2025, Volume 1, Issue 7
473
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
O iginal A icle: Cybe secu i y Laws and he Regula ion o
C oss-Bo de Da a Flows
Saman Mo adipoo
PhD s uden in p i a e law, Islamic Azad Uni e si y, Cen al Teh an B anch, Teh an, I an
Use yo de ice o scan and ead he
a icle online
Ci a ion S Mo adipoo , Cybe secu i y Laws and he Regula ion o C oss-Bo de Da a Flows, AJMHSS, 2025;
1(7): 473-486.
A icle in o:
Recei ed: 18.06.2025
Accep ed: 30.07.2025
Checked o Plagia ism: Yes
Keywo ds:
Cybe secu i y Law, C oss-
Bo de Da a Flow, GDPR, Da a
So e eign y, In e na ional
Regula ion, Digi al
Go e nance.
A B S T R A C T
The exponen ial g ow h o digi al echnologies and global connec i i y has
p o oundly ans o med he way pe sonal, co po a e, and go e nmen al da a a e
gene a ed, ansmi ed, and s o ed. In his in e connec ed en i onmen ,
cybe secu i y has eme ged as one o he mos c i ical challenges acing bo h
na ional au ho i ies and in e na ional egula o s. The inc easing eliance on
cloud compu ing, a i icial in elligence, and da a analy ics has in ensi ied he
low o in o ma ion ac oss bo de s, aising complex ques ions conce ning da a
so e eign y, p i acy p o ec ion, and ju isdic ional au ho i y. This pape
examines he e ol ing landscape o cybe secu i y laws and he egula ion o
c oss-bo de da a lows, wi h pa icula emphasis on he in e play be ween
na ional in e es s, in e na ional no ms, and global ade. I e iews majo legal
amewo ks—including he Eu opean Union’s Gene al Da a P o ec ion
Regula ion (GDPR), he U.S. CLOUD Ac , and da a go e nance models in
China and eme ging economies—and analyzes how hese sys ems shape he
ansna ional go e nance o digi al in o ma ion. The s udy also explo es he
ensions be ween p i acy igh s and s a e secu i y impe a i es, e hical
implica ions o da a localiza ion, and he p ospec s o global ha moniza ion o
cybe secu i y no ms. By in eg a ing legal analysis, policy compa ison, and
heo e ical pe spec i es on digi al so e eign y, his pape con ibu es o ongoing
academic deba es abou how o secu e cybe space while p ese ing openness,
inno a ion, and human igh s.
In oduc ion
n he wen y- i s cen u y, he wo ld’s
economic, poli ical, and social in as uc u es
ha e become inc easingly dependen on digi al
sys ems ha anscend na ional bounda ies.
Da a has eme ged as a s a egic asse
compa able o oil and capi al [1], unde pinning
global ade, echnological inno a ion, and na ional
secu i y. The ee and apid mo emen o da a ac oss
ju isdic ions—commonly e e ed o as c oss-bo de
da a low—enables digi al comme ce, cloud-based
se ices, and eal- ime communica ion on a plane a y
scale [2]. Howe e , his in e connec i i y has also
in oduced p o ound egula o y and secu i y
challenges, as in o ma ion gene a ed in one coun y
may be p ocessed, s o ed, o exploi ed in ano he unde
as ly di e en legal egimes. In esponse,
go e nmen s and in e na ional o ganiza ions ha e
sough o de elop cybe secu i y laws and da a
p o ec ion amewo ks ha econcile he compe ing
demands o p i acy, so e eign y, and economic
g ow h.
I
*Co esponding Au ho : Saman Mo adipoo (Email: Sama[email p o ec ed]m)
474
2025, Volume 1, Issue 7
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
Cybe secu i y, in i s b oades sense, encompasses he
p o ec ion o digi al sys ems and in o ma ion om
unau ho ized access, manipula ion, o des uc ion. I is
bo h a echnical and legal concep , g ounded in he
ecogni ion ha digi al in as uc u e cons i u es a
c i ical componen o na ional esilience and
in e na ional s abili y. Ye , he global na u e o
cybe space complica es adi ional no ions o
ju isdic ion and go e nance. Unlike physical bo de s,
cybe space is luid and decen alized, allowing
ac o s—including co po a ions, indi iduals, and
s a es— o in e ac in eal ime wi hou ega d o
geog aphy. This has o ced policymake s o e hink
how legal au ho i y can be e ec i ely exe cised in a
bo de less en i onmen [3].
The egula ion o c oss-bo de da a lows lies a he
in e sec ion o cybe secu i y, ade, and human igh s
law. On one hand, un es ic ed da a mo emen is
essen ial o digi al inno a ion, economic in eg a ion,
and scien i ic collabo a ion. On he o he , i aises
legi ima e conce ns abou he misuse o pe sonal da a,
cybe espionage, and he e osion o na ional con ol
o e in o ma ion esou ces. These ensions ha e
p oduced a agmen ed global egula o y en i onmen
in which di e gen na ional laws o en collide. Fo
example, he Eu opean Union’s Gene al Da a
P o ec ion Regula ion (GDPR) emphasizes p i acy and
indi idual igh s, while he Uni ed S a es p io i izes
na ional secu i y and inno a ion h ough mo e sec o al
and less es ic i e mechanisms. Meanwhile, China’s
Cybe secu i y Law and Da a Secu i y Law asse s ong
s a e o e sigh and da a localiza ion manda es,
illus a ing a so e eign y-cen e ed model o digi al
go e nance.
