隨著數位經濟之發展，目前全球50%以上的服務貿易已經實現數位化，超過12%的跨境貨品貿易通過數位化平台實現。未來全球貿易形式佔比可能實現三分之一貨物貿易、三分之一服務貿易和三分之一的數位貿易。不無論是歐洲還是中國都是極其巨大的市場，而在中歐良好的經貿關係下，歐盟已連續15年是中國最大的貿易夥伴，其中數位貿易在的比例也在逐年攀升，雙方企業蒐集和使用的數據量巨大。且伴隨數位科技之不斷進步，歐洲與中國大陸的人口基數與網絡使用量亦在不斷攀升，歐盟與中國之數位市場規模及配套之監管已然不容忽視。因此，研究歐盟與中國之跨境數據傳輸策略，對目前及未來之數據立法和實踐完備均具有重要時代意義。
而被稱為「最嚴數據保護法」的歐盟《一般數據保護條例》（GDPR）出台後，時至今日已生效滿五週年。歐盟已建立自身的跨境數據傳輸規制體系，呈現出內部自由傳輸和嚴格的個人數據跨境傳輸和多樣化的數位貿易等相關規制。這一體系包含的以個人數據權利保護為基準的個人數據跨境傳輸機制，既強化了個人數據權利保護，促進了個人數據傳輸自由，也為國際之數據跨境傳輸明確了規則。不可否認，歐盟規制之架構對於中國的數據保護體系具有較大借鑒意義。而同在2016年前後，中國亦開始重視數據保護，伴隨近兩年各項法律及相關規範性文件之正式生效，中國的個人信息保護框架目前已基本建立。繼而，本文梳理了歐盟與中國個人數據跨境傳輸規制之發展脈絡，並通過對其沿革、目的、傳輸機制之對比，澄清有關歐中個人數據跨境傳輸之基本認知。
最後，本文將基於現行多元數據跨境規制之比較與反思，展望未來，探索目前框架下數據保護規則之前瞻性規劃，並嘗試對建立個人數據跨境傳輸國際規制提出建議，以期推動中國個人數據跨境傳輸保護機制之完備，使得中國數位貿易發展態勢、企業發展水平、法規完善程度與其作為全球數位新興力量之地位相符，爭取在數位貿易全球化過程中進一步扮演更重要之角色。

With the development of the digital economy, more than 50% of global trade in services has been digitized and more than 12% of cross-border trade in goods has been realized through digital platforms. In the future, one-third of global trade will be in goods, one-third in services and one-third in digital trade. Both Europe and China are huge markets, and under the good economic and trade relations between China and Europe, the EU has been China's largest trading partner for 15 consecutive years, in which the proportion of digital trade is also rising year by year, and the amount of data collected and used by enterprises on both sides is huge. With the continuous advancement of digital technology, the population base and internet usage between Europe and China are also increasing, the scale of the digital market between the EU and China and the supporting regulation should not be overlooked. Therefore, the study of cross-border data flow strategies between the EU and China is of great contemporary significance for the completion of current and future data legislation and practices.
The EU's GDPR, known as “the most stringent data protection law", has been in force for five years now. The EU has already established its own regulatory system for cross-border data flows, showing free internal flows and strict regulations on cross-border transfers of personal data and diversified digital trade. The cross-border personal data transfer mechanism based on the protection of personal data rights is included in this system, which not only strengthens the protection of personal data rights and promotes the free flow of personal data, but also clarifies the rules for international cross-border data transfer. Undeniably, the EU regulatory framework is of great significance for China's data protection system.
Meanwhile, around 2016, China also began to pay attention to data protection, and with the entry into force of various personal information protection laws and related regulatory documents in the past two years, China's personal information protection framework has basically been established. This article then reviews the development of cross-border personal data transfer regulations in the EU and China and clarifies the basic understanding of cross-border personal data transfer between the EU and China by comparing their legislative background, purpose, and transfer mechanism.
