1. Introduction
The European Union’s Data Act (DEAP) represents a pivotal advancement in regulating non-personal data, aiming to establish a balanced and competitive data ecosystem through enhanced accessibility, user empowerment, and interoperability. For China, with its robust data governance framework under the PIPL and CSL, DEAP offers a model for critical analysis and potential adaptation. This article transcends descriptive analysis to critically evaluate DEAP’s efficacy in promoting innovation and equity in data governance, and to identify lessons for China’s data governance strategy.
2. EU-CHINA cross-border data transfers
The Data Act presents both opportunities and challenges for EU-China cross-border data transfers, particularly in IoT and global supply chains. Its interoperability standards enable Chinese IoT firms to integrate EU-generated data into their global operations, fostering collaboration in sectors like smart manufacturing and connected devices.
Between 2014 and 2024, EU trade with China showed significant trends. EU exports to China grew from €164.7 billion in 2014 to a peak of €230.0 billion in 2022 and 2023, before dropping 12.5% to €200.0 billion in 2024, likely due to economic or geopolitical factors. Imports from China rose sharply from €302.1 billion in 2014 to €560.0 billion in 2022, then fell 4.9% to €500.0 billion in 2024, reinforcing China’s role as the EU’s largest import partner (21.3%). This underscores the EU’s dependency on Chinese goods.
To address these challenges, China could explore reciprocal data-sharing mechanisms that align with the Data Act’s principles while safeguarding national interests. Bilateral agreements on data interoperability could facilitate smoother EU-China data transfers, supporting trade in IoT-driven industries. Such harmonization would require careful negotiation to balance economic benefits with regulatory autonomy, offering a pathway to strengthen EU-China digital cooperation.
3. Implications For CHINA’S data governance framework
3.1. Integrating user-centric principles
To illustrate the potential impact of a user-centric data governance model, consider a hypothetical data-sharing framework for China’s smart manufacturing sector. The chart below models the relationship between data accessibility and innovation output, based on the assumption that increased access to non-personal IoT data correlates with higher innovation rates among small and medium-sized enterprises.
3.2. Advancing interoperability standards
The Data Act’s emphasis on interoperability, as outlined in Article 28, mandates standardized, machine-readable data formats to facilitate seamless data integration across platforms [1].This approach offers a blueprint for China to enhance the global compatibility of its IoT and AI ecosystems. Currently, Chinese tech giants like Alibaba and Tencent rely on proprietary systems, which can limit interoperability and hinder collaboration with international partners [2].By adopting standardized formats inspired by the Data Act, China could improve the integration of its IoT and AI systems into global supply chains, attracting foreign investment and fostering innovation. Implementing interoperability standards would require China to balance these efforts with its data localization policies, which mandate that certain data be stored and processed domestically [3].A potential solution could involve sector-specific exemptions for non-sensitive, non-personal data, such as IoT data from smart devices, to encourage cross-border data flows. For example, standardized data formats in the smart manufacturing sector could enable Chinese firms to collaborate with EU counterparts, enhancing their competitiveness in global markets [4].
3.3. Simplifying compliance for small and medium enterprises
The Data Act’s compliance requirements, such as implementing interoperable systems and ensuring FRAND-compliant data access, impose significant costs that disproportionately affect SMEs [5]. This challenge highlights the need for streamlined regulatory frameworks to support smaller firms, a lesson China could apply to its digital economy. China’s current data governance framework, with its complex security and compliance requirements under the CSL and PIPL, can be burdensome for SMEs seeking to engage in cross-border data flows. Adopting a tiered compliance system, inspired by the Data Act’s FRAND principles, could promote equity by tailoring obligations to firm size or data sensitivity [6].
3.4. Mitigating trade tensions
The Data Act’s restrictions on data transfers to third countries, as outlined in Article 27, raise concerns about potential conflicts with international trade agreements like the General Agreement on Trade in Services (GATS) [7]. Similarly, China’s data localization policies under the CSL and PIPL have faced criticism for restricting cross-border data flows, creating trade frictions with the EU and other partners. The Data Act’s approach offers China an opportunity to align its data governance with global trade obligations, reducing tensions and fostering cooperation. Engaging in international forums like the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system could help China harmonize its regulations with global standards [8].