Unde s anding he in e play be ween hese di e se
legal sys ems is c ucial o g asping he u u e
ajec o y o global da a go e nance. The cen al
ques ion d i ing his s udy is: How can cybe secu i y
laws e ec i ely egula e c oss-bo de da a lows while
main aining he balance be ween p i acy, secu i y, and
economic openness? To add ess his ques ion, he pape
adop s a compa a i e legal and policy-o ien ed
app oach, analyzing how majo ju isdic ions
concep ualize cybe secu i y and manage in e na ional
da a ans e s. I also examines he ole o mul ila e al
ins i u ions, such as he Uni ed Na ions, he
O ganisa ion o Economic Co-ope a ion and
De elopmen (OECD), and he Wo ld T ade
O ganiza ion (WTO), in p omo ing cohe en s anda ds
o da a p o ec ion and cybe esilience [4].
The impo ance o his inqui y ex ends beyond legal
schola ship. In an e a ma ked by cybe a acks,
misin o ma ion campaigns, and geopoli ical i al ies,
he go e nance o digi al da a has become a de ining
issue o in e na ional ela ions. Na ions inc easingly
iew con ol o e da a as in eg al o so e eign y,
economic compe i i eness, and social s abili y. The
eme gence o “digi al so e eign y” discou ses e lec s
his shi , highligh ing he ension be ween global
connec i i y and na ional sel -de e mina ion. A he
same ime, ansna ional co po a ions such as Google,
Amazon, and Tencen wield unp eceden ed in luence
o e da a in as uc u es, o en exceeding he
egula o y each o indi idual s a es. Consequen ly,
cybe secu i y law has e ol ed in o a hyb id domain ha
b idges public in e na ional law, p i a e egula ion, and
echnical s anda d-se ing.
This pape is s uc u ed as ollows. The nex sec ion
p o ides a comp ehensi e e iew o he li e a u e on
cybe secu i y and c oss-bo de da a egula ion,
mapping he e olu ion o legal heo ies and amewo ks
in his a ea. The hi d sec ion analyzes majo na ional
and egional legal egimes, compa ing hei app oaches
o da a p o ec ion, so e eign y, and en o cemen . The
ou h sec ion discusses he no ma i e and e hical
challenges ha a ise when balancing secu i y and
p i acy in cybe space. Finally, he pape concludes
wi h ecommenda ions o enhancing in e na ional
coope a ion and de eloping ha monized global
s anda ds o cybe secu i y and c oss-bo de da a
go e nance.
Th ough his mul i-dimensional analysis, he s udy
seeks o cla i y how exis ing laws bo h enable and
cons ain he global da a economy, and o p opose
pa hways owa d a mo e secu e, ai , and in e ope able
digi al o de [5].
Li e a u e Re iew
The g owing in e dependence o digi al economies has
b ough cybe secu i y and da a go e nance o he
o e on o in e na ional legal schola ship. The
li e a u e on cybe secu i y law and c oss-bo de da a
lows can be di ided in o se e al s ands: (1) s udies
explo ing he e olu ion o global cybe secu i y no ms,
(2) compa a i e analyses o na ional and egional da a
p o ec ion egimes, (3) examina ions o in e na ional
coope a ion and con lic in cybe space, and (4)
heo e ical app oaches linking da a so e eign y, human
igh s, and digi al ade. Toge he , hese pe spec i es
475
2025, Volume 1, Issue 7
ue 6
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
highligh he ension be ween he global na u e o he
in e ne and he e i o ial logic o law.
E olu ion o Cybe secu i y and Da a Go e nance
F amewo ks
Ea ly discussions o cybe secu i y law eme ged in he
1990s, coinciding wi h he expansion o he in e ne and
e-comme ce. Schola s such as Denning (1999) and
Lessig (2006) emphasized ha cybe space equi es
unique egula o y mechanisms dis inc om adi ional
e i o ial law. As digi al in e connec i i y deepened,
go e nmen s began o ecognize cybe secu i y as an
issue o na ional secu i y, leading o he p oli e a ion o
legal amewo ks aimed a p o ec ing c i ical
in as uc u e and pe sonal da a. The Tallinn Manual
(Schmi , 2013) ep esen ed one o he i s
comp ehensi e a emp s o a icula e how exis ing
in e na ional law applies o cybe ope a ions,
emphasizing he p inciples o so e eign y, non-
in e en ion, and due diligence.
The concep o da a go e nance soon became cen al o
hese deba es. Acco ding o G eenlea (2019), da a
go e nance encompasses he laws, policies, and
echnical measu es ha de e mine how da a is
collec ed, s o ed, ans e ed, and used. While
cybe secu i y ocuses on p o ec ing sys ems om
malicious a acks, da a go e nance add esses he
b oade issue o how digi al in o ma ion is managed
wi hin and ac oss bo de s. Schola s such as Byg a e
(2014) and Kune (2020) ha e a gued ha he ise o
da a-d i en economies has blu ed he dis inc ion
be ween secu i y, p i acy, and ade egula ion,
equi ing a holis ic legal app oach ha in eg a es hese
dimensions [6].
The Gene al Da a P o ec ion Regula ion (GDPR)
and he Eu opean Pa adigm
The Eu opean Union’s Gene al Da a P o ec ion
Regula ion (GDPR), which came in o o ce in 2018,
has become a global benchma k o da a p o ec ion. I
in oduces s ic equi emen s o p ocessing pe sonal
da a, manda es explici consen , and g an s indi iduals
signi ican con ol o e hei in o ma ion. Impo an ly,
he GDPR has ex a e i o ial each, applying o en i ies
ou side he EU ha p ocess da a o EU esiden s. This
ea u e has spa ked ex ensi e deba e abou he
legi imacy o unila e al egula o y p ojec ion in
cybe space [7].
