摘要: 在数字经济时代，个人信息跨境流动是企业全球化布局与国家数据治理的核心议题。党的二十届三中全会及2024年《促进和规范数据跨境流动规定》为其规制提供了“安全与发展并重”的方向，推动规制重心从“事前严控”转向“全过程动态平衡”。我国实践中，对个人信息跨境流动的法律规制历经三阶段：2016~2020年以《网络安全法》构建基础性规制，2021~2023年借由《个人信息保护法》《数据安全法》形成三维合规路径，2024年起借自贸区试点推进便利化，已构建多层次体系。但仍面临规则适用模糊、风险防控薄弱、国际对接不足的困境。文章提出细化规则、强化全流程防控、深化国际协同、激活地方创新的完善路径，旨在构建安全可控、效率便利的法律规制体系，平衡个人信息保护与数字经济发展，为全球数据治理提供参考。

Abstract: In the era of the digital economy, the cross-border flow of personal information is a core issue for enterprises’ global layout and national data governance. The Third Plenary Session of the 20th CPC Central Committee and the 2024 Provisions on Promoting and Regulating Cross-Border Data Flow have provided the direction of “balancing security and development” for its regulation, shifting the focus of regulation from “strict pre-event control” to “whole-process dynamic balance”. In China’s practice, the legal regulation of cross-border flow of personal information has gone through three stages: from 2016 to 2020, a basic regulatory framework was established based on the Cybersecurity Law; from 2021 to 2023, a three-dimensional compliance pathway was formed by virtue of the Personal Information Protection Law and the Data Security Law; and since 2024, facilitation has been advanced through pilot programs in free trade zones, resulting in the establishment of a multi-level system. However, it still faces dilemmas such as ambiguities in rule application, inadequate risk prevention and control, and insufficient international alignment. This paper proposes improvement paths including refining rules, strengthening full-process prevention and control, deepening international coordination, and activating local innovation, aiming to build a safe, controllable, efficient and convenient legal regulatory system, balance personal information protection and digital economic development, and provide reference for global data governance.