Research on the Balance Mechanism of Rights Conflict in the Cross-border Flow of Personal Financial Data

Yan Lu

doi:10.54097/3hwd5d55

Authors

Yan Lu

DOI:

https://doi.org/10.54097/3hwd5d55

Keywords:

Personal Financial Data, Cross-Border Flow, The Balance of Rights, Data Security and Freedom

Abstract

The cross-border flow of personal financial data is inevitable due to the needs of cross-border business or overseas supervision such as anti-money laundering. The conflict between national financial security and financial efficiency results in a series of unbalanced situations under cross-border financial data. The state takes measures to regulate in order to balance different demands, promote economic development, and seek economic globalization. In an unbalanced state, the lack of systematic rights protection will lead to a lack of confidence in the degree of protection of personal financial data subjects, which may hinder the construction of global economic integration. This paper first analyzes the causes of imbalance from the perspective of value orientation and makes suggestions for institutional improvement. Secondly, from the perspective of the contradictions between the subjects of personal financial data rights and processors, as well as the contradictions between regulators, it studies the feasibility methods to check and balance and resolve the conflicts, so as to achieve the goal of clarifying the basic value and coordinating the conflict relationship. It should also focus on the development of national independent artificial intelligence, science and technology to help development cooperation, and the goal of international economic integration.

Downloads

Download data is not yet available.

References

National Data Bureau of China, "Three-year Action Plan of" Data Elements× "(2024-2026) (Draft for Comment), 2024, chapter 8.

Financial Standards Committee, "Technical Specification for the Protection of personal Financial Information", 2020: "personal financial information is an important basic data accumulated by financial institutions in the process of providing financial products and services".

Financial Standards Committee, “Technical Specification for the Protection of personal Financial Information”, 2020, Article 3.2: "Financial institutions obtain, process and preserve personal information through the provision of financial products and services or other channels".

Id.

Financial Standards Committee, Technical Specifications for the Protection of Personal Financial Information, 2020, Article 4.1.

See Sun Dengke, “Research on the Legal Application of Cross-border Protection of Personal Data”, Liaoning University Press Co., LTD., 1st edition, November, pp.48, 2020.

Financial Standards Committee, “Technical Specification for the Protection of personal Financial Information”, 2020, Article 3.4.

The People's Bank of China, “The Measures for the Protection of the Rights and Interests of Financial Consumers of the People's Bank of China” a, 2020, Article 2.

The EU, “General Data Protection Regulation”, 2018, Article 4 (7) .

This term is used in “ the Personal Information Protection Law of China”, 2021.

Financial Standards Committee, “the Technical Specification for Personal Financial Information Protection”, 2020, Article 3.5: "An institution that has the right to decide the purpose and method of personal financial information processing".

China Information Security Standardization Technical Committee, “the Information Security Technology Personal Information Security Standard”, 2020, Article 3.4 : "Organizations or individuals who have the ability to decide the purpose and manner of personal information processing", as well as the express consent of Article 3.6, the authorized consent of Article 3.7, and the requirements for personal information controllers.

Bodil Linqvist, Case-101/01 [2003] ECR I-12971.

See Li Dong, “Research on Legal Regulation of Cross-border Flow of Personal Financial Data”, Master thesis of Shanghai Jiaotong University, 2018.

Financial Standards Committee, “the Technical Specification for the Protection of Personal Financial Information”, 2020, Article 7.1.3(d) stipulates that four conditions need to be met: compliance, consent, exit assessment, and clear security conditions abroad. For security assessment, Article 4 of the Measures for the Security Assessment of Data Exit stipulates the situation that general data needs security assessment.

See Guo Ziyi, "Regulation of Cross-Border flow of Financial data from the Perspective of National Security", seeking Truth from Facts, vol.3: pp.62 ,60-66, 2021.

See Fan Sibo, "Research on the Governance of the Cross-Border flow of personal Financial data", Journal of Chongqing University (Social Science Edition): vol.12, pp.12,1-17.

See National Internet information office of China, “the Draft Measures for Security Assessment of the Transfer of Personal Information and Important Data Abroad”, 2017, Articles 3, 7 and 8.

See National Internet information office of China of the Measures, “the Assessment of Exit Safety of Personal Information and Important Data”, 2017, Articles 3, 4, 5, 7, 8 and 11.

See Ren Longlong, “On consent is not the legitimate basis of financial data processing”, in Politics and Law, vol.1, 2016.

See Wang Yuan, “The Trend of Personal Information Protection from the Perspective of Data Power-Centering on the Separation of Personal Information Protection and Privacy”, Journal of Beihang University (Social Science Edition), vol.1, pp.52,45-57, 2022.

See Financial Standards Committee, “Technical Specification for the Protection of personal Financial Information”, Article 7.1.3.