Schola s such as S an esson (2020) ha e no ed ha he
GDPR ep esen s an asse ion o “Eu opean digi al
so e eign y,” seeking o ex end EU alues o p i acy
and human digni y in o global da a go e nance. C i ics,
howe e , a gue ha such ex a e i o iali y may con lic
wi h o he ju isdic ions’ domes ic laws and c ea e
compliance bu dens o in e na ional businesses. The
GDPR also in oduces mechanisms o c oss-bo de
da a ans e s, including adequacy decisions, s anda d
con ac ual clauses (SCCs), and binding co po a e ules
(BCRs). Despi e hese mechanisms, legal unce ain y
pe sis s, especially ollowing he Cou o Jus ice o he
Eu opean Union’s (CJEU) decision in Sch ems II
(2020), which in alida ed he EU–U.S. P i acy Shield
due o inadequa e p o ec ions agains U.S. su eillance
p ac ices.
U.S. Cybe secu i y and Da a Regula ion
In con as o he EU’s igh s-based app oach, he
Uni ed S a es adop s a sec o al and ma ke -d i en
model o da a go e nance. Fede al laws such as he
Compu e F aud and Abuse Ac (CFAA) and he
Elec onic Communica ions P i acy Ac (ECPA)
add ess speci ic cybe secu i y h ea s bu do no
p o ide a uni ied amewo k o da a p o ec ion. The
U.S. also emphasizes olun a y public–p i a e
pa ne ships and isk managemen s a egies a he han
p esc ip i e egula ion [8].
The CLOUD Ac (2018) u he illus a es he U.S.
go e nmen ’s asse ion o ex a e i o ial au ho i y,
equi ing Ame ican companies o p o ide da a s o ed
o e seas when eques ed by law en o cemen . This has
aised conce ns abou con lic s o law and he e osion
o o he na ions’ so e eign y. Schola s such as Woods
(2021) a gue ha he CLOUD Ac exempli ies a
“unila e alis u n” in U.S. digi al policy, whe e
cybe secu i y and na ional secu i y conce ns o e ide
in e na ional coope a ion. Ne e heless, he U.S.
emains a key playe in p omo ing cybe secu i y no ms
h ough ini ia i es such as he Cybe secu i y and
In as uc u e Secu i y Agency (CISA) and he
Na ional Ins i u e o S anda ds and Technology (NIST)
amewo ks, which in luence global bes p ac ices [9].
China’s Cybe secu i y and Da a So e eign y Model
China’s app oach o cybe secu i y law is g ounded in
he concep o cybe so e eign y, which asse s he
s a e’s igh o egula e and con ol digi al ac i i y
wi hin i s bo de s. The Cybe secu i y Law (2017), Da a
Secu i y Law (2021), and Pe sonal In o ma ion
P o ec ion Law (PIPL, 2021) es ablish a
comp ehensi e egula o y sys em go e ning bo h
476
2025, Volume 1, Issue 7
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
domes ic and c oss-bo de da a handling. These laws
equi e companies o s o e c i ical da a wi hin China
and unde go secu i y assessmen s be o e ans e ing
in o ma ion ab oad [9].
Acco ding o C eeme s (2021), China’s da a egime
e lec s a b oade e o o s eng hen s a e capaci y,
ensu e na ional secu i y, and p omo e indigenous
echnological inno a ion. While c i ics iew hese
measu es as p o ec ionis and es ic i e, p oponen s
a gue ha hey a e essen ial o sa egua ding ci izens’
da a agains o eign exploi a ion. The Chinese model
hus ep esen s an al e na i e o Wes e n libe al
amewo ks, emphasizing so e eign y and collec i e
secu i y o e indi idual p i acy. Compa a i e analyses
(Segal, 2020) sugges ha he di e gence be ween he
EU’s human- igh s-based app oach and China’s
so e eign y-based model encapsula es he co e
geopoli ical aul lines in global digi al go e nance.
Eme ging and Hyb id Models
Beyond he dominan U.S.–EU–China iad, nume ous
coun ies a e de eloping hyb id o con ex -speci ic
cybe secu i y laws. Na ions such as India, B azil, and
Sou h Ko ea ha e in oduced legisla ion ha blends
p i acy p o ec ion wi h na ional secu i y objec i es.
The B azilian Gene al Da a P o ec ion Law (LGPD),
o ins ance, mi o s many GDPR p o isions bu o e s
g ea e lexibili y in en o cemen (Doneda & de Lima,
2020). Simila ly, India’s Digi al Pe sonal Da a
P o ec ion Ac (2023) seeks o balance use igh s wi h
s a e con ol, e lec ing ensions inhe en in eme ging
economies ha seek bo h openness and so e eign y.
A he egional le el, o ganiza ions like he A ican
Union (AU) and he Associa ion o Sou heas Asian
Na ions (ASEAN) ha e de eloped cybe s a egies
aimed a ha monizing legal s anda ds and os e ing
c oss-bo de coope a ion. The Malabo Con en ion
(2014), adop ed by he AU, is one o he i s
con inen al ins umen s add essing bo h cybe secu i y
and pe sonal da a p o ec ion. Howe e , i s
implemen a ion emains limi ed due o dispa i ies in
na ional capaci ies and poli ical will [10].
In e na ional No ms and Mul ila e al E o s
E o s o es ablish global cybe secu i y no ms ha e
been pu sued h ough a ious in e na ional o ums. The
Uni ed Na ions G oup o Go e nmen al Expe s
(UNGGE) has played a key ole in a icula ing
p inciples o esponsible s a e beha io in cybe space,
emphasizing non-in e e ence and he applicabili y o
in e na ional law (UN, 2021). Simila ly, he OECD
P i acy Guidelines (upda ed in 2013) p omo e da a
p o ec ion as a co ne s one o us in he digi al
economy. The Budapes Con en ion on Cybe c ime
(2001) emains he only binding in e na ional ea y
add essing cybe c ime, al hough i s scope does no
co e b oade da a go e nance issues. Recen
schola ship (Tikk & Ke unen, 2021) highligh s he
g owing ole o mul ila e al nego ia ions in shaping
cybe secu i y no ms. Howe e , hese p ocesses o en
ace deadlock due o con lic ing na ional in e es s and
di e gen legal philosophies. Fo ins ance, Wes e n
democ acies end o emphasize anspa ency and
human igh s, while au ho i a ian egimes p io i ize
s a e con ol and in o ma ion secu i y. As a esul ,
in e na ional law in cybe space emains agmen ed
and hea ily elian on so -law ins umen s, codes o
conduc , and bila e al ag eemen s [11].
