View from Peter Lancos, CEO
"Welcome to eXate's Global Data Diaries. This week we focus on some interesting news around cross border data transfers...."
Many countries, notably those in the European Union (EU), place significant restrictions on data transfers. Data protection laws contain rules governing data transfers across international borders. For businesses, cross-border data transfers are important as they will need to know the specific requirements in the countries they operate in, and transfer data, to. The laws in different countries vary and there are criminal and civil sanctions for violations. By understanding the requirements, companies can lay measures in place to ensure the free flow of personal information to support their functioning.
There are 3 pain-points when it comes to Multi-National Companies complying with cross-border data transfer requirements regarding the privacy of personal information and important data:
The diversity of organizations increases the complexity of the transfer circumstances, which makes it difficult to determine the applicability,
Decentralization requirements are scattered across multiple jurisdictions, laws, regulations and national standards and measures (including their draft versions),
Inconsistency and uncertainty among these requirements make it difficult to comply with the requirements.
In recent months, there have been a series of important developments affecting cross-border data transfers. Firstly, on 21st June 2021, the European Data Protection Board ("EDPB") published it's final, much-anticipated recommendations on supplementary measures to ensure compliance with EU data protection laws. Additionally, on 27th June 2021 the European Commission's new standard contractual clauses ("SCCs") came into effect. Finally, on 28th June 2021, the European Commission adopted two adequacy decisions in respect of the UK.
Rules on Cross-Border Data Transfers become (a little) clearer
In recent weeks, there has been a series of important developments affecting cross-border data transfers. First, on 21 June 2021, the European Data Protection Board ("EDPB") published its final, much-anticipated Recommendations 01/2020 on supplementary measures to ensure compliance with EU data protection laws.
Cross-Border Data Transfer and Data Localization Requirements in China
In 2020, China launched a global data security initiative focused on strengthening international coordination for cross-border data flow and outlining the principle of personal information protection. A large number of Chinese customers’ personal information are collected and generated within the operations of the People’s Republic of China (PRC) and transferred to other countries for storage and processing. Therefore, it can be a challenge for multinational enterprises (MNEs) to balance data subjects’ privacy rights while also providing better service. As a result, China’s National People’s Congress (NPC) and the National Committee of the Chinese People’s Political Consultative Conference (PCC) put forward suggestions on legislation addressing cross-border data transfer.
WhatsApp fined a record 225 mln euro by Ireland over privacy
Facebook's (FB.O) WhatsApp was fined a record 225 million euro ($266 million) by the Irish data protection regulator on Thursday after the EU privacy watchdog pressured Ireland to raise the penalty for the company's privacy breaches.
WhatsApp said the fine was "entirely disproportionate" and that it would appeal. Still, the Irish fine is significantly less than the record $886.6 million euro fine meted out to Amazon by the Luxembourg privacy agency in July.