Introducing Regulatory Intermediaries to the Cross-Border Data Transfer Regime in China
摘要
This article clarifies a common misunderstanding of China’s cross-border data transfer (CBDF) framework: the assumption that it creates an “impossible triangle” between security, privacy, and efficiency. We argue that China adopts a hybrid approach, prioritizing national security due to demographic scale, distinct political philosophy, and the complex geopolitical environment. Within this framework, the balance between privacy and efficiency is based on data volume, sensitivity, and the processor’s status. We find the main challenge of China’s CBDF framework lies in implementation rather than design. To address this, we propose the regulator–intermediary–target (RIT) model. Unlike collaborative governance, the RIT model aligns with China’s institutional context by leveraging intermediaries to enhance enforcement without requiring non-state actors’ policymaking participation. We illustrate this through industry associations, technical institutions, and data exchanges, demonstrating how they bridge the gap between abstract regulations and market realities to strengthen China’s CBDF governance.