Finally, based on the comparison and reflection of the existing multiple data cross-border regulation measures, this article will look forward to the future, explore the forward-looking enhancement of data protection rules under the current framework, and try to put forward proposals for the establishment of international regulation on cross-border personal data flow, with a view to promoting the completion of China's cross-border personal data transmission protection mechanism, leading to the development of China's digital trade, the development level of enterprises, and the degree of perfection of the regulations will be in line with China's position as an emerging force of the world's digital trade, and to strive for a better understanding of the development of China's digital trade. This will enable the development of China's digital trade, the level of development of enterprises, and the perfection of laws and regulations to be in line with its position as a global digital emerging force and to strive for a more important role in the process of globalization of digital trade.

壹、中文文獻
一、中文書籍(按姓氏筆畫排序)
王利明、程嘯、朱虎: 中華人民共和國民法典人格權編釋義，中國法制出版社2020 年版,頁419。
伊恩·布朗利（Ian Brownlie），《國際公法原理》，曾令良、余敏友等譯，法律出版社2007年版，頁271.
埃德加·博登海默（Edgar Bodenheimer），法理學: 法律哲學與法律方法，鄧正來譯，中國政法大學出版社1999年版，頁486
程嘯，個人信息保護法理解與適用，北京: 中國法制出版社，2022，頁531 .

二、中文期刊(按姓氏筆畫排序)
王志安，雲計算和大數據時代的國家立法管轄權——數據本地化與數據全球化的大對抗?.《交大法學》，2019（01），頁5-20
王融,數據跨境流動政策認知與建議——從美歐政策比較及反思視角，《信息安全與通信保密》,2018(03):47.
申衛星，論個人信息保護與利用的平衡，《中國法律評論》，2021(05)，頁28-36.
石佳友.我國證券法的域外效力研究，《法律科學(西北政法大學學報)》，2014(5)，頁129-137.
江國青，國際法中的立法管轄權與司法管轄權，《比較法研究》，1989(1)，頁34-36.
余凌雲、鄭志行，個人信息保護行政公益訴訟的規範建構，《人民檢察》，2022(5)，頁31-36；
吳玄，數據主權視野下個人信息跨境規則的建構，《清華法學》,2021,15(03)，頁87.
沈紅雨，大數據流動背景下個人信息保護法律制度的挑戰與對策——基於比較法的視角，《中國應用法學》，2021（02）
於曉洋、何波，我國《個人信息保護法》立法背景與制度詳解，《大數據》，2022，8(02)，頁175-178.
東方，歐盟、美國跨境數據流動法律規制比較分析及應對挑戰的「中國智慧」，《圖書館雜誌》，2019，38(12)，頁92-97
金晶，作為個人信息跨境傳輸監管工具的標準合同條款，《法學研究》，2022，44(05)，頁19-36.
金晶，歐盟《一般數據保護條例》:演進、要點與疑義，《歐洲研究》，2018，36（04），頁1-26.
俞勝傑、林燕萍，《通用數據保護條例》域外效力的規制邏輯、實踐反思與立法啟示，《重慶社會科學》，2020（06）
姜立文、姜歡，數據安全對跨國證券監管的法律挑戰與對策，《南方金融》，2021(11)，頁86.
胡朝陽，大數據背景下個人信息處理行為的法律規製——以個人信息處理行為的雙重外部性為分析視角，《重慶大學學報:社會科學版》，26卷01期,2020,頁131-145.
馬其家、李曉楠，論我國數據跨境流動監管規則的構建，《法治研究》，2021(01)，頁95-96.
崔夢雪，個人信息保護的行政法制度考察，上海市法學會.《上海法學研究》集刊（2020年第19卷 總第43卷）
張金平，跨境數據轉移的國際規製及中國法律的應對——兼評我國《網絡安全法》上的跨境數據轉移限製規則，《政治與法律》，2016(12)，頁150-151.
張哲、齊愛民，論我國個人信息保護法域外效力制度的構建，《重慶大學學報:社會科學版》，2022，28(5)，頁18
張麗娟、郭若楠，國際貿易規則中的「國家安全例外」條款探析，《國際論壇》，2020, 22（03），頁 66-79.
張繼紅，個人數據跨境傳輸限制及其解決方案，《東方法學》，2018(06)，頁39.
