Abstract:The international regulation of cross-border data flow is not merely within the scope of digital trade law, but a primary constituent element of the international legal order for data and cyberspace. In the context of development suspension of global rules, the divergent regulation among states and bilateral, regional trade agreements has created an overlapping, interactive, and competitive governing situation, and the insufficient, fragmented and differentiated rules constitute non-tariff trade barriers of cross-border data flow and give rise to constant transitional disputes and conflicts, which has enlarged the risk of data colonist, data imperialism, data nationalism and data protectionist. The essential causing roots are the interrelated and complex relations among the three core concepts, i.e., human rights, national security and sovereignty, and the vital differences and competition in the relevant notion values, policy orientation and regulation approaches. There are different definitions for personal data and divergences surrounding the right to privacy and right to development. The biased emphasis of the US and EU laws on civil rights, particularly the freedom of speech undermines the economic dimension of data and the related right to development issues, and the overspill effect of their domestic laws has enlarged the digital divide. Therefore, strengthening the implementation of right to development should be the concern of international legal order for data and cyberspace. The extension of national security scope and the strategic importance of data has promoted the issue of data and cyber security to be the concerns of national security and triggered the misuses of national security exceptional rules for national security in trade and investment agreements. The impact of cyberspace on sovereignty has furthered the policy and practice differences and conflict in data regulation, especially with respect to the issues of the long-arm jurisdiction, extraterritorial effect of data rights protection and universal practice of localization requirements and measures. Therefore, there is an imperative need to abolish the current set-pattern of focusing on domestic data law and international economic order and the technical separation of domestic law and international law, and integrally and interrelated rethink the core concepts of human rights, national security and sovereignty. A flexible and differentiated order diffusing the vast differences regarding these three concepts and the corresponding fragmented and divergent regulation values and methods could promote the construction of a coordinated, uniform global data governing framework. Regulation competition has become a major part of international competition. As the most advanced form of international competition, regulation competition lays the foundation for coordinating international rules and constructing a universally accepted date governing framework. The data laws of the European Union, the United States and China are the primary source of competition for formulating global governing framework, which presents the opportunity for coordinating international rules and constructing global legal order. International data regulation originates from the interaction of domestic law and international law, which is also the key elements for the United States and the European Union to shape and influence international rules. As for China, the core tasks are demolishing and responding to the biased, double-standards narratives of human rights, national security and sovereignty in data regulation; improving domestic regulations values and regulatory rules; proposing international law narratives based on domestic needs and international cooperation. China’s proposal for data international regulation shall be built upon the flexibility of data and cyber sovereignty, focusing on national security and equity protection of personal information and aiming at the promotion of free cross-border data flow.
吴晓丹. 数据国际治理:人权、安全和主权的耦合与差序[J]. 浙江大学学报(人文社会科学版), 2025, 55(8): 135-150.
Wu Xiaodan. Global Governance of Cross-border Data Flow: Interconnection and Differentiated Order of Human Rights, National Security and Sovereignty. JOURNAL OF ZHEJIANG UNIVERSITY, 2025, 55(8): 135-150.
