Towards a Global Regulatory Framework for Cross-Border Data Flows—Fundamental Concerns and the China’s Approach

Cross-border data flows not only involve cross-border trade issues, but also severely challenge personal information protection, national data security, and the jurisdiction of justice and enforcement. As the current digital trade negotiations could not accommodate these challenges, China has initiated the concept of secure cross-border data flow and has launched a dual-track multi-level regulatory system, including control system for overseas transfer of important data, system of crossborder provision of personal information, and system of cross-border data request for justice and enforcement. To explore a global regulatory framework for cross-border data flows, legitimate and controllable cross-border data flows should be promoted, supervision should be categorized based on risk concerned, and the rule of law should be coordinated at home and abroad to promote system compatibility. To this end, the key is to build a compatible regulatory framework, which includes clarifying the scope of important data to define the “Negative List” for preventing national security risks, improving the cross-border accountability for protecting personal information rights and interests to ease pre-supervision pressure, and focusing on data access rights instead of data localization for upholding the jurisdiction of justice and enforcement.