曹博，淺析歐盟《數字市場法》——兼評我國立法借鑒，《網絡安全技術與應用》，2021 年第 8 期
曹博，跨境數據傳輸的立法模式與完善路徑——從《網絡安全法》第37條切入，《西南民族大學學報(人文社科版)》，2018，39(09)，頁95.
梁澤宇，個人信息保護中目的限制原則的解釋與適用，《比較法研究》，2018(05)，頁16-30.
許可，自由與安全:數據跨境流動的中國方案，《環球法律評論》，2021,43(01)，頁22,27
許可，誠信原則：個人信息保護與利用平衡的信任路徑，《中外法學》，2022，34(05)，頁1143-1162.
許可，數據保護的三重進路——評新浪微博訴脈脈不正當競爭案，《上海大學學報(社會科學版)》，2017，34(06)，頁15-27.
許多奇，個人數據跨境流動規製的國際格局及中國應對，法學論壇，2018，33(03)，頁135.
郭戎晉，個人資料跨境傳輸之法律研究，《科技法律透析》，2015，27（08），頁28 -55
陳詠梅、張姣，跨境數據流動國際規製新發展:困境與前路，《上海對外經貿大學學報》，2017，24(06)，頁94.
陸菁，付諾，全球數字貿易崛起:發展格局與影響因素分析，《國際貿易》，2018(11)，頁59-62.
單鴻升，中國大陸個人資料跨境傳輸之監管模式——兼論《個人信息保護法》之域外效效力，《政展望與探索月刊》，2021(09)，頁55.
彭錞，論個人信息保護行政處罰制度——以《個人信息保護法》第66條為中心，《行政法學研究》，2022(04)，頁38-49
程嘯，論我國個人信息保護法中的個人信息處理規則，《清華法學》，2021，15(03)，頁62.
程嘯，論我國個人信息保護法的基本原則，《國家檢察官學院學報》，2021，29(05)，頁9-11.
童啟晟，「台灣發展巨量資料產業之機會與挑戰」，《證券櫃檯》，2014年第174期，頁45-47。
黃寧，「三難選擇」下跨境數據流動規制的演進與成因，《清華大學學報（哲學社會科學版）》，32卷05期，2017
楊帆，後「SchremsⅡ案」時期歐盟數據跨境流動法律監管的演進及我國的因應，《環球法律評論》，2022（01）
趙精武，數據跨境傳輸中標準化合同的構建基礎與監管轉型，《法律科學》，2022(2)，頁148.
齊愛民，論大數據時代數據安全法律法律綜合保護的完善——以《網絡安全法》為視角，《東北師大學報（哲學社會科學版）》，2017(04)，頁111.
劉俊敏、郭楊，我國數據跨境流動規制的相關問題研究——以中國(上海)自由貿易試驗區臨港新片區為例，《河北法學》，2021，39(07)，頁80.
劉曉春、胡笳，《個人信息保護法》為我國跨境數據流動提供制度基礎，《中國對外貿易》，2021 (012)，頁43.
劉權，論個人信息處理的合法、正當、必要原則，《法學家》，2021(05)，頁1-15，頁191.
蔣紅珍，《個人信息保護法》中的行政監管，《中國法律評論》，2021(05)，頁52-53.