Theo e ical Pe spec i es: Da a So e eign y and
Digi al Cons i u ionalism
The concep o da a so e eign y has eme ged as a
cen al heo e ical amewo k o unde s anding he
egula ion o c oss-bo de da a lows. I e e s o he
idea ha da a gene a ed wi hin a e i o y should be
subjec o he laws and go e nance o ha e i o y
(Cou u e & Toupin, 2019). P oponen s a gue ha da a
so e eign y is essen ial o p o ec ing ci izens om
o eign su eillance and ensu ing economic ai ness,
while c i ics wa n ha i can lead o da a localiza ion
policies ha hinde global inno a ion and
in e ope abili y. A ela ed body o li e a u e on digi al
cons i u ionalism (Celes e, 2019) explo es how
cons i u ional alues such as p i acy, eedom o
exp ession, and due p ocess can be embedded in o he
go e nance o he in e ne . Schola s a gue ha he
digi al en i onmen demands new o ms o
accoun abili y and ins i u ional design ha anscend
na ional bo de s. This heo e ical u n aligns wi h
e o s by he EU and ci il socie y o ganiza ions o
a icula e no ma i e amewo ks o “global digi al
igh s” [12].
Challenges and Gaps in Exis ing Li e a u e
Despi e ex ensi e esea ch, se e al gaps pe sis in he
li e a u e. Fi s , ew s udies sys ema ically in eg a e
cybe secu i y, da a p o ec ion, and ade law in o a
single analy ical amewo k. Second, empi ical
esea ch on he en o cemen and in e ope abili y o
477
2025, Volume 1, Issue 7
ue 6
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
c oss-bo de da a egula ions emains limi ed. Thi d,
he e hical and de elopmen al dimensions o
cybe secu i y—pa icula ly o low- and middle-
income coun ies—a e o en o e looked. Finally, while
schola s ha e p oposed global amewo ks o da a
go e nance, he poli ical easibili y o such ini ia i es
in an e a o ising digi al na ionalism emains unce ain.
In summa y, he exis ing li e a u e p o ides a ich
ounda ion o unde s anding he complex in e play
be ween cybe secu i y laws and c oss-bo de da a
egula ion. Howe e , i also e eals a agmen ed and
con es ed global landscape in which compe ing isions
o digi al o de coexis . Building on hese insigh s, he
nex sec ion o his pape will analyze majo legal
amewo ks and policy app oaches in de ail, compa ing
hei mechanisms o go e ning c oss-bo de da a
lows and main aining cybe secu i y ac oss
ju isdic ions [13].
Legal F amewo ks and Policy Analysis: The global
legal a chi ec u e go e ning cybe secu i y and c oss-
bo de da a lows is cha ac e ized by di e si y, o e lap,
and asymme y. While ce ain egions ha e de eloped
sophis ica ed egula o y egimes, o he s emain in he
ea ly s ages o policy o ma ion. This sec ion p o ides
a compa a i e examina ion o he majo amewo ks
ha shape he in e na ional go e nance o da a lows—
namely, he Eu opean Union’s Gene al Da a P o ec ion
Regula ion (GDPR), he Uni ed S a es’ legal
ins umen s such as he CLOUD Ac , China’s da a
so e eign y laws, and egional o mul ila e al
app oaches unde ins i u ions such as he OECD, WTO,
and UN. By analyzing hei p inciples, en o cemen
mechanisms, and ansna ional e ec s, his sec ion
highligh s bo h con e gence and con lic wi hin he
eme ging global o de o cybe secu i y egula ion.
The Eu opean Union: Ex a e i o ial P o ec ion
and he Logic o Digi al Righ s: The Eu opean Union
(EU) emains he mos in luen ial global ac o in
shaping he legal discou se on c oss-bo de da a
p o ec ion. I s Gene al Da a P o ec ion Regula ion
(GDPR), adop ed in 2018, codi ies a comp ehensi e
igh s-based model emphasizing anspa ency,
accoun abili y, and indi idual consen . Cen al o he
GDPR’s philosophy is he ecogni ion ha p i acy
cons i u es a undamen al human igh , ensh ined in
A icle 8 o he EU Cha e o Fundamen al Righ s.
Acco dingly, da a p o ec ion is no me ely a ma e o
consume wel a e bu a cons i u ional obliga ion o
s a es and co po a ions.
The GDPR’s ex a e i o ial scope—ou lined in A icle
3—ex ends i s applica ion beyond he EU, co e ing all
en i ies ha p ocess pe sonal da a o EU esiden s,
ega dless o hei loca ion. This p o ision e ec i ely
ans o ms he GDPR in o a global s anda d,
compelling mul ina ional co po a ions o align hei
p ac ices wi h Eu opean p i acy no ms (Kune , 2020).
I also es ablishes mechanisms o egula e da a ans e s
o hi d coun ies h ough adequacy decisions, s anda d
con ac ual clauses (SCCs), and binding co po a e ules
(BCRs). These mechanisms aim o ensu e ha pe sonal
da a lea ing he EU enjoys an equi alen le el o
p o ec ion ab oad. Howe e , he GDPR’s
ex a e i o ial en o cemen has gene a ed signi ican
legal and poli ical ension. The Sch ems II judgmen
in alida ed he EU–U.S. P i acy Shield amewo k,
uling ha U.S. su eillance laws ailed o mee EU
s anda ds o p opo ionali y and ed ess. This decision
unde sco es he inhe en con lic be ween Eu opean
da a p o ec ion ideals and U.S. na ional secu i y
impe a i es. While he subsequen EU–U.S. Da a
P i acy F amewo k (2023) seeks o es o e
ansa lan ic da a ans e s, ques ions abou i s
compliance wi h EU law pe sis [14].