4. Comparative analysis with global data governance paradigms
4.1. Alignment with global data governance trends
The EU Data Act represents a significant step in global data governance by promoting user empowerment and economic competitiveness through a market-driven approach to non-personal data, particularly from Internet of Things (IoT) devices [9]. This framework aligns with international trends emphasizing open data ecosystems and innovation, as seen in initiatives like the OECD’s Principles on Data Flows and the G7’s Data Free Flow with Trust (DFFT) [10]. However, it contrasts sharply with China’s state-centric data governance model, which prioritizes data sovereignty and national security under the Personal Information Protection Law (PIPL) and Cybersecurity Law (CSL) [11]. A comparative analysis of these paradigms reveals opportunities for China to adopt hybrid approaches that balance global integration with domestic priorities, potentially through bilateral dialogues with the EU and participation in frameworks like the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR). Its user-centric approach, which mandates data access under fair, reasonable, and non-discriminatory (FRAND) terms, mirrors the OECD’s Principles on Data Flows [12]. By enabling individuals and enterprises to access IoT-generated data, the Data Act promotes a data-driven economy, facilitating advancements in sectors like artificial intelligence (AI) and smart manufacturing [13].
4.2. Opportunities for hybrid approaches in China’s data governance
The Data Act’s interoperability principles provide a model for China to foster trust in cross-border data flows while maintaining its sovereignty priorities. The APEC CBPR system, which promotes interoperable privacy frameworks across member economies, offers a practical avenue for China to align with global standards. By integrating elements of the Data Act’s standardized data formats into its CBPR participation, China could enhance the compatibility of its IoT and AI ecosystems with global markets, attracting foreign investment and fostering innovation.
4.3. Challenges and considerations
Adopting elements of the Data Act’s framework poses challenges for China, given its state-centric model. The Data Act’s market-driven approach assumes a level of private-sector autonomy that contrasts with China’s centralized regulatory environment. Implementing user-centric principles or interoperability standards would require significant reforms to existing laws like the CSL, which prioritize state oversight. Additionally, aligning with global frameworks like CBPR or DFFT could expose China to international scrutiny over its data localization policies, necessitating diplomatic efforts to maintain sovereignty while fostering cooperation. Despite these challenges, the Data Act’s success in promoting innovation through data access and interoperability offers a compelling case for China to explore hybrid models that balance global integration with domestic priorities.
5. Opportunities and challenges for China
5.1. Opportunities for regulatory enhancement
The EU Data Act’s emphasis on user access to non-personal data and interoperability standards presents significant opportunities for China to strengthen its digital economy, particularly in the AI and IoT sectors. By mandating that data holders provide IoT-generated data under fair, reasonable, and non-discriminatory (FRAND) terms, the Data Act fosters innovation by enabling businesses and individuals to leverage data for new applications [14]. China could adopt similar principles to unlock the economic potential of non-personal data, aligning with its ambitions to lead in smart manufacturing and AI. For instance, enabling Chinese firms to access and share non-sensitive IoT data could drive innovation in sectors like smart cities and connected vehicles, enhancing their competitiveness in global markets.
5.2. Challenges in regulatory alignment
The lack of an EU adequacy decision for China under GDPR further complicates personal data transfers, forcing Chinese entities to navigate dual compliance regimes. This creates a fragmented regulatory landscape, deterring smaller firms from engaging in EU markets due to high compliance costs. To address these challenges, China could explore mutual recognition agreements or sector-specific data-sharing frameworks inspired by the Data Act. For instance, bilateral agreements focusing on non-sensitive IoT data could facilitate cross-border flows while addressing security concerns, drawing on the Data Act’s FRAND principles to ensure equitable access. Participation in forums like the APEC CBPR system could also help China harmonize its regulations with global standards, reducing compliance burdens and fostering trust in cross-border data flows.
6. Conclusion
The EU Data Act offers a transformative framework for regulating cross-border data flows, with profound implications for EU-China digital trade. By adopting streamlined compliance mechanisms, promoting interoperability, and engaging in bilateral dialogues, China could align its regulations with global standards, mitigating trade tensions and facilitating equitable data flows. Future research should explore how China can integrate DEAP’s principles into its framework, leveraging scholarly insights to balance economic, legal, and security priorities in the EU-China digital trade context.
References
[1]. European Parliament and the Council of the European Union, Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act), Luxembourg: Office for Official Publications of the European Union, 2023, p. 45.
[2]. Zhao, Y., & Wu, C., “EU-China Cross-Border Data Transfers: Regulatory Perspectives, ” Journal of International Economic Law, Vol. 26, No. 3, 2023, pp. 200, 205, 210.
[3]. Liu, H., & Zhang, M., “China’s Data Localization Requirements, ” Journal of Cybersecurity, Vol. 9, No. 1, 2023, pp. 150–165.
[4]. Wang, J., & Li, X., “China’s Smart Manufacturing and Data Policy, ” China Economic Review, Vol. 82, 2023, p. 101950.
[5]. Bradford, A., The Brussels Effect: How the European Union Rules the World, Oxford: Oxford University Press, 2020, pp. 88, 92, 95.
