Research On The Legislation And Regulation Of Data Cross-Border Flow From The Perspective Of National Security

The cross-border flow of data is becoming more and more frequent in the process of globalization,but the international community has not yet formed a unified view on what constitutes "cross-border flow of data".This paper tends to define cross-border data flow as"the activities of reading,storing or processing data across the borders of original network sovereignty and data sovereignty".The cross-border flow of data is not only a necessary condition for the development of digital economy,but also has an increasingly close relationship with national security.In particular,the impact of cross-border data flow on national security is mainly reflected in two levels:data access to the country from abroad and data leakage from the country,specifically,including "legal" access to the country’s data by foreign countries through the expansion of data jurisdiction,data penetration(illegal use)by foreign countries to the country,and data leakage from the country.In order to explore how to use legislative means to regulate the cross-border flow of data to maintain national security,this paper analyzes and defines the meaning of "cross-border flow of data" and conducts a comparative study on the regulation of the exit security of important data in China from the perspective of national security.The legislative and regulatory models for cross-border data flow in typical countries in the world today can be broadly categorized into four types,namely,the "data localization storage model" based on geographical areas,the "strict protection model" with the principle of sufficiency as the core,the "lax protection model"with the principle of accountability as the core.The "lenient protection model" is based on the principle of accountability,and the "compromise protection model" is based on the balance of interests.Taking the above four regulatory models as the reference system,it can be considered that China’s current cross-border data flow legislation and regulatory model is between the first and the second,between the data localization storage model and the strict protection model.At the same time,China’s legislation on cross-border data flow is characterized by the dual tracks of "personal information" and "important data".As for the legislation on cross-border data flow in the field of national security,China’s maintenance of national security is based on the data exit security assessment system,which is mainly reflected in the important data exit security management system.However,China is currently facing tension between national security and other values such as data flow and individual rights and interests in the field of exit security regulation of important data,which is manifested in the ambiguous scope of important data,relatively principled rules of important data security review,and poor connection with international regulatory standards.Based on the comparative analysis of different legislative regulations in China and abroad,in order to achieve the balance between national security and free flow of data and protection of individual rights and interests through legislative regulations,as well as the effective convergence of domestic and international rules,it is also necessary to reasonably define important data,improve the exit assessment mechanism,and establish a system for evaluating the necessity of data regulatory measures.