The “Guidelines for the Protection of Personal Data Privacy and Cross-border Flows” published by OECD has proposed to encourage the free data flows while promoting the trade flows (except for special circumstances). In this way, a balance of interests for all parties may be achieved by establishing a common standard for cross-border data flows to improve the “interactivity” of global privacy regulations. The “Comprehensive Progressive TransPacific Partnership” emphasizes that data shall flow freely along with free trade in goods and services. As a symbol of the current digital society and information age, the emergence of the “digital economy”, the progress of the “Belt and Road” strategy, network patterns are being created whereby China is more closely associated with the world. Data has been firmly established as a core asset driving future economic growth and efficiencies, which has become an element of new productivity together with “oil, minerals, natural gas, and etc.”.
There is an increasing occurance of cross-border acquisitions, overseas investments, crossborder e-commerce and after-sales support, cross-border payments and logistics, and global versions of applications, which rely on data collected from the all over the world for analysis, calculation, and decision-making. Large multinational enterpries manage and operate their global business and employees in a unified manner. Services will be procured locally or outsourced to overseas third-parties. Cross-border data transfer is suppoted by the deployment of global data centers and participation of third-country cloud service partners. At the same time, the need for greater privacy and data protection has received increasing recognition. Since the European “General Data Protection Regulation” (“GDPR”) came into force, legislation on privacy and data protection in many jurisdictions have been developing rapidly and vigorously.
This “ Globalization and Privacy Protection Guide” is divided into four parts. From the perspective of the companies in China who plan to expand to overseas , this Guide will will provide practical compliance guidelines and introduce (1) the current challenges and opportunities under data globalization that are encountered by companies, (2) how to preplan for their overseas business (including sorting out the requirements for data exportation and inventory of such data, drafting and assessing contracts, accomplishing special approval procedures and determining target jurisdictions, etc.), (3) interpretation of data and privacy protection laws in key target jurisdictions and regions, and (4) an overview of the crossborder data flow systems among regions.
From this Guide, it can be noted that some laws have been largely inspired by and designed to align with the GDPR, while others take a different approach to serve their specific needs.
Except for special categories of data that are subject to data localization, cross-border data transfer is in principle allowed in most jurisdictions, while some prescribe different conditions for cross-border data transfer due to their national conditions: in some jurisdictions, data exportation is basically allowed while special categories of data are prohibited to be exported abroad; while in some jurisdictions, data exportation is prohibited in principle and is only permitted in exceptional cases.
For domestic companies which plan to go overseas and foreign companies that are expanding into China, we present thisGuide to provide a reference so as to assist them in learning the privacy protection laws and regulatory policies in various jurisdictions in advance. In this way, these companies may avoid oversight while trying to localize or globalize their operations. Meanwhile, we also expect a comprehensive, high-level, and multilateral cooperation framework in data privacy to be built among different jurisdictions, to explore the compatibility of privacy protection laws and regulations and their implementation. Only with consistency can the digital economy advance in a harmonious, sufficient, and orderly manner. A multilateral win-win situation will then be ensured on the basis of national security. According to Article 12 of “Personal Information Protection Law (Draft)”, China shall actively participate in the formulation of international rules for personal information protection, promote international exchanges and cooperation, and promote mutual recognition with other countries, regions and international organizations regarding rules and standards to protect personal information. It is also one of our motives if this Guide may contribute ideas and information to the academies and legislation.