Research On The Extraterritorial Jurisdiction Of Data In The US Cloud Ac

In the era of the digital economy,cross-border data has shown a trend of normalization,and countries have taken data protection measures due to considerations such as privacy protection and national security.In the absence of internationally recognized cross-border data governance rules,the United States implemented the Clarifying Lawful Overseas Use of Data Act(hereinafter referred to as the "Cloud Act")in March 2018.The bill abandons the previously adopted data territorial jurisdiction model and shifts to the "data controller" standard,stipulating that the United States can obtain data located outside the United States based on the minimum contact principle.The Cloud Act undoubtedly greatly expanded the United States’ extraterritorial jurisdiction over data.In addition,Articles 104 and 105 of the Cloud Act provide for the administrative agreement model of "qualified government".Qualified governments recognized by the United States can request data sharing from the United States,and the sufficiency criteria for "qualified government" are fully confirmed by the United States unilaterally,which has great discretion in this regard.In addition,for "non qualified governments",the United States can bypass the authorization of the data ownership country and directly request enterprises to provide data,while the country does not have equal rights.This unilateral data acquisition method and discrimination seriously impact the network sovereignty of the data ownership country.The Access to Electronic Data for the Purpose of Countering Serious Crime(Data Access Agreement),which came into effect on October 3,2022,is the latest example of a data sharing agreement signed between the United States and a "competent government".Other countries have also evaluated the Cloud Act and considered whether to join its data extraterritorial jurisdiction system.The issue of extraterritorial jurisdiction of domestic law has always been a hot topic for international law scholars both domestically and internationally.Whether it is from the practical needs of internet companies to carry out data compliance,or from the theoretical exploration of reasonable boundaries for countries to set and exercise data extraterritorial jurisdiction,the emerging legal phenomenon of "the Cloud Act actively expands the United States’ data extraterritorial jurisdiction" is worth studying from the perspective of international law.This article mainly explores whether the expansion of extraterritorial jurisdiction over data under the Cloud Act will pose legal risks to China,as well as China’s response suggestions,and explores the desirability of its data governance rules.The paper specifically focuses on three sections: "The Cloud Act Expands US Data Extraterritorial Jurisdiction","The Ways in which the Cloud Act Expands Data Extraterritorial Jurisdiction",and "The Reference Value and Legal Risks after the Entry into Force of the UK US Data Access Agreement".The paper mainly adopts case analysis methods and other research methods,drawing on the practices of data extraterritorial jurisdiction in the Cloud Act,to explore how China can design a suitable extraterritorial jurisdiction mechanism for China.The first chapter of this article raises questions,starting from the expansion of US data extraterritorial jurisdiction under the Cloud Act,analyzing the changes in US data extraterritorial jurisdiction boundaries before and after the implementation of the Cloud Act,and leading to the following text.Chapter 2 provides a specific analysis of the ways in which the Cloud Act expands the extraterritorial jurisdiction of US data.The article first elaborates on the composition of extraterritorial jurisdiction over data under the Cloud Act,which is divided into three aspects: legislation,law enforcement,and judicial jurisdiction.Then,it analyzes the specific provisions of the Cloud Act,mainly Articles 103 and 105.This section focuses on the establishment and limitations of the "data controller standard",including the standards of the "data controller" and the appeal procedures of service providers.In addition,it also focuses on the specific practice of the "qualified government" data sharing administrative agreement model,analyzes the identification standards of the "qualified government" and the conflicts that may arise from reaching administrative law enforcement agreements.Chapter 3 selects the UK US Data Access Agreement,which was issued under the data extraterritorial jurisdiction system of the Cloud Act,for specific analysis.As the first bilateral enforcement agreement reached under the framework of the Cloud Act,the UK US Data Access Agreement has its international and domestic legal basis,and the UK US Data Access Agreement marks the formation of the Cloud Act’s extraterritorial jurisdiction system for data.After the formation of the US data extraterritorial jurisdiction system,it provided a reference model for international data governance,but also posed certain risks and threats to individual rights and national sovereignty.Chapter 4 elaborates on the reference significance of the Cloud Act for the design of China’s extraterritorial jurisdiction mechanism.This paper argues that the Cloud Act should be viewed dialectically and its essence should be taken.Due to the conflict between the Cloud Act and China’s data localization advocates,China should further improve its data extraterritorial jurisdiction system.