摘要: 跨境电商交易以消费者个人数据为要素、平台为枢纽，与跨境电商相关的民商事法律纠纷中，法律适用至关重要。传统冲突规范基于侵权或合同，难以兼顾交易效率、数据安全与平台合规成本三重目标，具体表现为“意思自治”“最密切联系”“被侵权人经常居所地”等连结点存在适用困境。欧盟“数据控制人机构设立地”为我国完善冲突规范提供了有益经验。我国可以“数据控制人机构设立地”为核心连结点，辅以“目标市场地”“经营活动指向”的限制条件与有限的“意思自治”。据此，可在降低电商平台合规负担的同时，确保消费者个人数据安全，为跨境电商数据保护与数据流通的动态平衡提供准据法选择的路径。

Abstract: Cross-border e-commerce transactions take consumers’ personal data as a core input and platforms as the key intermediary. In civil and commercial disputes arising from these transactions, the determination of applicable law is decisive. Traditional conflict rules, premised on tort or contract, struggle to reconcile transaction efficiency, data security and platform compliance costs. Connecting factors such as party autonomy, closest connection and the habitual residence of the injured party all prove deficient. The EU’s “establishment of the data controller” doctrine offers a valuable reference. By adopting this establishment as the primary connecting factor and supplementing it with “target market location” and “direction of commercial activities” as limiting conditions—together with narrowly circumscribed party autonomy—Chinese law can reduce e-commerce platforms’ compliance burdens while safeguarding consumer data, thereby furnishing a conflict-of-laws route to the dynamic equilibrium between data protection and data flow.