The latest figures released by the General Administration of Customs of China highlight a remarkable trend in cross-border e-commerce, showcasing a significant expansion within the sector. In the first half of this year alone, China's cross-border e-commerce imports and exports reached an impressive 12.2 trillion yuan, marking a year-on-year growth of 10.5%. The growth trajectory extends back to 2018, reflecting an overall increase of 120% in cross-border e-commerce activity over the last five years.

As we navigate through the digital economy era, cross-border e-commerce has emerged as a critical driver for foreign trade development. It leverages advanced technologies to meet the evolving demands of consumers, facilitating global transactions that allow individuals and businesses alike to buy and sell products worldwide. However, behind the convenience of online shopping lies a more complex narrative—the international flow of data. While the movement of data across borders is common, it brings about intricate challenges regarding data security and personal information protection. As the global digital economy flourishes, ensuring the secure and orderly flow of data becomes paramount.

When we consider the mechanics of cross-border data flow, it is evident that these exchanges are deeply woven into everyday commercial activities. Financial transactions such as cross-border payments, travel arrangements involving international flight and hotel bookings, and academic collaborations span geographic boundaries through the transfer of data. Each of these instances illustrates the omnipresence of cross-border data flows in our globalized world.

Take the example of a consumer in China purchasing a product from an overseas seller through a cross-border e-commerce platform. A legal representative from an unnamed internet company explained during an interview that the buyer is required to input their shipping and order details to the foreign seller. Because the buyer and seller rely on devices located in different countries, this single interaction results in the transmission of data across borders.

To delve deeper into the concept of cross-border data flow, it is important to grasp what it entails. According to Wu Shenkuo, a doctoral supervisor at Beijing Normal University and deputy director of the China Internet Association Research Center, cross-border data flow can be classified into two prominent scenarios: the first involves data being transmitted or transferred across different servers in various countries or regions; the second pertains to relevant entities accessing and processing domestic data while operating from abroad.

In practical terms, when overseas employees of a company log into the domestic corporate intranet to retrieve information on clients for business operations, this scenario exemplifies the second type—where entities access domestic data from abroad. It underscores the fundamental nature of data flow in commercial operations and its inevitability amid the cross-border movement of goods, services, and capital.

Yet, the movement of data internationally also raises deeper concerns. Safety is a vital prerequisite for the flow of cross-border data. Gao Fuping, a leading scholar in intellectual property law and the director of the Internet Law Research Institute, pointed out in an interview that while cross-border data flow is common in international relations, it is often complicated by considerations relating to national security.

Gao emphasized that managing the safe and orderly movement of data involves two key aspects: first, establishing mutual trust for data exchange, which requires a clear assessment of the credibility of data recipients; second, monitoring how these recipients utilize the data through effective technological and regulatory measures.

From a practical standpoint, businesses looking to expand into foreign markets must keenly adhere to varying compliance requirements concerning cross-border data flow established by different nations.

For example, if a company aims to launch a new service in countries within the ASEAN bloc, it will typically allocate time and resources to hire legal consultants to navigate the regulatory landscape, with a particular focus on compliance with data transfer regulations between China and the target countries.

Continuous optimization is critical at the operational level. A McKinsey report projects that by 2025, cross-border data flow will contribute an astounding $11 trillion to global GDP. This anticipation was echoed in the Central Economic Work Conference held in December 2023, where issues surrounding cross-border data flow and equal participation in government procurement processes were stated as priorities. Furthermore, the government report issued this year explicitly highlighted the necessity of addressing cross-border data movement.

China is proactively working to establish a framework for the lawful and orderly flow of data. This has included the implementation of laws related to cybersecurity, data safety, and personal information protection, alongside clearly defined regulations concerning overseas data activities. Measures such as establishing security assessments for data exiting the country, standardized contracts for personal information transfer abroad, and certification for data protection compliance represent systematic efforts to create a secure data exchange infrastructure.

Importantly, advocating for the free flow of data does not equate to the relaxation of regulatory oversight. Companies remain obligated to uphold fundamental privacy protections thus ensuring consumers' rights to their personal information are respected, while regulatory agencies must maintain consistent oversight to encourage enterprises to enhance their data compliance mechanisms.

Gao advocates for a dual approach comprising domestic order in data utilization and security concerning international data exit. He proposes the establishment of a system anchored in national security which harmonizes data security challenges. This includes concentrating regulatory efforts on key data types and maintaining vigilance against mere transactional exchanges of sensitive information such as human genetic data and geographic information.

On the topic of international economic cooperation, it has been noted that data movement is closely linked to personal information. As such, enforcing responsibility on the entities exporting data—through credit, contractual, and technological safeguards—is essential for ensuring a secure and orderly flow of data.

Wu Shenkuo also highlighted an ongoing exploration among different nations and regions to delineate a regulatory framework governing cross-border data flow at the global level. Notably, we see an increasing inclusion of specialized clauses on cross-border data movement in international trade agreements and bilateral or multilateral accords.

Taking into account the current scenario of Chinese companies venturing abroad, the aforementioned legal representative suggested intensifying data-related dialogue with nations like Japan, South Korea, and those in Southeast Asia. Presently, these regions possess considerable legal frameworks and law enforcement capabilities regarding personal and data protection that are comparable to China, thus providing a firm foundation for negotiations.