See Wu Jiangyu, "Construction of Legal Framework for Financial Data Regulation in the Context of Fintech," in Southwest Finance, vol.11, pp. 80,76-85,2020.

See Han Long, “Frontier Issues in International Financial Law”, Tsinghua University Press, pp. 54, 2010.

See the Cyberspace Administration of China, Measures for the Assessment of Data Exit Safety: "When providing data abroad, the data processor shall report the data exit safety assessment to the national network information department through the local provincial network information department", 2022, Article 4.

The EU, “General Data Protection Regulation”, 2018, Article 32.

Id.

“U.S.-Korea Free Trade Agreement”, 2017, annex 13,section B of Murray B.

“Euro-Korean Free Trade Agreement”, 2009, Article 7.43.

“United States-Mexico-Canada Agreement: Article 19”, paragraph 11.

“EU-U.S. Data Privacy Framework”, 2023, Article 1.1.

Id.

APEC Cross-Border Privacy Rules System Program Requirements, 35 a). Question 35.c).

The EU, “General data Protection Regulations”, 2018, Article 1, paragraph 1.

APEC Privacy Framework, Description at https://www. apec. org/Publications/2017/08/APEC-Privacy-Framework(2015) which states that the APEC Privacy Framework “aims at promoting electronic commerce throughout the Asia Pacific region, is consistent with the core values of the OECD’s Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data (OECD Guidelines), and reaffirms the value of privacy to individuals and to the information society.

Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 1999, and Grosse v Purvis (2003) QDC 751, Grosse v Purvis (2003) QDC 751.

TRUSTe APEC CBPR Program Requirements Map, page 41 at http://www. cbprs.org/GeneralPages/ APECCBPR System Documents.aspx.

Judgment of the Court of Justice of the EU of 6 October 2015 in Case C-362/14, Maximillian Schrems v Data Protection Commissioner, points 73, 74 and 96.

See Zhang Jiuzhen: Research on the Self-discipline Mechanism of Network Information Dissemination, Bibliographic Literature Publishing House, pp.35, 2005.

See Guo Ziyi: “Regulation of cross-border flow of financial data from the perspective of national security”, Seeking Truth from Facts, vol.03, pp. 63, 60-66, 2021.

“EU-U.S. Data Privacy Framework”, 2023, Articles 1.1 and 3.3.

“EU-US Framework for Protecting Cross-Border Data Flows”: 1.3.11(a)-(c): Individuals should be encouraged to raise any complaints they may have with the organization before resorting to an independent complaints mechanism. This can take different forms, but must meet the requirements of the principles on recourse, enforcement, and liability. An organization meets the requirements by: (i) complying with a privacy program developed by the private sector that incorporates the principles into its rules and includes an effective enforcement mechanism of the type described in the principles on recourse, enforcement, and liability; (ii) complying with a legal or regulatory supervisory body that provides for the handling of individual complaints and dispute resolution; or (iii) committing to cooperate with a DPA or its authorized representative located in the EU.

See Guo Zi, “Regulation of cross-border flow of financial data from the perspective of national security”. Seeking truth from facts, vol.03, pp. 63,60-66, 2021.

See Constance Z. Wagner, “Evolving Norms of Corporate Social Responsibility: Lessons Learned from the European Union Directive on NonFinancial Reporting”, 19 TENN. J. BUS. L. 619, 669 ,2018.

Article 41 (2) of the EU General Data Protection Regulation: In order to be recognized, the institution must show: (a) to prove its "independence and expertise in the subject matter of the code to the satisfaction of the competent supervisory authority"; (b) "Procedures have been established to enable it to assess the qualifications of relevant controllers and handlers in applying the Code, monitor their compliance with the Code and regularly review their operation"; (c) "Procedures and structures have been established to handle complaints about violations of the Code, or the manner in which the Code has been or is being implemented by the controller or processor, and these procedures and structures are transparent to the data subjects and the public"; And (d) "to prove to the competent supervisory authority that its tasks and responsibilities will not lead to conflicts of interest".

See Zheng Dinghao, “On the Collaborative Governance of Financial Data in China”, Economist, ,vol.12, no.12, pp.76-85, 2022.

See You Yiting, “The dilemma of regulating the cross-border flow of personal financial data and China's countermeasures”, Yantai University, 2023.

René M. Stulz, Rethinking risk management, pp.1-22, 1996.

Andrew W. Lo, “The Adaptive Markets Hypothesis: Market Efficiency from an Evolutionary Perspective”, pp.1-31, 2004.

W. Gregory Voss, “Cross-Border Data Flows, the GDPR, and Data Governance”, Washington International Law Journal, vol.29, no.3, pp.485-532 ,2020.

Donald MacKenzie, Yuval Millo, constructing a Market, Performing Theory: The Historical Sociology of a Financial Derivatives Exchange, American Journal of Sociology, Vol. 109, No.1, pp.107–145, 2003.

