| With the opening of the era of big data,it has become a key issue in the field of data protection to deal with the complex and changing realities arising from cross-border data flow by means of legal regulation.At the legal level,China has formed a regulatory framework based on the Network Security Law,the Data Security Law,and the Personal Information Protection Law,and adopted the regulatory model of cross-border flow of data based on security review,based on signing standard contracts,and based on authentication.However,there are flaws in both the legal text and the specific path.In reviewing the global regulation of cross-border data flows,the U.S.has pursued a more lenient policy,with limited legislation and industry self-regulation,such as selfregulation by network service providers and oversight by industry associations,forming a major part of the U.S.cross-border data privacy protection;unlike the EU,which has much stricter restrictions on the cross-border flow of personal data.The EU has established a legal system based on the EU General Data Protection Regulation(hereinafter referred to as GDPR),which is not only directly legally binding for all member states,but also applies to the processing of personal data outside the EU.The birth of GDPR means that the EU has reached an unprecedented level of personal data protection and regulation.In this paper,we analyze the reasons for the differences from the theoretical basis,interest analysis and practical considerations,summarize the relative nature of the differences and the revelations,and finally put forward the suggestions for the improvement of the regulation of cross-border data flow in China,based on a comprehensive review of the differences between the legal regulation of cross-border data flow in Europe and the United States through literature analysis and comparative analysis.The legal regulation of cross-border data flow in Europe and the United States has its own focus,and the result of the regulation in the United States is to promote the free flow of data between the countries it interacts with and to ensure the high rate of development of the digital economy.The reason for this situation lies in the different theoretical bases of their legal regulation.On the one hand,the EU takes basic human rights protection as the legislative basis,considers personal data rights as the fundamental rights of individuals,and adopts restrictive legal regulation to provide strict protection;on the other hand,the US takes liberalism as the legislative basis and takes free flow of data as the governance goal.In the case of European countries,the laws on personal data across regions were initially aimed at facilitating the flow of personal data among members and securing their data in the process;while the U.S.has taken a more proactive,open and more focused approach to regulating the industry itself when dealing with personal data across borders.Finally,the EU and the U.S.also differ in their practical considerations.The basic logic of the EU’s regulation of the cross-border flow of personal data is a balance of interests,combining the protection of personal data and the promotion of the free flow of data in the EU’s unified data governance system.The U.S.,on the other hand,puts the free development of commerce and trade and the protection of commercial interests in a key position.The U.S.adopts a legal regulation of cross-border data flow with economic development at its core.With the development of economy as the value orientation,industry self-regulation is the center of the regulatory model,and ex post facto accountability is adopted.Different regulatory paths lead to very different regulatory outcomes: EU regulation results in its superb influence,forming a very EU-colored prototype of data cross-border governance.The EU mainly adopts the legal regulation of cross-border data flow with data protection as the core,taking the protection of personal privacy as the value orientation and the principle of "adequate protection" as the center,and adopts appropriate safeguards,such as standard contract clauses and binding corporate rules to supplement the "adequate protection rule The "sufficiency protection rule" is supplemented by standard contract clauses and binding corporate rules.Exceptions are also made for special cases to underwrite.The EU’s legal regulation is consistently considered to be the strictest level of data protection,but has also been criticized for shackling the free flow of data across borders.China’s legal regulation of cross-border data flows should be based on its own position of information security as the core requirement,and find the value balance between the protection of data-related rights and interests and the free flow of data across borders.By analyzing the current legislative status and problems of cross-border data flow in China and combining the experiences of the EU and the US,it is advisable for China to further improve the legal system of cross-border flow of personal data suitable for its own development with the purpose of maintaining information security,such as establishing an independent regulatory authority to strengthen the supervision of crossborder flow of personal data;strengthening international exchanges and cooperation and actively participating in the formulation of regional rules;attaching importance to the rights of data subjects;clarify the obligations of data controllers and guide enterprises to improve self-regulatory rules from legislation;improve the legal system of data protection to guarantee information security,etc. |
PDF Full Text Request