蔣紅珍，個人信息保護的行政公益訴訟，《上海交通大學學報(哲學社會科學版)》，2022，30(05)，頁28-38

三、碩博論文(按姓氏筆畫排序)
田旭，網絡空間中個人數據跨境傳輸法律規則研究，華東政法大學博士論文，2020
朱曉東，我國個人數據跨境傳輸規制範式的域外鏡鑒與優化路徑，華東政法大學法律學院碩士論文，2018
杜澤昊，個人數據跨境傳輸的法律規制，湘潭大學法學院知識產權學院碩士論文，2019
陳柔芳，個人資料跨境傳輸比較法研究，東吳大學法學院法律學系碩士論文，2018

四、中文網絡文獻(按姓氏筆畫排序)
《關於加強黨政部門雲計算服務網絡安全管理的意見》（中網辦發文【2015】14號）
中央銀行（2020），「大數據、法遵科技及監理科技」研討會報告
中國人大網，《中華人民共和國個人信息保護法》
中國人大網，《中華人民共和國網絡安全法》
中國人大網，《中華人民共和國數據安全法》
中國信息通信研究院（2022），全球數字經貿規則年度觀察報告，頁4
中華人民共和國國家互聯網信息辦公室，《<數據出境安全評估辦法>全文和答記者問》，https://mp.weixin.qq.com/s/naLLIPlB4wBWtk_8y2NT-A
中華人民共和國國家互聯網信息辦公室，《個人信息出境標準合同辦法》
中華人民共和國國家互聯網信息辦公室，《數據出境安全評估辦法》
北京知識產權法院民事判決書( 2016) 京 73 民終 588 號判決
全國信息安全標準化技術委員會，《信息安全技術 個人信息跨境傳輸認證要求（徵求意見稿）》
黃仕宗（2019），「美日歐數據共享政策分析」，資策會產業情報研究所。
趙祖佑、周駿呈、涂家瑋（2015），「物聯網應用發展趨勢與商機：資料經濟篇」，財團法人工業技術研究院產業經濟與趨勢研究中心，。
劉靜茹，個人信息出境合規實踐——《個人信息跨境傳輸認證要求》的適用與解讀，<https://mp.weixin.qq.com/s/8kB4xL7k8xm4SUo8aEc0uQ>

貳、英文文獻
一、英文書籍
Anu Bradford, Digital Empires: The Global Battle to Regulate Technology, Oxford University Press (2023).
Anu Bradford，The Brussels Effect- How the European Union Rules the World，Oxford University Press（2020）.
Christopher kuner, Transborder Data Flows and Data Privacy Law, Oxford University Press(2013).
Gianclaudio Malgieri, Vulnerability and Data Protection Law, Oxford Data Protection & Privacy Law (2023)
Jose Maria Cavanillas , Edward Curry, Wolfgang Wahlster , New Horizons for a Data-Driven Economy- A Roadmap for Usage and Exploitation of Big Data in Europe, 1st ed., Springer Cham (2016).
Naef, Tobias, Data Protection without Data Protectionism, Springer Nature（2023）
Paul Lambert，A User’s Guide to Data Protection: Law and Policy, Bloomsbury Professional（2018）
Paul Voigt, Axel con dem Bussche, The EU General Data Protection Regulation A Practical Guide, Switzerland: Springer International Publishing AG（2017）.
Stucke, MauriceE., Grunes,AllenP., BigDataandCompetitionPolicy,1sted., Oxford University Press (2016).
W Kuan Hon, Data Localization Laws and Policy: The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens, 1st ed., Edward Elgar Publishing (2017).

二、英文期刊
Allison Callahan-Slaughter, Lipstick on a Pig: The Future of Transnational Data Flow Between the EU and the United States , Tulane Journal of International and Comparative Law, Vol. 25, Issue 1 ,Winter 2016, p.252.
Andrew D. Mitchell，Neha Mishra, Data at the Docks: Modernizing International Trade Law for the Digital Economy, Vanderbilt Journal of Entertainment & Technology Law, Vol. 20, Issue 4 , Summer 2018 ,p.81.
Anu Bradford，“Exporting Standards: The Externalization of the EU,s Regulatory Power via Markets，”International Review of Law & Economics，Vol.42, 2015，pp.158-160.
Babak Bashari Rad and Pouya Ataei , The big data Ecosystem and its Environs, International Journal of Computer Science and Network Security, Vol.17 No.3 ,2017, p.2.
Bendiek Annegret, Stürzer Isabella, Advancing European internal and external digital sovereignty:The Brussels Effect and the EU-US Trade and Technology Council, SWP Comment, 11.03.2022, p.8.
Benjamin Rickert, Data Privacy and Institutional Decision Makers: A Study of U.S. and EU Approaches，28(1) Tilburg Law Review , 2003,pp.462-463.
