The Legal Framework for Cross-Border Data Transfer Between Mainland China and HKSAR

Title The Legal Framework for Cross-Border Data Transfer Between Mainland China and HKSAR
Author Junxuan Wu
Affiliation KoGuan Law School, Shanghai Jiao Tong University
Region/Country China
Pages 278-302
Download
Permalink
DOI
Keywords Cross-Border Data Transfer; Digital Sovereignty; Data Localization; National Security; Hong Kong SAR; Mainland China
Abstract Cross-border data transfer is a hard issue in today’s world of “digital nationalism”. In this post-Snowden world, data-localization has become the norm. China has adopted data localization rules in various laws, from Internet Security Law to Data Security Law. China’s constitutional structure of “one country, two systems” presents a unique question to data localization: should cross-border data transfer between the Mainland and SARs (Special Administrative Regions) be constrained by data-localization rules? Since both basic laws for Hong Kong and Macau define these two SARs as "free trade" zones and "separate customs" territories, once data from the Mainland are transferred to the SARs, there would be no existing laws to hinder their further flow to the globe. Furthermore, the SARs have their laws protecting data rights and regulating data use, which are quite different from the national laws. These unique features render cross-border data transfer within China a challenging and interesting topic. This article takes the challenge by focusing on the legal framework for data transfer between Mainland China and Hong Kong. It delineates the relevant legal rules in China and its HKSAR, points out the obstacles and difficulties, and suggests reforms.