In order to explore the mechanism for the safe and orderly flow of data across borders in the new era the Macao Digital Development Association (MDDA), relying on the institutional advantages of the Macao SAR's “one country, two systems" and its legal origins with the European Union, takes the lead in building a new platform in the field of scientific research under the current legal framework "Macao China, China-EU Data Cross-border Flow Channel", and formed a safe management practice for cross-border flow of scientific research data between International Institute of Next Generation Internet of Macao University of Science and Technology and the Fraunhofer Institute for Software and System Technology.

Multilateral coordination to build the first scientific research field "Macao China-EU data cross-border flow channel"

The safe and orderly flow and governance of data has become a global issue, and the cross-border flow of data is one of the most complex sub-issue. At the outset, the existing international data cross-border flow mechanism is experiencing pressure from various aspects such as “EU-US Privacy Shield Frameworks” agreement overturned and Standard Contractual Clauses require additional “supplementary measures”, etc. Given the fact that data has become more and more important for the development of both economy and society at large, the “investigation after the fact approach cannot meet the satisfaction of some countries or regions for security and management concerns.

In this case, M.U.S.T-IINGI and the Fraunhofer ISST are respectively located in different jurisdictions. As a consequence, the cross-border flow of scientific research data involving personal information often arises in the scientific research cooperation activities between the two parties. This includes digital health (traditional medicine) research, among other things, diagnostic processes and personal information collected or generated by medical devices. In the multi-center joint scientific research activities, except for the traditional research ethics requirements, the two parties must also meet the requirements of their respective laws and regulations on the export of personal information.

In accordance with the GDPR (EU) and Personal Data Protection Act (Macao), MDDA takes the lead to form the first new cross-border flow of scientific research data between M.U.S.T.-IINGI and the Fraunhofer ISST safety management practices on the platform of International Data Space (IDS). In order to explore the mechanism for the safe and orderly flow of data across borders in the digital era, MDDA coordinates and collaborates to establish a trinity of "legal regulations + management mechanism + technical assurance" model in the field of scientific research, covering the whole process of “before, during and after course”.

MDDA Gateway system realizes automatic self-inspection and data review of entry and exit data

In order to combat the related obstacles encountered in the cross-border transmission of data, M.U.S.T-IINGI and Fraunhofer ISST signed the “Standard Contractual Clauses” (SCC) as basic compliance guarantee for two-way cross-border transmission data under the framework of IDS and MDDA. In addition, both parties establish a data protection management system that meets local legal requirements, and formulates supporting work guidelines.

In the meantime, MDDA coordinates with CFIEC, Beijing Institute of Technology and other organizations exploring a set of governance models for cross-border data circulation, including rules that specify legal regulations, technical infrastructure and management mechanisms, which can not only ensure security, but also promote sharing. Based on this, a whole set of MDDA Gateway technology system is built. The model uses the greatest common divisor between the laws and regulations related to cross-border data flow in Macao China and the EU as an embedded rule, including the Macao Personal Data Protection Act and the EU GDPR, etc., in order to comply with both Macao and the EU Data protection standards, to realize automatic self-inspection and data review of entry and exit data, and ensure the rapid two-way and orderly flow of scientific research data.

The case adopts IP6, privacy enhancement, blockchain and other technologies to realize the whole-process supervision of data flow

With noble support of IPv6 Forum, CFIEC and China Telecom Macao company, the system adopts advanced technologies such as IPv6, privacy enhancement, blockchain, etc., which have full-process compliance guarantee measures such as minimum necessary principle review, user rights management, data subject consent management and rights response, privacy enhancement, and user compliance self-inspection. These safety precautions realize cross-border data transmission and access, which is based on FAIR principles (findable, accessible interoperable, reusable) that guarantees data autonomy.

MDDA Gateway system also binds IPy6 addresses with location identifiers, identity content identifiers, and realizes the management and control of upper-layer digital content through the IPv6 protocol at the bottom of the network, improving the management efficiency and control capabilities of the management department, and supervising the safety and orderly flow of cross-border data, which provides traceable and controllable technical support.

The practice of cross-border scientific research data flow between Macao China and the EU not only explores a feasible path for the two-way transmission of scientific research data between Macao China and the EU, but also extends to the cross-border two-way data exchange between Macao China and other countries and regions. It will also be applicable to the global operation of more industries such as medical care. Internet of Vehicles finance, international trade, and exhibitions.

The Macao Digital Development Association's set of governance models for cross-border data circulation not only helps Macao SAR to integrate into the global digital economic development wave, but also builds a bridge for multi-stakeholder exchanges, including data protection regulators to unite all parties to a safe and orderly manner. The consensus on the cross-border flow of data has a demonstrative effect on global cross-border data cooperation.