Brunet-Jailly, E., Cross-border cooperation: a global overview. Alternatives, 47(1), 2022, pp.15-17.
Brussels Privacy Hub, Permissions and Prohibitions in Data Protection Jurisdiction, Brussels Privacy Hub Working Paper , 2016, at p. 3, 18
Christian Pauletto, Options towards a global standard for the protection of individuals with regard to the processing of personal data, 40 Computer Law & Security Review 105433, 2021
Christopher Kuner, Reality and Illusion in EU Data Transfer Regulation Post Schrems, German Law Journal, Vol. 18, Issue 4 , 2017,p.893.
Clare Sullivan , EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era, Computer Law & Security Review, Vol 35, Issue 4 , 2019, p.396
Corrales Compagnucci, Marcelo and Aboy, Mateo and Minssen, Timo, Cross-Border Transfers of Personal Data after Schrems II: Supplementary Measures and New Standard Contractual Clauses (SCCs) , SSRN eLibrary, 2021, pp.5-8
Dalmacio V. Posadas Jr, After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy, Fordham Intell. Property. Media & Entertainment Law Journal,Vol 28, 2017, p.68.
Daphne Keller, The Right Tools: Europe’s Intermediary Liability Laws and the EU 2016 General Data Protection Regulation, 33 BERKELEY TECH. L.J :287, 2018, p.348.
David Ramiro Troitiño, The European Union Facing the 21st Century: The Digital Revolution, TalTech Journal of European Studies, Vol 12(1) , 2022, p.63,75.
Dennis D. Hirsch, Going Dutch? Collaborative Dutch Privacy Regulation and the Lessons It Holds for U.S. Privacy Law, Michigan State Law Review, Vol. 2013(Issue 1), p.83.
Franz-Stefan Gady, EU/U.S. Approaches to Data Privacy and the Brussels Effect: A Comparative Analysis, Georgetown Journal of International Affairs, Vol. 15, Special Issue ,2014, p.19.
Guan Zheng, Trilemma and tripartition: The regulatory paradigms of cross-border personal data transfer in the EU, the U.S. and China, Computer Law & Security Review 43 , 2021.
John Bowman，Myriam Gufflet, Meeting the Challenge of a Global GDPR and BCR Programmer, European Data Protection Law Review (EDPL), Vol. 3, Issue2 ,2017, p.257.
Kuner C, Extraterritoriality and regulation of international data transfers in EU data protection law, International Data Privacy Law, Vol. 5, No. 4, 2015, pp.1-2.
Marianna Meriani, Digital Platforms and the Spectrum of Data Protection in Competition Law Analyses, EuR. Competition L.Rev.Vol.38,2017,p.82.
Paul Roth, Adequate Level of Data Protection in Third Countries Post-Schrems and under the General Data Protection Regulation, Journal of Law, Information and Science, Vol. 25, Issue 1 ,2017, p.55.
Sergio Carrera, Elspeth Guild, The End of Safe Harbor: What Future for EU-US Data Transfers, Maastricht Journal of European and Comparative Law, Vol. 22, Issue 5, 2015, p.655.
Szabo, Endre Gyozo , About Specific Issues of the GDPR of the European Union ,Hungarian Yearbook of International Law and European Law, Vol. 2017, p. 365.
Tetiana L. Syroid, Tetiana Ye. Kaganovska, Valentyna M. Shamraieva, Оlexander S. Perederiі, Ievgen B. Titov, Larysa D. Varunts，The Personal Data Protection Mechanism in the European Union，International Journal of Economics and Business Administration Volume VIII, Special Issue 1, 2020, p196,200
W. Gregory Voss, Cross-border data flows, the GDPR, and data governance, Washington International Law Journal, 29(03), 2020, p.485

三、英文網絡文獻
Casalini, F., J. López González and T. Nemoto (2021), Mapping commonalities in regulatory approaches to cross-border data transfers, OECD Trade Policy Papers, No. 248, OECD Publishing, Paris,<https://doi.org/10.1787/ca9f974e-en>.