Beyond he GDPR, he EU has expanded i s digi al
go e nance oolki h ough ini ia i es such as he
Digi al Se ices Ac (DSA), Digi al Ma ke s Ac
(DMA), and Cybe Resilience Ac (CRA).
Collec i ely, hese ins umen s ein o ce Eu ope’s
aspi a ion o c ea e a “ us ed digi al space” ha
balances openness wi h secu i y. The EU’s app oach
exempli ies a o m o digi al cons i u ionalism,
embedding no ma i e p inciples o anspa ency,
ai ness, and accoun abili y in o he egula ion o
cybe space (Celes e, 2019). Ye , c i ics a gue ha he
EU’s asse i e ex a e i o iali y isks egula o y
agmen a ion and p o ec ionism, pa icula ly when
imposed on de eloping economies lacking compa able
capaci ies.
The Uni ed S a es: Sec o al Regula ion and he
P imacy o Na ional Secu i y
The Uni ed S a es has long app oached cybe secu i y
and da a p o ec ion h ough a sec o al and isk-based
model a he han a comp ehensi e ede al amewo k.
Co e legisla ion includes he Compu e F aud and
Abuse Ac (CFAA, 1986), which c iminalizes
478
2025, Volume 1, Issue 7
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
unau ho ized access o compu e sys ems; he
Elec onic Communica ions P i acy Ac (ECPA,
1986), which go e ns elec onic su eillance; and he
Homeland Secu i y Ac (2002), which ins i u ionalized
he Depa men o Homeland Secu i y (DHS) and i s
cybe secu i y unc ions. Mo e ecen ini ia i es such as
he Cybe secu i y In o ma ion Sha ing Ac (CISA,
2015) encou age collabo a ion be ween go e nmen
and p i a e i ms in epo ing cybe inciden s. A he
egula o y le el, he Na ional Ins i u e o S anda ds and
Technology (NIST) has de eloped olun a y
amewo ks o p omo e cybe isk managemen . The
NIST Cybe secu i y F amewo k (2014, upda ed 2023)
se es as a de ac o global benchma k, o e ing bes
p ac ices o iden i ying, p o ec ing, de ec ing,
esponding o, and eco e ing om cybe h ea s.
Unlike he EU’s p esc ip i e model, he NIST
amewo k elies on lexibili y and ma ke incen i es o
os e compliance [15].
In he domain o c oss-bo de da a lows, he Cla i ying
Law ul O e seas Use o Da a (CLOUD) Ac , 2018)
ma ks a signi ican asse ion o U.S. ex a e i o ial
ju isdic ion. I obliges U.S.-based se ice p o ide s o
disclose da a s o ed on o eign se e s when equi ed
by law ul o de s, while enabling execu i e ag eemen s
wi h o he na ions o ecip ocal access. The CLOUD
Ac has been hailed as a p agma ic esponse o
ju isdic ional con lic s bu c i icized o unde mining
p i acy and so e eign y p o ec ions ab oad.
Mo eo e , he U.S. Fo eign In elligence Su eillance
Ac (FISA), pa icula ly Sec ion 702, pe mi s
su eillance o non-U.S. pe sons ou side he Uni ed
S a es, ueling ongoing dispu es wi h he EU ega ding
ansa lan ic da a ans e s. F om a policy pe spec i e,
he U.S. p io i izes na ional secu i y and inno a ion
o e uni o m p i acy gua an ees, iewing
cybe secu i y p ima ily as a ma e o esilience and
de e ence. This app oach e lec s he b oade
Ame ican adi ion o minimal go e nmen
in e en ion, whe e p i a e-sec o inno a ion d i es
echnological go e nance.
Ne e heless, se e al s a es—mos no ably
Cali o nia—ha e enac ed s ic e p i acy legisla ion.
The Cali o nia Consume P i acy Ac and i s
amendmen , he Cali o nia P i acy Righ s Ac (CPRA,
2023), in oduce GDPR-like p o isions such as da a
access, dele ion, and op -ou igh s. These s a e-le el
ini ia i es signal a g adual shi owa d s onge p i acy
no ms wi hin he agmen ed U.S. legal landscape,
possibly pa ing he way o a u u e ede al p i acy law
[16].
China: Cybe So e eign y and he A chi ec u e o
Digi al Con ol: China’s app oach o cybe secu i y is
unde pinned by he p inciple o cybe so e eign y,
which posi s ha each s a e has he igh o egula e he
in e ne wi hin i s own bo de s. This philosophy is
ins i u ionalized in a iad o laws: he Cybe secu i y
Law (CSL, 2017), he Da a Secu i y Law (DSL, 2021),
and he Pe sonal In o ma ion P o ec ion Law (PIPL,
2021). Collec i ely, hese s a u es c ea e one o he
wo ld’s mos comp ehensi e—and es ic i e—
amewo ks o da a go e nance. The CSL in oduces
obliga ions o ne wo k ope a o s o sa egua d c i ical
in as uc u e and manda es da a localiza ion, equi ing
ha “c i ical in o ma ion in as uc u e ope a o s” s o e
da a domes ically unless au ho ized o ans e i
ab oad. The DSL classi ies da a acco ding o i s
signi icance o na ional secu i y and public in e es s,
imposing s ic con ols on expo o sensi i e da ase s.
Meanwhile, he PIPL es ablishes ules o pe sonal
in o ma ion p o ec ion ha esemble, ye di e om,
he GDPR. While he PIPL includes consen -based
p ocessing and da a subjec igh s, i also g an s he
s a e b oad au ho i y o access and moni o da a o
na ional secu i y pu poses. China’s da a egime
exempli ies a s a e-cen ic model o cybe secu i y law.