1 Novotny E. J., “Transborder data flows: a bibliography,” Stanford Journal of International Studies, Vol. 16 (1980), pp. 181-199. 2 单文华、邓娜:《欧美跨境数据流动规制:冲突、协调与借鉴——基于欧盟法院“隐私盾”无效案的考察》,《西安交通大学学报(社会科学版)》2021年第5期,第94-103页。 3 Kirby M., “Legal aspects of transborder data flows,” Computer Law Journal, Vol. 11, No. 2 (1991), pp. 233-245. 4 Raab C. & Szekely I., “Data protection authorities and information technology,” Computer Law and Security Review, Vol. 33, No. 4 (2017), pp. 421-433. 5 Brookman J., “Protecting privacy in an era of weakening regulation,” Harvard Law and Policy Review, Vol. 9, No. 4 (2015), pp. 355-374. 6 Whitman J. Q., “The two western cultures of privacy: dignity versus liberty,” The Yale Law Journal, Vol. 113, No. 6 (2004), pp. 1151-1221. 7 Regan P. M., Legislating Privacy: Technology, Social Values, and Public Policy, Chapel Hill: The University of North Carolina Press, 1995. 8 Büyüksagis E., “Towards a transatlantic concept of data privacy,” Fordham Intellectual Property, Media & Entertainment Law Journal, Vol. 30, No. 1 (2019), pp. 139-221. 9 Schwartz P. M. & Peifer K. N., “Transatlantic data privacy law,” The Georgetown Law Journal, Vol. 106, No. 1 (2017), pp. 115-179. 10 Bradford A., The Brussels Effect: How the European Union Rules the World, Oxford: Oxford University Press, 2020. 11 Tzanou M., “Data protection as a fundamental right next to privacy? ‘reconstructing’ a not so new right,” International Data Privacy Law, Vol. 3, No. 2 (2013), pp. 88-99. 12 Kokott J. & Sobotta C., “The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR,” International Data Privacy Law, Vol. 3, No. 4 (2013), pp. 222-228. 13 Kuner C., “An international legal framework for data protection: issues and prospects,” Computer Law and Security Law Review, Vol. 25, No. 4 (2009), pp. 307-317. 14 Kovalenko Y., “The right to privacy and protection of personal data: emerging trends and implications for development in jurisprudence of European Court of Human Rights,” Masaryk University Journal of Law and Technology, Vol. 16, No. 1 (2022), pp. 37-58. 15 Schwartz P. M., “Global data privacy: the EU way,” New York University Law Review, Vol. 94 (2019), pp. 771-818. 16 Rustad M. L. & Koenig T. H., “Towards a global data privacy standard,” Florida Law Review, Vol. 71, No. 2 (2019), pp. 365-453. 17 Mattoo A. & Meltzer J. P., “International data flows and privacy: the conflict and its resolution,” Journal of International Economic Law, Vol. 21, No. 4 (2018), pp. 769-789. 18 Shaffer G., “Globalization and social protection: the impact of EU and international rules in the ratcheting up of U.S. privacy standards,” Yale Journal of International Law, Vol. 25, No. 1 (2000), pp. 1-109. 19 韩旭至:《信息权利范畴的模糊性使用及其后果——基于对信息、数据混用的分析》,《华东政法大学学报》2020年第1期,第85-96页。 20 朱晓峰:《数字时代离线权民法保护的解释路径》,《环球法律评论》2023年第3期,第24-42页。 21 Ann-Lee J., “Hacking into China’s cybersecurity law,” Wake Forest Law Review, Vol. 53, No. 1 (2018), pp. 99-104. 22 Shtub T. G. & Gal M. S., “The competitive effects of China’s legal data regime,” Journal of Competition Law & Economics, Vol. 18, No. 4 (2022), pp. 936-970. 23 Mishra N., International Trade Law and Global Data Governance: Aligning Perspectives and Practices, Oxford: Hart Publishing, 2024. 24 Chin Y. & Zhao J., “Governing cross-border data flows: international trade agreements and their limits,” Laws, Vol. 11, No. 4 (2022), pp. 1-22. 25 Meltzer J., “Governing digital trade,” World Trade Review, Vol. 18, No. S1 (2019), pp. 23-48. 26 Hartzog W. & Solove D. J., “The scope and potential of FTC data protection,” The George Washington Law Review, Vol. 83, No. 6 (2015), pp. 2230-2300. 