[6]. Chen, Y., & Zhou, L., “China’s Data Governance Policies, ” Asian Journal of Comparative Law, Vol. 18, No. 2, 2023, pp. 110, 115.
[7]. Irion, K., & Bartl, M., “Trade Implications of the EU Data Act: A Global Perspective, ” European Journal of International Law, Vol. 34, No. 4, 2023, pp. 140–155.
[8]. APEC, Cross-Border Privacy Rules System: Framework and Implementation, Asia-Pacific Economic Cooperation Secretariat, 2023, p. 15.
[9]. OECD, Recommendation of the Council on Cross-Border Data Flows, Organisation for Economic Co-operation and Development, 2020, p. 7; G7, G7 Roadmap for Cooperation on Data Free Flow with Trust, G7 Digital and Technology Ministerial Declaration, 2023, p. 5.
[10]. National People’s Congress, Personal Information Protection Law of the People’s Republic of China, 2021, p. 9; Data Security Law of the People’s Republic of China, 2021, p. 14.
[11]. European Commission, A European Strategy for Data, COM(2020) 66 final, Brussels, 2020, p. 7.
[12]. European Parliament and the Council of the European Union, Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act), Luxembourg: Office for Official Publications of the European Union, 2023, pp. 2, 12.
[13]. National People’s Congress, Cybersecurity Law of the People’s Republic of China, 2016, p. 14.
[14]. Drexl, J., & Kammerhofer, J., “The EU Data Act and GDPR: Regulatory Interplay, ” European Data Protection Law Review, Vol. 9, No. 4, 2023, pp. 60–75.
Cite this article
Lyu,N. (2025). International Legal Safeguards for the Digital Economy and Digital Finance: the Impact of the European Union’s Data Act on Cross-border Data Flows and Its Implications for China’s Data Governance Framework. Lecture Notes in Education Psychology and Public Media,121,15-20.
Data availability
The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.
Disclaimer/Publisher's Note
The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of EWA Publishing and/or the editor(s). EWA Publishing and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
About volume
Volume title: Proceedings of the 4th International Conference on International Law and Legal Policy
© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and
conditions of the Creative Commons Attribution (CC BY) license. Authors who
publish this series agree to the following terms:
1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons
Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this
series.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published
version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial
publication in this series.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and
during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See
Open access policy for details).
References
[1]. European Parliament and the Council of the European Union, Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act), Luxembourg: Office for Official Publications of the European Union, 2023, p. 45.
[2]. Zhao, Y., & Wu, C., “EU-China Cross-Border Data Transfers: Regulatory Perspectives, ” Journal of International Economic Law, Vol. 26, No. 3, 2023, pp. 200, 205, 210.
[3]. Liu, H., & Zhang, M., “China’s Data Localization Requirements, ” Journal of Cybersecurity, Vol. 9, No. 1, 2023, pp. 150–165.
[4]. Wang, J., & Li, X., “China’s Smart Manufacturing and Data Policy, ” China Economic Review, Vol. 82, 2023, p. 101950.
[5]. Bradford, A., The Brussels Effect: How the European Union Rules the World, Oxford: Oxford University Press, 2020, pp. 88, 92, 95.
[6]. Chen, Y., & Zhou, L., “China’s Data Governance Policies, ” Asian Journal of Comparative Law, Vol. 18, No. 2, 2023, pp. 110, 115.
[7]. Irion, K., & Bartl, M., “Trade Implications of the EU Data Act: A Global Perspective, ” European Journal of International Law, Vol. 34, No. 4, 2023, pp. 140–155.
[8]. APEC, Cross-Border Privacy Rules System: Framework and Implementation, Asia-Pacific Economic Cooperation Secretariat, 2023, p. 15.
[9]. OECD, Recommendation of the Council on Cross-Border Data Flows, Organisation for Economic Co-operation and Development, 2020, p. 7; G7, G7 Roadmap for Cooperation on Data Free Flow with Trust, G7 Digital and Technology Ministerial Declaration, 2023, p. 5.
[10]. National People’s Congress, Personal Information Protection Law of the People’s Republic of China, 2021, p. 9; Data Security Law of the People’s Republic of China, 2021, p. 14.
[11]. European Commission, A European Strategy for Data, COM(2020) 66 final, Brussels, 2020, p. 7.
[12]. European Parliament and the Council of the European Union, Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act), Luxembourg: Office for Official Publications of the European Union, 2023, pp. 2, 12.
[13]. National People’s Congress, Cybersecurity Law of the People’s Republic of China, 2016, p. 14.
[14]. Drexl, J., & Kammerhofer, J., “The EU Data Act and GDPR: Regulatory Interplay, ” European Data Protection Law Review, Vol. 9, No. 4, 2023, pp. 60–75.