I seeks o in eg a e digi al go e nance in o na ional
s a egic objec i es, including economic de elopmen ,
social s abili y, and geopoli ical in luence. The
Cybe secu i y Adminis a ion o China (CAC)
unc ions as he cen al egula o y au ho i y, o e seeing
no only echnical compliance bu also ideological
con en and in o ma ion con ol. This model con as s
sha ply wi h Wes e n libe al amewo ks, emphasizing
collec i e secu i y and so e eign y o e indi idual
au onomy. F om a geopoli ical s andpoin , China’s
policies con ibu e o he phenomenon o da a
localiza ion and echnological decoupling, as o eign
i ms ace ba ie s o c oss-bo de da a ope a ions [17].
The Asia-Paci ic and Eme ging Economies: Hyb id
App oaches
Ou side he U.S.–EU–China axis, many coun ies in he
Asia-Paci ic egion ha e adop ed hyb id legal
amewo ks combining elemen s o p i acy p o ec ion
and na ional secu i y. Fo example, Japan’s Ac on he
P o ec ion o Pe sonal In o ma ion (APPI) aligns
closely wi h he GDPR and has been ecognized by he
479
2025, Volume 1, Issue 7
ue 6
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
EU as p o iding “adequa e” p o ec ion. Sou h Ko ea’s
Pe sonal In o ma ion P o ec ion Ac (PIPA) also
implemen s s ic consen and b each no i ica ion
equi emen s, making i one o he mos ad anced
p i acy egimes in Asia. In con as , India’s Digi al
Pe sonal Da a P o ec ion Ac (2023) balances use
igh s wi h s a e disc e ion. I in oduces p o isions o
law ul su eillance and c oss-bo de da a ans e s
subjec o go e nmen no i ica ion, e lec ing India’s
dual ambi ion o os e ing a digi al economy while
main aining so e eign y. Simila ly, he B azilian
Gene al Da a P o ec ion Law (LGPD), enac ed in 2020,
mi o s GDPR p inciples bu allows mo e lexible
en o cemen mechanisms. Bo h India and B azil
ep esen he Global Sou h’s expe imen a ion wi h da a
go e nance models ha in eg a e economic
p agma ism wi h no ma i e aspi a ions. The A ican
Union’s Con en ion on Cybe Secu i y and Pe sonal
Da a P o ec ion (Malabo Con en ion, 2014) is ano he
signi ican miles one. I es ablishes a legal ounda ion
o membe s a es o comba cybe c ime and p o ec
pe sonal da a, hough implemen a ion emains une en.
Regional o ganiza ions such as ASEAN ha e also
p omo ed c oss-bo de p i acy amewo ks (CBPFs)
designed o ha monize s anda ds and acili a e da a
ans e among membe s a es [18].
Mul ila e al F amewo ks and In e na ional
O ganiza ions: E o s o c ea e a cohesi e
in e na ional egime o cybe secu i y and c oss-bo de
da a egula ion a e ongoing bu agmen ed. The
O ganisa ion o Economic Co-ope a ion and
De elopmen (OECD), h ough i s P i acy Guidelines
(2013) and Recommenda ion on Digi al Secu i y Risk
Managemen (2015), ad oca es o in e ope abili y and
accoun abili y a he han s ic uni o mi y. OECD
p inciples emphasize anspa ency, pu pose limi a ion,
and secu i y sa egua ds, se ing as a ounda ion o
many na ional laws. The Council o Eu ope’s Budapes
Con en ion on Cybe c ime (2001) emains he only
binding mul ila e al ea y add essing cybe c ime,
ocusing on c iminal jus ice coope a ion and
ha moniza ion o subs an i e o enses. I s Second
Addi ional P o ocol (2022) in oduces new
mechanisms o c oss-bo de access o elec onic
e idence while a emp ing o balance p i acy and
secu i y conce ns. Howe e , majo powe s such as
Russia and China ha e no joined, limi ing i s
uni e sali y. A he Uni ed Na ions, wo majo
p ocesses coexis : he G oup o Go e nmen al Expe s
(GGE) and he Open-Ended Wo king G oup (OEWG)
on in o ma ion and elecommunica ions secu i y. These
o ums ha e endo sed key p inciples such as s a e
so e eign y, non-in e en ion, and he applicabili y o
in e na ional law in cybe space (UN, 2021). Ye ,
consensus emains elusi e, especially ega ding he
en o cemen o no ms and a ibu ion o cybe a acks.
Pa allel discussions a he Wo ld T ade O ganiza ion
(WTO) ha e explo ed he implica ions o c oss-bo de
da a es ic ions o digi al ade. Some schola s
ad oca e ea ing da a lows as a ade issue, a guing
ha localiza ion equi emen s may iola e
commi men s unde he Gene al Ag eemen on T ade
in Se ices (GATS) (Aa onson, 2021). O he s con end
ha cybe secu i y excep ions unde A icle XIV o
GATS jus i y such measu es o na ional secu i y. The
G20 and Wo ld Economic Fo um (WEF) ha e also
p oposed olun a y p inciples o c oss-bo de da a
go e nance, emphasizing us , inno a ion, and
in e ope abili y. The G20 Osaka T ack (2019)
in oduced he concep o “Da a F ee Flow wi h T us ”
(DFFT), p omo ing balanced da a libe aliza ion while
ensu ing p i acy and secu i y sa egua ds. Al hough
nonbinding, DFFT signals a shi owa d mul i-
s akeholde coope a ion in ol ing go e nmen s,
co po a ions, and ci il socie y [19].
