Research

[« previous] [next »]

Workshop - Legal Challenges to the International Transfer of Data (January 2017)

• Slide Presentation at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017
• UN advice on data protection and international data flows
• UN concerns on cross border data transfers / surveillance
• Privacy Shield and SCCs: Three potential vulnerabilities to legal challenge
• Next steps
• Further information

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » International, Comparative and Cross-Border Research. Read more » Strategic Privacy Consulting. Read more » Related Galexia projects ASEAN - Read more » BSA | The Software Alliance - Read more » Digital Europe - Read more » UNCTAD - Read more » Related Galexia news and articles Galexia on panel at ForgeRock Identity Summit - The evolving role of privacy in digital transformation - 15 August 2017 » Galexia Associate publishes new book on privacy law in Singapore - June 2017 » Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017 » Galexia presenting at the Annual European Data Protection and Privacy Conference, Brussels - 1 December 2016 » Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016 » Galexia Director Chris Connolly joins the Editorial Board of Data Protection Leader - October 2016 » Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016 » Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016 » Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015 » Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014 » Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014 » Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013 » Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010 » Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010 » First US Prosecution for false web claim of Safe Harbor status - 11 September 2009 » New Galexia Study: The US Safe Harbor - Fact or Fiction? - December 2008 »

Slide Presentation at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017

Galexia Director Chris Connolly presented at CDPD2017 - The Age of the Intelligent Machine at the 10th International Computers, Privacy & Data Protection (CPDP) International Conference in Brussels on 25 January 2017. 

Read more »

[Download presentation slides (PDF) »]

UN advice on data protection and international data flows

• UN report:
  • Data protection regulations and international data flows: Implications for trade and development (April 2016)
    
• Data protection is directly related to trade
  • Too little protection can create negative market effects through affecting consumer confidence
  • Too much protection can overly restrict business activities and trade
• Ensuring that laws consider the global nature and scope of their application, and foster compatibility with other frameworks, is critical

UN concerns on cross border data transfers / surveillance

• Gaps in coverage
  • No laws, partial laws or laws that contain broad exemptions
• Negative impact of data localization on trade and development
• Balancing surveillance and data protection
  • Support for ‘Necessary and Proportionate’ test
  • Support for ‘Narrowly Tailored’ test
    • (in the US the term is ‘as tailored as feasible’)
  • Support for the provision of judicial redress for data subjects, regardless of nationality
  • Promotion of ‘transparency reports’ by business

Privacy Shield and SCCs: Three potential vulnerabilities to legal challenge

• 1. Bulk Surveillance
  • Presidential Policy Directive 28 (PPD-28) 2014 allows bulk surveillance in six circumstances. Five are narrow in scope and tackle serious / significant risks. However, the sixth category is just the word: ‘cybersecurity’. There is no additional test (e.g. serious risk) and no details are provided about the scope of this term.
• 2. Independence of dispute resolution
  • European and US approaches to the independence of dispute resolution providers are contrasting, with stricter rules applying in Europe.
• 3. Fine print exclusions
  • History of businesses relying on fine print exclusions (Safe Harbor, APEC CBPRs) to limit scope of their certification and / or to limit dispute resolution. This practice has reduced in recent years, but is open to challenge in the Privacy Shield and SCCs.

Next steps

• 1. United Nations
  • Promoting the development of consistent privacy laws, especially in developing nations
  • Discouraging data localization
  • Promoting a balanced approach to cross border data transfers and surveillance
• 2. Privacy Shield
  • The annual review is an opportunity to strengthen some protections
    • (e.g. promoting independent dispute resolution and removing fine print exclusions)
  • Clarify some of the framework text
    • (e.g. the scope of the ‘cybersecurity’ bulk surveillance exception)
• 3. SCCs
  • EC tasked with ensuring that the recent protections introduced in the Privacy Shield are extended to SCCs, and that a proper governance framework is established for SCCs (e.g. monitoring and regular reviews)

Further information

• United Nations Conference on Trade and Development (UNCTAD) - Global Cyberlaw Tracker
  • http://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Global-Legislation.aspx
• Data protection regulations and international data flows: Implications for trade and development (April 2016)
  • http://unctad.org/en/pages/PublicationWebflyer.aspx?publicationid=1468
• BSA / Galexia Global Cloud Computing Scorecard (April 2016)
  • http://cloudscorecard.bsa.org/2016/
  • Look out for the updated version in mid-2017
• Galexia
  • http://www.galexia.com/

[Download presentation slides (PDF) »]

Galexia Director Chris Connolly presented at CDPD2017 - The Age of the Intelligent Machine at the 10th International Computers, Privacy & Data Protection (CPDP) International Conference in Brussels on 25 January 2017. 
Read more »

[« previous] [next »]

[up to articles, papers, conferences & seminars] [up to research]