Title Page
ABSTRACT
Contents
CHAPTER I. INTRODUCTION 15
CHAPTER II. LEGAL FRAMEWORK OF DATA PROTECTION 28
2.1. The Introduction to Personal Data in Digital Economy 29
2.1.1. Definition and Classification of Data 29
2.1.2. The Importance of Data in Digital Economy 38
2.1.3. Threats Incurred by Data Collection and Transfer 45
2.2. Legal Issues in Data Collection and Transfer 50
2.2.1. Data Protection and Global Trade 51
2.2.2. Legal Right to Personal Data 52
2.2.3. Accountability of Data Protection 56
2.2.4. Data Protection and Multiple Jurisdictions 58
2.3. Legal Framework of Data Protection 60
2.3.1. International Legal Framework of Data Protection 61
2.3.2. European Data Protection Laws 67
2.3.3. Data Protection in China 71
2.3.4. Data Protection in the United States 75
2.3.5. Data Protection in Russia 77
CHAPTER III. CROSS BORDER DATA TRANSFER FROM EU 80
3.1. General Regulations on Cross Border Data Transfer 80
3.1.1. Cross Border Data Transfer under EU Data Protection Law 81
3.1.2. To Whom the Law Shall Apply 84
3.1.3. Supervision Authority 88
3.2. Mechanisms for Data Transfer to Third Country Outside of EU 92
3.2.1. EU Adequate Protection Decision 92
3.2.2. EU Model Contractual Clause 98
3.2.3. EU Binding Corporate Rules 105
3.2.4. Approved Code of Conduct and Certification Mechanism 112
3.2.5. Other Data Transfer Options under EU Data Protection Regulation 115
3.3. Implication of EU Data Protection Law on Multinational Corporations 117
3.3.1. Catch Up with "EU Standard" 118
3.3.2. Narrow Avenues for Data Transfer to a Third Country 121
3.3.3. Higher Obligations and Stricter Enforcement 124
CHAPTER IV. DATA LOCALIZATION AND SECURITY ASSESSMENT IN CHINA 131
4.1. General Introduction on Across Border Data Transfer 131
4.1.1. Definition of Cross Border Transfer 132
4.1.2. To Whom the Law Apply 135
4.1.3. Scope and Definition of Covered Data 139
4.1.4. Supervisory Authorities 142
4.2. Requirements on Cross-border Data Transfer 145
4.2.1. General Requirements 146
4.2.2. Requirement of Data Localization 148
4.2.3. Security Assessment 152
4.3. Impacts of Data Localization and Security Assessment on Multinational Corporations 161
4.3.1. New Obligations for Network Operators and Critical Information Infrastructure Operators 161
4.3.2. Uncertainty and Ambiguity 165
4.3.3. Penalties for Non-compliance 168
CHAPTER V. SUGGESTIONS ON CROSS BORDER DATA TRANSFER COMPLIANCE 170
5.1. Compliance with Local Laws 170
5.1.1. Understanding the Application and Requirements of the Law 171
5.1.2. Implementing the Compliance 173
5.1.3. Cooperation with Local Governments 175
5.2. Building Information and Data Protection System 177
5.2.1. Setting up Own Data Protection Policy 177
5.2.2. Establishing Data Protection Practice 178
5.2.3. Forming a Data Protection Working Group 181
5.3. Preparing for Possible Breach 181
5.3.1. Maintaining Relationship with Customers 182
5.3.2. Coping with the Breach in Time 184
5.3.3. Lessons and Preventions 185
CHAPTER VI. CONCLUSION 188
BIBLIOGRAPHY 193