CROSS-BORDER FLOW OF PERSONAL INFORMATION: INTERNATIONAL PRACTICES
Keywords:
Cross-Border Data Flows, Personal Information Protection, GDPR, Data SovereigntyAbstract
The cross-border flow of personal information has become a critical issue in the digital age, shaped by varying legal frameworks and priorities across jurisdictions. This paper examines the regulatory approaches of four major players—the United States, the European Union (EU), Russia, and China—highlighting their distinct strategies, strengths, and challenges. The U.S. adopts a market-oriented, fragmented model that prioritizes innovation but faces criticism for weak privacy protections and extraterritorial surveillance. The EU, through its General Data Protection Regulation (GDPR), establishes a rights-based, unified framework that sets global privacy standards but struggles with high compliance costs and enforcement inconsistencies. Russia enforces a defensive, sovereignty-driven model with strict data localization and geopolitical controls, which enhances national security but leads to technological isolation. China balances security and development through its "three-pillar" framework (Cybersecurity Law, Data Security Law, and Personal Information Protection Law), promoting regulated data flows while advancing its global influence via initiatives like the "Digital Silk Road." Despite their differences, all four jurisdictions face challenges in balancing privacy, security, and economic interests. The paper concludes with recommendations for fostering international cooperation, enhancing transparency, and leveraging technology to build a more interoperable and equitable global data governance framework.
Downloads
References
1. Shi, Y. W. (2020). International trade rules in cross-border data flows: Regulation, compatibility, and development. Comparative Law Review, 4, 173–184.
2. Tan, G. F. (2021). Exceptions in digital trade regulation. Hebei Law Science, 6, 102–120.
3. Personal Information Protection Law of the People’s Republic of China, Article 4 (2021).
4. Wu, X. (2022). Cross-border data law enforcement in the cloud era: U.S. CLOUD Act and China’s approach. Local Legislation Research, 5, 116.
5. CLOUD Act, Pub. L. No. 115-141, 132 Stat. 1213 (2018).
6. California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (2018).
7. European Commission. (2023). Commission Implementing Decision on the EU-U.S. Data Privacy Framework. Brussels: EU Publications Office.
8. Wang, H., & Zhou, B. W. (2023). The extraterritorial expansion of U.S. long-arm jurisdiction and its mitigation. Journal of North China University of Science and Technology (Social Science Edition), 23(2), 13–19.
9. Liu, S. X. (2019). Cross-border personal data flows in the context of globalization. China Finance, 23, 68–70.
10. Li, Y. H. (2021). Cross-border data flow regulation between the EU and the U.S. after the Privacy Shield case: The future of soft data localization mechanisms and the innovation of standard contractual clauses. European Studies, 39(6), 25–49.
11. Jin, J. (2018). The EU General Data Protection Regulation: Evolution, key points, and ambiguities. Proceedings of the 12th Annual Conference of the European Law Research Association of China, 181–189.
12. Wang, A. L., & Da, N. S. (2020). China’s voice on "cyber sovereignty" and its international recognition. Journal of Dalian University of Technology (Social Sciences), 6, 1–8.
13. Voigt, P., & von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A practical guide. Springer International Publishing AG.
14. Kuner, C. (2020). The international dimension of the GDPR. Oxford University Press.
15. Schwartz, P. M. (2019). Global data privacy: The EU way. NYU Law Review, 94(3), 771–818.
16. Federal Law No. 152-FZ "On Personal Data" (2006, amended 2015).
17. Roskomnadzor. (2021). Order No. 274 on Approval of Cross-Border Data Transfer Procedures. Moscow: Official Gazette.
18. Klimenko, E. (2020). Russia’s sovereign internet law: Origins and implications. Chatham House Report.
19. Soldatov, A. (2022). Digital iron curtain: Russia’s data localization regime. Journal of Cyber Policy.
20. Belfer Center. (2021). Encryption standards and geopolitics: The case of GOST. Harvard Kennedy School.
21. Carnegie Endowment. (2022). Selective enforcement in Russia’s digital economy. Moscow: Carnegie.ru.
22. Zhang, J. P. (2016). Cross-border data transfer rules under China’s Cybersecurity Law. Politics and Law,12, 137–148.
23. Zhang, X. B. (2018). Major contradictions in the legislation of China’s Personal Information Protection Law. Journal of Jilin University (Social Sciences Edition), 5, 45–55.
24. Zhao, H. L. (2022). Conflicts and strategies in international governance of personal information protection from a data sovereignty perspective. Contemporary Law Review, 4, 82–91.