Office of Privacy and Open Government, SAFEGUARDING INFORMATION, Arrival at: https://www. osec.doc. gov/ opog / privacy/PII_BII.html, 2021.

Andrew W. Lo, The Adaptive Markets Hypothesis: Market Efficiency from an Evolutionary Perspective, pp.1-31, 2004.

W. Gregory Voss, “Cross-Border Data Flows, the GDPR, and Data Governance”, Washington International Law Journal, vol.29, no.3, 485-532, Available at: https://digitalcommons. law. uw. edu/ wilj/vol29/iss3/7, 2020.

Donald MacKenzie, Yuval Millo, “Constructing a Market, Performing Theory: The Historical Sociology of a Financial Derivatives Exchange”, American Journal of Sociology, Vol.109, No.1, pp.107–145,2003.

Shao Xun. “Debate on liberalization and localization of cross-border data flow regulation”, Series on Politics and Law, vol.5, pp.139-148, 2023.

Yin Fei, Li Dong, “On the adaptive construction of data-carrying right in China”, Journal of Guizhou normal University (Social Science Edition), vol.5, pp.103-113, 2023.

Wang Ting, “Current situation and countermeasures of cross-border financial data flow mechanism in China”, Foreign Trade and Economic Cooperation, vol.11, pp.74-77+105, 2022.

Guo Dexiang, Li Xiaoyu, “Legal protection of cross-border flow of personal financial data in China”, Journal of henan university of economics and law, vol.37, no.06, pp.80-88, 2022.

Zhuo Zihan, Wang Yinan, Quan Wanqing, etc, “The promotion and regulation path of cross-border flow of personal financial information in China”, Information Security Research, vol.8, no.09, pp.931-938, 2022.

Pendray, Zhang Zilin, “Research on the risk and regulation of cross-border flow of financial data in the digital age”, International Business Research, vo.13, no.1, pp.14-25, 2022.

Lin Jie, Tian Chen, “Research on the regulation of cross-border flow of personal financial data [J]. Journal of Shanghai University (Social Science Edition)”, vol.38, no.06, pp.95-107, 2021.

Luo Wenhua, “Procedural and substantive supervision of cross-border data flow based on life cycle”, Journal of China University of Political Science and Law, vol.05, pp.142-154, 2021.

Huang Xianqing, “Construction Path of Supervision Rules for Cross-border Flow of Data in China under the Background of Digital Trade “, Southwest Finance, vol.08, pp.74-84,2021.

Li Mengyu, “Characteristics and Enlightenment of Data Governance in International Financial Industry”, Tsinghua Financial Review, 2021(05):35-38.

Tian Xiangyu, “Special Regulation of Cross-border Flow of Financial Data”, Hainan Finance, vol.04, pp.51-58+87, 2021.

Chen Zhi, “The practice of cross-border data flow in Asian countries and its enlightenment to China”, Beijing Financial Review, v01):55-61.

Ma Lan, “The Core Issues of Cross-border Flow Regulation of Financial Data and China's Response”, International Law Studies, vol.3, pp.82-101, 2020.

Wang Yuanzh, “Legal regulation of cross-border flow of financial data of banks in China”, Research on financial supervision, vol.1, pp.51-65, 2020.

Li Wei, “Thoughts and Suggestions on the Construction of Cross-border Flow Rules of Financial Data in China”, China Banking, vol.1, pp.41-44, 2020.

Liu Shaoxin, “Cross-border flow of personal data under the background of globalization”, China Finance, vol.23, pp.68-70, 2019.

Zhang Jihong, “Legal Protection of Financial Information in the Age of Big Data”, Law Press, 1st Edition, September, 2019.

Huang Chunlin, "Internet and Data Legal Practice - Legal Application and Compliance Implementation", People's Court Press, 1st edition, December 2019.

Yao Xu, "EU Cross-Border Data Flow Governance: Balancing Free Flow and Regulatory Protection", Shanghai People's Publishing House, 1st edition, December 2019.

Li Yi, Zhang Juan, "Research on the Legal Protection System of Private Information under Big Data", Jilin University Press, 1st edition, January 2019.

Chi Jianxin, International Comparative Study of Personal Information Protection Policies, Southeast University Press, 2nd edition, January 2022.

Zhang Ning, Research on the Construction of Personal Information Protection System in the Big Data Era, Economic Science Press, 1st edition, October 2021.

Sun Dengke, "Research on the Legal Application of Cross-border Protection of Personal Data", Liaoning University Press Co., Ltd., 1st edition, November 2020.

Liu Xinyu, Data Protection Compliance Guidelines and Rules Analysis, China Legal Publishing House, 1st edition, August 2020.

Liu Hong, "Research on Data Protection Law in the Big Data Era", China University of Political Science and Law Press, 1st edition, October 2018.

Huang Zhixiong, The Legal Logic of Data Governance, Wuhan University Press, 1st edition, December 2021.