En o cemen , Compliance, and Global Go e nance
Dynamics
One o he mos pe sis en challenges in cybe secu i y
law is en o cemen . Gi en he ansna ional na u e o
cybe h ea s and da a ans e s, ju isdic ional
agmen a ion o en hampe s e ec i e egula ion. The
GDPR’s one-s op-shop mechanism and signi ican
ines—such as he €1.2 billion penal y imposed on
Me a in 2023—demons a e Eu ope’s obus
en o cemen capaci y. By con as , he U.S. elies
hea ily on sel - egula ion and li iga ion, while China
en o ces compliance h ough adminis a i e o e sigh
and puni i e sanc ions.
In e na ional coope a ion on en o cemen emains
limi ed. Mu ual legal assis ance ea ies (MLATs) and
bila e al ag eemen s acili a e some in o ma ion
exchange, bu hese p ocesses a e o en slow and
poli ically cons ained. New ini ia i es such as he
U.S.–EU Join Cybe Dialogue and Quad
Cybe secu i y Pa ne ship (U.S., Japan, India,
Aus alia) seek o enhance coo dina ion, ye global
consensus is hinde ed by di e gen legal philosophies.
Fu he mo e, p i a e ac o s play a g owing ole in
480
2025, Volume 1, Issue 7
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
shaping de ac o go e nance. Technology companies
manage as da a in as uc u es and o en se hei own
global p i acy s anda ds. Fo ins ance, co po a e
compliance wi h GDPR o NIST amewo ks has
become a compe i i e ad an age, illus a ing he
eme gence o p i a e egula o y egimes in cybe space.
Schola s like Abbo and Snidal (2020) desc ibe his as
“go e nance by con ac ,” whe e ma ke mechanisms
complemen o subs i u e o mal legal egula ion.
Con e gence and F agmen a ion in Global Cybe
Law: Compa a i e analysis o hese amewo ks
e eals bo h con e gence and agmen a ion.
Con e gence a ises h ough no m di usion, as he
GDPR in luences legisla ion wo ldwide and s a es
adop simila secu i y and anspa ency s anda ds. E en
China’s PIPL inco po a es ce ain p ocedu al
sa egua ds inspi ed by he GDPR, albei adap ed o
local p io i ies. Likewise, in e na ional s anda ds om
ISO and NIST os e echnical ha moniza ion.
F agmen a ion, howe e , pe sis s due o con lic ing
no ions o so e eign y, human igh s, and economic
in e es . The di e gence be ween he EU’s human-
igh s-based model, he U.S.’s ma ke -d i en app oach,
and China’s so e eign y-based egime epi omizes he
ipola s uc u e o global da a go e nance. This
agmen a ion gene a es legal unce ain y o
mul ina ional co po a ions and poses sys emic isks o
global digi al ade [20].
Towa d Cohe en Global Regula ion: Despi e hese
challenges, momen um is building owa d
ha moniza ion h ough so law, bila e al coope a ion,
and egional in eg a ion. The OECD’s and G20’s
p inciples, he EU–U.S. Da a P i acy F amewo k, and
eme ging egional ag eemen s such as he Digi al
Economy Pa ne ship Ag eemen (DEPA) be ween
Chile, New Zealand, and Singapo e ep esen
inc emen al s eps owa d in e ope abili y. Schola s
sugges ha u u e global amewo ks may adop a
“ ede alis ” model, in which common p inciples coexis
wi h local a ia ions.
To succeed, such amewo ks mus balance h ee
objec i es: secu i y, p i acy, and economic e iciency.
They mus also accoun o he asymme ies o powe
and capaci y among na ions, ensu ing ha de eloping
coun ies a e no excluded om global digi al
go e nance. Finally, he ise o new echnologies—
such as a i icial in elligence and quan um
compu ing—will necessi a e con inuous adap a ion o
cybe secu i y laws o add ess e ol ing h ea s and
e hical dilemmas. In conclusion, he compa a i e
analysis o cybe secu i y and da a p o ec ion
amewo ks e eals a complex bu g adually
con e ging in e na ional landscape. While legal
agmen a ion emains a de ining ea u e o he cu en
egime, sha ed conce ns abou p i acy, us , and
esilience p o ide e ile g ound o coope a ion. The
nex sec ion will explo e e hical and no ma i e
challenges inhe en in his e ol ing ecosys em,
ocusing on he delica e balance be ween indi idual
igh s, s a e secu i y, and echnological inno a ion [21].
Challenges and E hical Conside a ions: The
egula ion o cybe secu i y and c oss-bo de da a lows
p esen s a mul i ace ed a ay o legal, echnical, and
e hical challenges ha ex end a beyond ques ions o
compliance. As da a becomes a s a egic asse and a
ool o powe , s a es, co po a ions, and indi iduals a e
d awn in o complex nego ia ions o e so e eign y,
p i acy, accoun abili y, and equi y. These challenges
a e no me ely ope a ional bu deeply e hical, e ealing
ensions be ween collec i e secu i y and indi idual
igh s, economic globaliza ion and na ional au onomy,
and inno a ion and human digni y.
The Tension Be ween P i acy and Na ional
Secu i y: One o he mos pe sis en challenges in
cybe secu i y go e nance lies in balancing he
p o ec ion o indi idual p i acy wi h he impe a i es o
na ional secu i y. Go e nmen s wo ldwide ha e
jus i ied su eillance, da a e en ion, and moni o ing
p og ams as necessa y measu es agains cybe c ime
and e o ism. Howe e , such ini ia i es o en collide
wi h undamen al igh s o p i acy and da a p o ec ion
ensh ined in in e na ional law, including A icle 12 o
he Uni e sal Decla a ion o Human Righ s and A icle
17 o he In e na ional Co enan on Ci il and Poli ical
Righ s. Fo example, he Uni ed S a es’ Pa io Ac and
subsequen legisla ion expanded go e nmen
su eillance powe s, pe mi ing he collec ion o
me ada a and communica ions ac oss bo de s.
