Analysis of the Impact of the EU’s GDPR on Cross-Border Aviation Data

The implementation of the “General Data Protection Regulation”(GDPR) in 2018 marked a transformative shift in global data governance. The GDPR requires that the level of personal data protection within and outside the EU must be essentially equivalent for cross-border data transfers to be permitted. The aviation industry, with its inherently global flow of personal data, has become a significant focus of GDPR regulation. The GDPR has been in effect for over five years. The substantive conflicts between the PNR Directive and related agreements with the GDPR are increasingly prominent, raising questions about their compliance. Additionally, several high-profile fines underscore the severe GDPR compliance challenges facing the global aviation industry. However, the future strategies of China’s aviation sector in responding to the increasingly strict extraterritorial enforcement of GDPR remain unclear. Based on empirical summaries of GDPR enforcement pathways, the extraterritorial application of GDPR in the aviation sector may evolve towards a framework built on commitments and cooperation. Looking forward, while preventing the risk of penalties for GDPR non-compliance, Chinese aviation industry should leverage GDPR to enhance the extraterritorial protection of aviation data. By improving and promoting the establishment of a multilateral framework for PNR data exchange, China should strengthen cooperation with the EU on the basis of seeking common ground while respecting differences. This includes developing China-European data transfer channels and exploring joint regulatory mechanisms for cross-border data. Ultimately, the realization of the Chinese programme for global data governance will be promoted.