数字经济发展的过程中，数据本地化规则常常与“数据保护主义”等交融出现，从而引发对该措施合规性的争议。但由于隐私保护、国家安全等利益保护的需要，数据本地化措施又是各国采取的最普遍的限制数据流动措施，从而引发贸易领域的争端。DEPA作为世界上第一个数字经济协定，其数据本地化条款沿袭自CPTPP，只是针对其开放性协定的属性和缔约国经济发展水平相对平均的情况略有变更，条款采取原则性禁止+例外条款的方式满足了缔约国促进数据自由流动和确定监管空间的要求。不过对于CPTPP条约文本的直接借鉴但也导致了DEPA的确定性效应有限。在保护中小企业利益和提高条约确定性方面，DEPA数据本地化规则较USMCA和RCEP更加符合缔约国的要求，实现了数据流动和数据安全之间的平衡，保障了缔约国的监管需求。目前我国实施对特定类别数据本地化的要求，以期保护数据安全和促进数据流动。我国已经成为DEPA的缔约国，而加入DEPA就意味着要承担其条约的权利义务。我国的数据本地化措施与DEPA还存在一定的冲突，主要表现在我国的数据本地化规则能否成功援引例外条款作为抗辩理由还存在一定的疑问以及DEPA条款的开放度也与我国的贸易需求不相匹配。针对上述问题，国内层面，还需要进一步厘清关键的概念界定，明晰数据本地化的范围边界，尝试使用数据分类的方式实现数据安全与数据流动之间的平衡，充分保护中小企业数据安全。国际层面，我们也要学习新加坡积极参与制定数字经济治理，加强国际合作，构建中国治理体系，提高我国的数据话语权。具体到数据本地化规则，则要在秉持共同发展的理念，推出确定性效应高并且能够兼顾发达国家和发展中国家利益的数据本地化规则，在保证数据安全与国家安全的同时，实现共同发展。

In the development of the digital economy, data localization often raises concerns over data protectionism, resulting in debates over its compliance. Nevertheless, due to the requirements of privacy protection and national security, data localization is a common protection measure adopted by many countries, leading to disputes.As the world‘s first agreement which concerns only about the digital economy, the data localization provision of DEPA inherits from CPTPP, with slight modifications made in response to its open agreement nature and the relatively average economic development of its contracting parties. This provision prohibits data localization as a commercial condition in principle and include an exception clause to meet the contracting parties‘ requirements to promote the free flow of data and guarantee regulatory space. However, the direct adaptation of the CPTPP treaty text limits DEPA‘s certainty effect.In terms of protecting SMEs‘ interests and improving treaty certainty, DEPA‘s data localization rules are more in line with the contracting parties‘ requirements than those of USMCA and RCEP, achieving a balance between data flow, data security, and regulatory needs.Currently, our country implements data localization requirements for specific categories of data to protect data security and facilitate data flow. As China has applied to join DEPA, we must assume its treaty rights and obligations. However, conflicts remain between our data localization measures and DEPA‘s, specifically whether our data localization rules can successfully invoke the exception clause as a defense and the openness of DEPA‘s provisions matching our trade needs.To address these issues, domestically, we need to further clarify key concepts‘ definitions, scope boundaries of data localization, and use data classification to balance data security and flow, fully protecting SMEs‘ data security. Internationally, we must learn from Singapore‘s active participation in formulating digital economy governance modes, strengthen international cooperation, build our governance system, and improve our data discourse right. Specifically, in terms of data localization rules, we must uphold the concept of common development, introduce data localization rules with high certainty effect balancing both developed and developing countries‘ interests, achieving common development while balancing data security and national security.