Overview of Regulations on Cross Border Data Flow

Abstract

The high importance and immense power of data, coupled with a lack of consensus on the definition of this term, have led to multiple challenges in this field. Data protection legislation can be traced back to the Enlightenment era, which explains why the EU has always regarded personal data protection as a fundamental human right. As the third generation of personal information protection legislation, GDPR not only expands the extraterritorial application effectiveness, but also strengthens the administrative sanctions function of DPA. The EU has considered commitments regarding cross-border data flows in recent trade agreement negotiations, indicating a trend towards repositioning its considerations between data protection and trade interests. The primary issue facing the regulation of cross-border data flow under the WTO framework is to clarify the applicability of GATS commitments to digital trade and cross-border data flow. At the FTA level, few trade agreements explicitly address the issue of data localization requirements. For the first time, CPTPP sought to explicitly restrict the use of data localization measures, with the exception of "legitimate public policy objectives", and this template was subsequently followed by FTA. In response to the regulation of cross-border data flow in China, scholars have put forward their own opinions from different perspectives, from the objects of learning and reference to specific suggestions.