Author |Li Aijun Wang Yi.
* |Jiugua financial circle.
Officially published in August 2023, "Principles and Practice of Data Export Law" is the first book that combines the theory and practice of data export law, and is also the result of the 2020 Ministry of Education's major research project on philosophy and social science research "Research on the Content and System of Data Law" [Project Approval No. 20JZD020].
The authors of this book, Li Aijun and Wang Yi, discuss the legal principles of data export and the practice of evaluation and filing, which is of high reference significance for data processors to deeply understand the original intention of data export supervision, identify data export scenarios, and fulfill compliance obligations for data export.
In the digital era, data drives and drives a series of global activities such as commodity and capital flows, and the scale of cross-border data flows has increased significantly, which has become the main engine for promoting global economic growth. When data crosses national geographical boundaries, problems such as geopolitics, industrial competition, data sovereignty games, data leakage, and illegal transmission may arise, and the data rights and interests of individuals, enterprises, and countries will also be affected. For the sake of public interest, the establishment and improvement of data security supervision mechanisms has become the main focus of all countries.
At present, China has established a data export system based on security assessment, standard contract filing and certification, which requires data processors to fulfill compliance obligations when transferring personal information or important data abroad. However, due to the lack of specific practical operating rules, some data processors have been troubled by issues such as how to determine the data export scenario, apply for the security assessment of data export, and sign a standard contract for personal information export.
The book is divided into 11 chapters, the first is the principle (Chapters 1 to 6), and the second is the practical part (Chapters 7 to 11).
Chapter 1, "Definition of Cross-border Data Transfer", focuses on the legal relationship of data export and the rights (rights) and obligations of each data subject
Chapter 2, "Overview of Cross-border Data Transfer Security", focuses on the definition of cross-border data transfer security and the evaluation criteria from different perspectives (** perspective, public interest perspective, individual and organizational interest perspective).
Chapter 3, "Risks of Cross-border Data Transfer", focuses on the definition of data export risks, the value of prevention, and the risk composition, and analyzes the specific risks of data export from the dimensions of personal interests, legitimate rights and interests of individuals and enterprises, and public interests
Chapter 4, "Risk Prevention Paths for Cross-border Data Transfer", analyzes the current situation and challenges of cross-border data transfer prevention from the legislative, regulatory, judicial, and industry self-regulatory levels, and puts forward suggestions for this book
Chapter 5, "Research on Extraterritorial Rules for Cross-border Data Transfer", focuses on the United States, Japan, Singapore, the United Kingdom, South Korea, Russia and other countries, and conducts comparative law research on their security rules for cross-border data transfer, in addition, from the international cooperation system, the European Union, ASEAN, the Digital Partnership Agreement (DEPA), the World Organization (WTO), the Asia-Pacific Economic Cooperation (APEC), the Organization for Economic Cooperation and Development (OECD), the United States-Mexico-Canada Agreement (The United States- The Mexico-Canada Agreement (USMCA), the European Union-United States: Transatlantic Data Transfer Mechanism, etc., analyzed their security rules for data exports
Chapter 6, "Domestic Rules for the Security of Cross-border Data Transfer", comprehensively sorts out China's existing data export rules, focusing on laws, administrative regulations, departmental rules, departmental normative documents, local regulations, and national standards
Chapters 7 and 8 respectively interpret the Measures for Security Assessment of Cross-border Data Transfer, and analyze common practical issues in practice
Chapters 9 and 10 respectively interpret the "Measures for the Standard Contract for the Export of Personal Information" and the provisions and clauses of the standard contract, and analyze the common problems in practice
Chapter 11 of the last chapter analyzes the current data export cases at home and abroad, including China's data export security assessment cases, data export cases involving criminal offenses, and data export cases that have been subject to high penalties abroad.
1) It focuses on the analysis of the legal theory of China's data export, which has strong guidance for practice.
One of the highlights of this book is that it focuses on the legal principles of data export, which effectively helps data processors understand the original intention of data export supervision, understand the domestic and foreign data export supervision rules, and understand and prevent the risks of data export. I believe that in combination with this part, the understanding and application of some laws and regulations, and the handling of some difficult problems will be easier for the practical circles to solve.
2) Strong practicality.
The second part of this book is a practical part, in which the author answers the ambiguous questions in the actual operation of data export and interprets the regulatory rules one by one, so as to help data processors better understand the specific requirements of laws and regulations, correctly identify data export scenarios, and provide practical operational guidelines for data processors to actually apply for data export security assessment, draft, negotiate and file standard contract clauses. It also provides an operable obligation self-check list to facilitate enterprises to check compliance when going overseas.
In response to the requirements of "exploring and facilitating the security management mechanism for cross-border data flows" proposed in the Opinions on Further Optimizing the Foreign Investment Environment and Increasing Efforts to Attract Foreign Investment, the Cyberspace Administration of China (CAC) issued the Provisions on Regulating and Promoting Cross-border Data Flows (Draft for Comments) in September 2023, which exempts data processors such as cross-border tourism with strong data export necessity and only a small amount of personal information from the obligation of prior approval of data export security assessment and standard contract filing. At present, the draft has not yet been officially promulgated, but it is foreseeable that China will relax the restrictions on data export in the future, promote the free cross-border flow of data on the basis of safeguarding the rights and interests of personal information subjects, and improve the vitality of China's digital economy.