Simila ly, he Eu opean Union, despi e i s s ong
p i acy egime unde he Gene al Da a P o ec ion
Regula ion (GDPR), has aced in e nal deba e o e he
limi s o da a sha ing o law en o cemen and
in elligence pu poses. The e hical dilemma a ises when
he pu sui o secu i y unde mines he e y ci il
libe ies ha cybe secu i y laws a e designed o p o ec .
This “secu i y-p i acy pa adox” e eals he need o
p opo ionali y and accoun abili y mechanisms wi hin
da a go e nance amewo ks.
481
2025, Volume 1, Issue 7
ue 6
Ad anced Jou nal o Managemen , Humani y and Social Science (AJMHSS)
Ju isdic ional Ambigui y and En o cemen
Challenges: A second majo challenge conce ns he
ambigui y o ju isdic ion in cybe space. Da a o en
a e ses mul iple se e s and ju isdic ions wi hin
milliseconds, complica ing he ques ion o which laws
apply and who is esponsible o compliance o b each.
This lack o e i o ial cla i y c ea es signi ican
en o cemen di icul ies o bo h na ional egula o s
and in e na ional o ganiza ions. Fo ins ance, he
CLOUD Ac (Cla i ying Law ul O e seas Use o Da a
Ac ) in he Uni ed S a es au ho izes domes ic law
en o cemen o compel access o da a s o ed ab oad,
po en ially con lic ing wi h he p i acy laws o o he
ju isdic ions such as he EU o Japan. Con e sely, he
GDPR’s ex a e i o ial each imposes compliance
obliga ions on en i ies ou side he EU, c ea ing ensions
wi h non-Eu opean legal sys ems. These con lic s
exempli y a b oade e hical ques ion: can so e eign y
be meaning ully exe cised in a bo de less digi al
en i onmen ? Fu he mo e, dispa i ies in en o cemen
capaci y be ween de eloped and de eloping na ions
exace ba e inequali y in cybe space. Many eme ging
economies lack he echnical in as uc u e and
ins i u ional esou ces o moni o and en o ce
cybe secu i y compliance e ec i ely. This asymme y
isks u ning global da a go e nance in o a o m o
“ egula o y impe ialism,” whe e powe ul ju isdic ions
impose hei s anda ds on weake ones, challenging
p inciples o ai ness and equali y in in e na ional law
[22].
Digi al So e eign y and Da a Localiza ion
The concep o digi al so e eign y— he igh o s a es
o con ol da a gene a ed wi hin hei e i o y—has
gained p ominence as go e nmen s seek o asse
au ho i y o e cybe space. Coun ies such as China,
Russia, and India ha e enac ed s ic da a localiza ion
laws equi ing companies o s o e ce ain ca ego ies o
da a domes ically. P oponen s a gue ha localiza ion
enhances na ional secu i y, p o ec s ci izens’ p i acy,
and suppo s domes ic inno a ion.
Howe e , om an e hical and economic s andpoin ,
da a localiza ion aises se ious conce ns. I can
agmen he global in e ne , hinde inno a ion,
inc ease ope a ional cos s o in e na ional businesses,
and limi indi iduals’ eedom o access global
se ices. Mo eo e , localiza ion measu es can be
exploi ed by au ho i a ian egimes o s eng hen
su eillance, censo ship, and poli ical con ol. The
e hical dilemma, he e o e, lies in econciling
legi ima e so e eign y claims wi h he p inciples o
open, in e ope able, and igh s- espec ing digi al
spaces.
Inequali y and he Global Digi al Di ide: Ano he
e hical issue inhe en in cybe secu i y go e nance is he
digi al di ide— he unequal access o echnology,
esou ces, and egula o y capaci y ac oss egions.
De eloped na ions o en domina e cybe secu i y
s anda d-se ing, while de eloping coun ies s uggle o
pa icipa e e ec i ely in in e na ional nego ia ions.
This imbalance pe pe ua es dependency and
unde mines inclusi e global go e nance.
Addi ionally, mul ina ional co po a ions wield
disp opo iona e in luence in shaping global
cybe secu i y no ms h ough lobbying, p op ie a y
echnologies, and da a monopolies. The concen a ion
o digi al powe in a hand ul o ech gian s has c ea ed
a o m o “da a colonialism,” whe e use in o ma ion
om he Global Sou h uels he digi al economies o
he No h wi hou equi able bene i s o ep esen a ion.
Add essing his imbalance equi es e hical amewo ks
g ounded in dis ibu i e jus ice, anspa ency, and
pa icipa o y go e nance.
Accoun abili y, T anspa ency, and Co po a e
Responsibili y: The p i a e sec o plays a pi o al ole
in managing c oss-bo de da a lows, ye he
accoun abili y o co po a ions in p o ec ing
cybe secu i y and p i acy emains inconsis en . E hical
lapses—such as he Camb idge Analy ica scandal—
ha e demons a ed how da a misuse can unde mine
democ acy and public us . Fu he mo e, many
companies ope a e ac oss ju isdic ions wi h con lic ing
legal obliga ions, leading o selec i e compliance o
“ju isdic ion shopping” o minimize egula o y
bu dens. F om an e hical s andpoin , co po a ions bea
a du y o ca e owa d use s, employees, and socie y a
la ge. T anspa ency in da a p ac ices, clea consen
mechanisms, and adhe ence o in e na ional human
igh s p inciples should o m he ounda ion o
esponsible da a go e nance. Ini ia i es like he OECD
Guidelines on Mul ina ional En e p ises and he UN
Guiding P inciples on Business and Human Righ s
p o ide no ma i e benchma ks, ye en o cemen
emains weak wi hou binding in e na ional s anda ds.
E hical Implica ions o Eme ging Technologies:
Eme ging echnologies such as a i icial in elligence
(AI), quan um compu ing, and he In e ne o Things
(IoT) in oduce new laye s o complexi y o
cybe secu i y egula ion. AI-d i en sys ems can
enhance h ea de ec ion bu also enable sophis ica ed