CMA, The Commercial Use of Consumer Data, (2015) <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/ 435817/The_commercial_use_of_consumer_data.pdf>
Commission Implementing Decision ( EU) 2021/914 of 4 June 2021 on Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to Regulation ( EU) 2016/679 of the European Parliament and of the Council，OJ L 199，07.06.2021
Commission Implementing Decision (EU) 2021/915 of 4 June 2021 on standard contractual clauses between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 29(7) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (Text with EEA relevance)
Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data，Article 12.
Daniel Crosby, Analysis of Data Localization Measures Under WTO Services Trade Rules and Commitment, International Centre for Trade and Sustainable Development and World Economic Forum, March 2016.
Dena Dervanović , Safe Harbor No More: Impact of the Schrems Case on EU – U.S. Personal Data Transfers, FACULTY OF LAW Lund University, JAMM05 Master Thesis Term: Spring 2016
Doug Laney, 3D Data Management: Controlling Data Volume, Velocity, and Variety, Gartner, file No.949. 6 February 2001. <https://www.oecd-ilibrary.org/docserver/5k47zw3fcp43-en.pdf?expires=1599705180&id=id&acc name=guest&checksum=10E4CF4F184F0370480209E5DFE2B21A>
EDPB, Guidelines 07 / 2022 on certification as a tool for transfers, 2022.06.14.
EDPB, Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.
European Commission, Binding Corporate Rules (BCR) Corporate rules for data transfers within multinational companies, <https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en>
European Commission, Commission Decision 2010/87/EU of 5 February 2010 on Standard Contractual Clauses for the Transfer of Personal data to Processors Established in Third Countries under Directive 95/46/EU of the European Parliament and of the Council，as Amended by Commission Implementing Decision ( EU) 2016/2297 of 16 December 2016，OJ L 39，12.02. 2010，pp.5-18.
EU, Commission Implementing Decision ( EU) 2021/914 of 4 June 2021 on Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to Regulation ( EU) 2016/679 of the European Parliament and of the Council，OJ L 199，07.06.2021.
EU, 95/46/EC Directive.
European Commission，A Digital Single Market Strategy for Europe，Document 52015DC0192，Brussels, 6.5.2015.
European Commission, COMMISSION IMPLEMENTING DECISION on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679
European Data Protection Board, Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) Version 2.0, 12 November 2019.
Facebook Ireland and Schrems，Data Protection Commisioner v.Facebook Ireland Limited and Maximilian Schrems，C-311/18，16.07.2020.
GDPR Enforcement Tracker, <www.enforcementtracker.com/?insights> accede 13 Sep 2023
Google Spain v. AEPD and Mario Costeja Gonzalez, Case C-131/12, 13 May 2014.
IBM, The Four V'sof Big Data, https://www.ibmbigdatahub.com/infographic/four-vs-big-data
McKinsey Global Institute , Digital globalization: The new era of global flows（Mar. 2016）
McKinsey Global Institute , Global flows in a digital age: How trade, finance, people, and data connect the world economy（Apr. 2014）.
McKinsey Global Institute , Globalization in transition: The future of trade and value chains（Jan. 2019）.
McKinsey Global Institute, Global flows: The ties that bind in an interconnected world（Jan. 2023）.
OECD, Data-Driven Innovation for Growth and Well-Being: Interim Synthesis Report (2014), https://www.oecd.org/sti/inno/data-driven-innovation-interim-synthesis.pdf
OECD, Exploring Data-Driven Innovation as a New Source of Growth (2013)
OECD, The OECD Privacy Framework（2013）
Paula Bruening, ‘Can the new standard contractual clauses work for small business?’2021/8/2, <iapp.org/news/a/can-the-new-standard-contractual-clauses-work-for-small-business/>
Renzo Marchini，Does the EDPB answer frequently asked questions on territorial scope? <https://www.fieldfisher.com/en/services/privacy-security-and-information/privacy-security-and-information-law-blog/does-the-edpb-answer-frequently-asked-questions-on-territorial-scope>
The White House, Big Data: Seizing Opportunities, Preserving Values, <https://obamawhitehouse.archives.gov/sites/default/files/docs/big_data_privacy_report_may_1_20 14.pdf >