Reframing Data Privacy Law in the Digital Age: Digital Rights, Data Sovereignty, and Cross-Border Governance

Abstract

The rapid expansion of data-driven governance, platform economies, and smart-city infrastructures has transformed privacy from a narrow individual interest into a foundational question of law, power, and democratic ordering. Contemporary legal systems are no longer asked merely to protect secrecy or confidentiality; they are increasingly required to regulate data extraction, algorithmic profiling, cross-border data transfers, and state–market cooperation in digitally mediated environments. This paper examines the evolution of data privacy law through three interrelated legal lenses: digital rights, data sovereignty, and cross-border governance. It argues that the traditional privacy paradigm, while still essential, is insufficient on its own to address the structural features of datafication. Instead, a modern legal framework must integrate individual rights protection, institutional accountability, and public-interest governance over digital infrastructures.The paper first revisits the conceptual foundations of privacy law, showing how classical understandings of privacy as liberty and control over personal information have expanded into broader concerns about data protection, discrimination, and platform power. It then compares the legal trajectories of the European Union, the United States, and China, with particular attention to the GDPR, the CCPA, and China’s Personal Information Protection Law (PIPL) and Data Security Law (DSL). While these systems differ in institutional design and normative emphasis, all three reveal tensions between economic innovation, national security, and rights protection. The paper next analyzes cross-border data governance as a central legal challenge of the digital era. It shows that conflicts over data localization, sovereignty, and international transfers are not merely technical regulatory disputes, but reflect deeper struggles over jurisdiction, market control, and geopolitical power.Finally, the paper proposes a rights-based, pluralist legal framework for digital governance. Such a framework should move beyond compliance formalism and toward substantive protection of autonomy, equality, and democratic participation. Privacy law must therefore be understood not only as a defensive shield against intrusion, but also as a constitutive branch of digital constitutionalism capable of shaping the legitimate conditions under which data may be collected, shared, processed, and governed. In this sense, the future of data privacy law lies in its capacity to connect personal information protection with broader legal commitments to accountability, fairness, and digital self-determination.