Editor’s Note

In the context of today’s big data and cloud computing, the global flow of data has become a powerful driver for international economic and investment growth. The EU and the U.S. have created two different paths for the legal regulation of the cross-border flow of personal data due to their respective historical traditions and realistic demands. The requirements for data protection have shown significant differences. The EU advocates localization of data and firmly restricts cross-border flow of personal data. The U.S. tends to protect personal data through industry self-regulation and government law enforcement. At the same time, these two paths also merge and supplement with each other. Based on this, China needs to learn from the legal regulatory paths of the EU and the US, respectively, to establish a legal idea that places equal emphasis on personal data protection and the development of the information industry. In terms of domestic law, the Cybersecurity Law of the People’s Republic of China needs to be improved and supplemented by relevant supporting legislation to improve the operability of the law; the industry self-discipline guidelines should be established; and various types of cross-border data need to be classified and supervised. In terms of international law, it is necessary to participate in international cooperation based on the priority of data sovereignty and promote the signing of bilateral, multilateral agreements, and international treaties on the cross-border flow of personal data.