N., & Dascoli, L. (2021). How barriers to cross-border data flows are spreading globally, what they cost, and how to address them. https://itif.org/publications/2021/07/19/how-barriers-cross-border-data-flows-are-spreading-globally-what-they-cost/
[2] De Sola Pool, I., & Solomon, R. J. (1980). Intellectual property and transborder data flows. Stanford Journal of International Law, 16, 113.
[3] Hilgard, M. C., Patzak, A., & Wybitul, T. (2011). European and German privacy laws and cross-border data transfer in US discovery procedures. Dispute Resolution International, 5, 127.
[4] Hong, Y. Q. (2021). The Chinese solution to promote the cross-border flow of data in the “Belt and Road”—expanding the US-European paradigm as a background. China Law Review, (2), 30-42.
[5] Li, H. B., Chai, F., & Zhai, R. R. (2023). Global situation, rule comparison and China’s strategies of cross-border data flows. International Economic Cooperation, (6), 30-41+86.
[6] Liang, Z. (2023). Exploration on information security issues in cross-border data flows. People’s Forum, (17), 38-41.
[7] Ma, G., & Mao, Q. Y. (2022). Study on the articulation of China’s data cross-border rules from the perspective of digital economy agreements. Journal of International Economic Law, (4), 45-62.
[8] Ma, Q. J., & Li, X. N. (2021). On the construction of regulatory rules for cross-border flow of data in China. Rule of Law Research, (1), 91-101.
[9] Ma, T., & Liu, B. Y. (2024). Cross-border data flows, data factor valorization, and global digital trade governance. International Economic Review, (2), 151-176+8.
[10] Nivedita, S. (2018). Understanding the role of the WTO in international data flows: Taking the liberalization or the regulatory autonomy path? Journal of International Economic Law, 21, 323.
[11] Tian, Y. X. (2023). A review of research on the governance of global data cross-border flows. Jurisprudence, 11(6): 5657-5665.
[12] Voss, W. G. (2020). Cross-border data flows, the GDPR, and data governance. Washington International Law Journal, 29, 485.
[13] Walters, R. (2022). The digital economy and international trade: Transnational data flows regulation (pp. 95-238). Kluwer Law International B.V.
[14] Wang, C. (2023). Analysis of international data cross-border flow patterns from the perspective of data security. Secrecy Science and Technology, (1), 14-19.
[15] Xu, D. Q. (2018). The international pattern of regulation of cross-border flow of personal data and China’s response. Law Forum, 33(3), 130-137.
[16] Xu, K. (2021). Freedom and security: A Chinese solution to cross-border data flows. Global Law Review, 43(1), 22-37.
[17] Zhang, S. (2019). Cross-border data flows under the international investment legal framework: Protection, exceptions and challenges. Contemporary Law, 33(5), 148-160.