Legal Regulation Of National Security Risks In Data Sovereignty Protection

As the cross-border flow of data becomes more and more frequent,its potential value can be explored in the process of flow,and data is increasingly becoming a new era of national strategic resources comparable to oil.The concept of data sovereignty is derived from the traditional theory of sovereignty in order to better control data in crossborder data flows.On the other hand,there are many data owners and application subjects,and the cross-border data flow poses different challenges to national security,personal privacy,and enterprise data rights,etc.The protection of data sovereignty is bound to consider the interests of many parties.Among them,China’s data sovereignty is guided by the overall national security concept,which places national security in the primary position.However,China’s data sovereignty legislation started late and has not yet fully formed a data sovereignty rule system in line with China’s characteristics.Based on this situation that the legislation does not match the actual national situation,this paper sorts out the existing experiences in regulating national security risks,absorbs the useful experiences of the overseas models,and makes some suggestions for the improvement of regulating national security risks in China’s data sovereignty protection.The first chapter focuses on the basic issues of data sovereignty and national security,including analyzing the evolution of the concept of data sovereignty and defining the connotation of data sovereignty;on this basis,it analyzes the relationship between data sovereignty and national security,and emphasizes that national security is an important functional position of data sovereignty,because the traditional criteria of sovereignty are not fully applicable to the virtual data circulation field.Therefore,it induces new types of national security risks,and the primary purpose of protecting data sovereignty is to effectively prevent such national security risks;meanwhile,it clarifies the key role of data sovereignty,that is,data sovereignty is an important prerequisite for preventing national security risks.The second chapter focuses on the difficulties of regulating national security risks in data sovereignty protection.First,non-state actors have become a key source of national security risk,focusing on the fact that multinational enterprises hold a large amount of raw data,which after data mining is highly likely to be related to the national security of the data exporting countries;and data oligarchs with monopoly advantages are sharing the rule-making power belonging to the state through their technical and volume advantages.Secondly,in the field of data flow,the measures taken by countries to regulate national security risks have produced more obvious spillover effects than in other fields,manifesting in the increasing difficulty to divorce the level of data protection between data exporting countries and data receiving countries;and the extension of data jurisdiction in a country’s legislation in order to achieve continuous management even after the data leaves the country.Such unilateral measures,however,are affecting the national security of other countries,and thus are highly susceptible to sovereignty confrontation,and how to solve this sovereignty dilemma remains to be considered.The third chapter deals with the extraterritorial experience of regulating national security risks in data sovereignty protection.In order to address the difficulties of regulation raised in Chapter 2,we select representative or influential practices in data sovereignty protection from abroad and try to analyze the experiences that can be referred to China.The strong data localization measures represented by Russia and the data security transfer obligation rules imposed by the European Union on data controllers,especially multinational enterprises,can effectively prevent the national security risks caused by the large amount of raw data in the hands of multinational enterprises,but they also have their own drawbacks and shortcomings.In view of the increasingly close relationship between the data protection level of data exporting countries and data receiving countries,the "adequacy assessment" and "eligibility criteria" provide a reference for determining the data protection level of data receiving countries.The U.S.has chosen to use bilateral/multilateral trade agreements to deal with the legal dilemma of conflicting data jurisdiction standards,while the EU has turned to its own data market advantages for confrontation.The different paths reflect the differences in technical bases and respective advantages,and China should make trade-offs with its actual national conditions in learning from the experience.The fourth chapter is the landing point of this paper,which aims to open up ideas for the improvement of China’s path through the research and analysis in the third chapter.In terms of managing non-state actors,China’s current data sovereignty legislation based on the principle of "data localization" is desirable,but still needs to be combined with the "modesty principle" to prevent excessive harshness;the data security obligations of multinational enterprises can be strengthened by enriching their data exit routes.We can strengthen the data security obligations of multinational enterprises by enriching their data exit routes and reducing the pressure on regulators through the "one-to-one" data transfer mechanism,and weaken the negative impact of data oligarchs by strengthening the construction of digital technology in the country and bridging relevant laws.In terms of the qualification of the final recipient countries of data,we should build a trust system for data transmission through a white list and combine it with a negative list to suggest the security risks of data transmission;in terms of a reasonable extension of data jurisdiction to achieve effective governance after data exit,we should pay attention to China’s data market comparable to that of the EU and make full use of the "One Belt and One Road".In terms of reasonable extension of data jurisdiction and thus effective governance after data exit,we should pay attention to China’s data market comparable to that of the EU and make full use of the existing advantages of the "One Belt and One Road" soft connection.