数字单一市场战略的提出，将数据作为技术心脏服务于市场中数字服务的发展，恰逢其时，新型数字技术也源源不断地正在为市场开辟新的机遇。基于数据流经济，数据的访问与转移包括数据的自由流动，作为数据经济发展的基础，成为了数据交换以及市场竞争的重点问题。 数据跨境流动的障碍因素丰富且广泛，但立法要求不同的国家间的数据流动，在立法以及政策层面无法同时满足双方一致的价值追求。因此促进可靠、可行的跨境数据自由流动的举措，具有重要研究意义及研究空间。 本文以欧盟相关数据保护立法框架为立足点，将数据分割为个人数据与非个人数据两种类型，以不同立法为例分别探究两种数据的立法要旨及司法、执法机制。在此基础上落实数据跨境问题在我国刑法中的定位，以实现最大可能消除数据流动障碍并为我国数据保护的刑事立法提出建议。 本文第一章以概览形式厘清数据跨境流动问题中的相关概念，并分析了主要国家对数据跨境流动规制的立法框架，提出了欧盟作为本文主要研究客体的重要意义。本文第二章以欧盟近期生效的《一般数据保护条例》为例，探讨欧盟对个人数据跨境流动的立法指向及其基本原则。鉴于欧盟对个人数据保护立法框架的完备性，本文以“GDPR第一案”作为司法切入，明确个人数据跨境的司法立场，结合多部专项立法以及协定等对欧盟委员会及WP29工作组的执法机制予以梳理。 本文第三章为本文的创新点，非个人数据的跨境流动问题的研究在国内外基本属于空白。本文则以欧盟近日通过的《非个人数据自由流动框架条例》正式文本，借由欧盟主要成员国数据本地化现状，重点分析数据本地化措施的表现形式与养成因素及其对非个人数据流动造成的阻碍，同时指出欧盟目前持有的有关非个人数据跨境流动问题的治理立场及相关机构的执法机制。 本文第四章以我国《刑法修正案（九）》作为我国刑法对数据保护的介入路径，通过对侵犯公民个人信息罪、拒不履行信息网络安全管理义务罪在数据跨境流动语境下的适用等问题的梳理，以中国刑事法治文明下刑法的最后手段性以及刑事介入片段性为特征点切入，分析我国刑法语境下数据跨境流动问题的制度框架、价值追求以及适用困境等问题。最后借由对欧盟数据跨境流动的法律规制框架多方面的思考，进一步明确我国刑事立法对数据跨境流动问题的规制指向。

The introduction of the digital single market strategy use data as a technology heart to serve the development of digital services in the market. At the right time, digital technologies are opening up new opportunities constantly for the market. Based on the data flow economy, the access and transfer of data, including the free flow of data, as the basis of data economic development, has become a key issue in data exchange and market competition. The barriers to cross-border data flow are rich and varied, but the flow of data between countries required by different legislation, it is impossible to satisfy both parties' consistent value pursuits at the legislative and policy levels. Therefore, the promotion of reliable and feasible free flow of cross-border data has important research significance and research space. This paper takes the EU relevant data protection legislative framework as the foothold and divides the data into two types: personal data and non-personal data, and take different legislation as an example to explore the legislative thrusts and judicial mechanisms and enforcement mechanisms of the two types of data. On this basis, we find the location of cross-border data in China's criminal law, in order to eliminate data flow barriers and make recommendations for criminal legislation of data protection in China. The first chapter of this paper clarifies the relevant concepts in the cross-border flow of data in an overview form, and analyzes the legislative framework of the cross-border flow regulation of data in major countries, and puts forward the significance of the EU as the main research object of this paper. The second chapter of this paper takes the European Union's recent “General Data Protection Regulation” as an example to explore the EU legislative direction and basic principles for the cross-border movement of personal data. In view of the completeness of the EU legislative framework for personal data protection, this article uses the “GDPR first case” as a judicial cut-off, clarifies the judicial position of cross-border personal data, and combines several special legislation and agreements to sort out the enforcement mechanisms of the European Commission and the WP29 Working Group. The third chapter of this paper is the innovation of this paper. The research on the cross-border flow of non-personal data is basically blank at home and abroad. This article is based on the official text of the “REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a framework for the free flow of non-personal data in the European Union” adopted by the European Union recently. Through the status quo of data localization in major EU member states, analyzing the manifestations of data localization measures and the obstacles to non-personal data flows. At the same time, it analyzes the EU governance position on non-personal data cross-border flows. The fourth chapter of this paper takes “China Criminal Law Amendment (IX)” as the intervention path of data protection in China's criminal law. By sorting out the crime of cross-border movement of personal data and infringement of citizens' personal information, the non-personal data cross-border flow and the refusal to perform information network security management obligations, analyzing the institutional framework, value pursuit and application dilemma of cross-border flow of data under the context of criminal law. By referring to the legal regulation framework of cross-border movement of EU data, this paper considers the regulation of China's criminal law on the cross-border flow of data.