27 Burt A. & Geer D., “Flat light: data protection for the disoriented, from policy to practice,” 2018-11-29, https://www.lawfaremedia.org/article/flat-light-data-protection-disoriented-policy-practice, 2024-09-04. 28 Donahue L. K., “The limits of national security,” American Criminal Law Review, Vol. 48, No. 4 (2011), pp. 1573-1756. 29 Boyd R. H., “FIRRMA: buy American products, or bye American progress?” Wake Forest Journal of Business and Intellectual Property Law, Vol. 19, No. 2 (2019), pp. 103-123. 30 Feder A., “A bull in a China shop: how CFIUS made TikTok a national security problem,” Cardozo International and Comparative Law Review, Vol. 6, No. 2 (2022), pp. 627-645. 31 Westbrook A. D., “Securing the nation or entrenching the board? the evolution of CFIUS review of corporate acquisitions,” Marquette Law Review, Vol. 102, No. 3 (2019), pp. 643-673. 32 Zalnieriute M., “Data transfers after Schrems Ⅱ: the EU-US disagreements over data privacy and national security,” Vanderbilt Journal of Transnational Law, Vol. 55, No. 1 (2022), pp. 1-45. 33 杨帆:《后“Schrems Ⅱ案”时期欧盟数据跨境流动法律监管的演进及我国的因应》,《环球法律评论》2022年第1期,第178-192页。 34 Faison A., “TikTok might stop: why the IEEPA cannot regulate personal data privacy and the need for a comprehensive solution,” Duke Journal of Constitutional Law & Public Policy Sidebar, Vol. 16 (2021), pp. 115-145. 35 Wehrle? F. & Pohl J., “Investment policies related to national security: a survey of country practices,” 2016-06-14, https://doi.org/10.1787/5jlwrrf038nx-en, 2024-09-04. 36 吴晓丹:《数字贸易国际治理:重塑WTO的中心化地位》,《国际商务(对外经济贸易大学学报)》2025年第2期,第11-31页。 37 Alter K. J., Hafner-Burton E. & Helfer L. R., “Theorizing the judicialization of international relations,” International Studies Quarterly, Vol. 63, No. 3 (2019), pp. 449-463. 38 Lester S. & Zhu H., “A proposal for ‘rebalancing’ to deal with ‘national security’ trade restrictions,” Fordham International Law Journal, Vol. 42, No. 5 (2019), pp. 1451-1474. 39 Claussen K., “Trade’s security exceptionalism,” Stanford Law Review, Vol. 72, No. 5 (2020), pp. 1097-1164. 40 时业伟:《跨境数据流动中的国际贸易规则:规制、兼容与发展》,《比较法研究》2020年第4期,第173-184页。 41 Chachko E., “Foreign affairs in court: lessons from CJEU targeted sanctions jurisprudence,” The Yale Journal of International Law, Vol. 44, No. 1 (2019), pp. 2-51. 42 de Jong-Chen J., “Data sovereignty, cybersecurity, and challenges for globalization,” Georgetown Journal of International Affairs, Vol. 16 (2015), pp. 112-122. 43 廖凡:《数字主权与全球数字治理》,《暨南学报(哲学社会科学版)》2024第7期,第47-60页。 44 Peng S. & Liu H., “The legality of data residency requirements: how can the trans-Pacific partnership help?” Journal of World Trade, Vol. 51, No. 2 (2017), pp. 183-204. 45 Goldsmith J. L., “Against cyberanarchy,” University of Chicago Law Review, Vol. 65, No. 4 (1998), pp. 1199-1250. 46 Post D. G., “Against ‘against cyberanarchy’,” Berkeley Technology Law Journal, Vol. 17, No. 4 (2002), pp. 1365-1387. 47 Kuner C., “Data nationalism and its discontents,” Emory Law Journal Online, Vol. 64 (2015), pp. 2089-2098. 48 Kuner C, Transborder Data Flows and Data Privacy Law, Oxford: Oxford University Press, 2013. 49 Hildebrandt M., “Extraterritorial jurisdiction to enforce in cyberspace? Bodin, Schmitt, Grotius in cyberspace,” University of Toronto Law Journal, Vol. 63, No. 2 (2013), pp. 196-224. 50 Johns F. E., “Global governance through the pairing of list and algorithm,” Environment and Planning D: Society and Space, Vol. 34 (2016), pp. 126-149. 51 Johns F. E., “Data territories: changing architectures of association in international law,” in Kuijer M. & Werner W. (eds.), Netherlands Yearbook of International Law: The Changing Nature of Territoriality in International Law, vol. 47, The Hague: T.M.C. Asser Press, 2017, pp. 107-129.