More than adequate: New directions in international data transfer governance
Recent progress between US and European Union (EU) negotiators to secure a more sustainable transatlantic data transfers regime has put a critical area of the transatlantic economy on a more secure footing. Yet the work for digital policymakers on both sides of the Atlantic is far from done.
Imminent completion of the US-EU Data Privacy Framework (DPF), to replace the invalidated Privacy Shield agreement, will open a new chapter in transatlantic data transfers. However, the DPF is expected to face an immediate challenge in the Court of Justice of the European Union from European privacy advocates whose past efforts doomed previous data transfer agreements.
Washington and Brussels should explore other forms of bilateral engagement on this long-troublesome set of issues. They could ask the Trade and Technology Council (TTC) to study commonalities in transatlantic approaches to accountability for personal data in the commercial context. A second avenue could be a stand-alone digital trade agreement, utilizing at least some elements of provisions on that subject developed during the failed Transatlantic Trade and Investment Partnership negotiations.
But fashioning sustainable data transfer architecture is a global – and not simply transatlantic – problem. The EU’s model of conditioning data flows on strict privacy protections has won widespread adherence around the world, but it has yielded a complex and tangled international reality. The US approach of open data flows has supporters internationally, but it has faltered in recent years as US administrations have abjured broad-scale trade agreements. The US failure to adopt comprehensive privacy legislation also makes it a global outlier.
This issue brief outlines and assesses multilateral efforts to achieve greater policy coherence across the global data transfer ecosystem. These include the World Trade Organization’s e-commerce negotiations, the Organization for Economic Co-operation and Development’s declaration on government access to personal data, Council of Europe Convention 108+, the G7 Data Free Flow with Trust initiative, and the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system.
The interplay and synergies among these mechanisms could in time encourage a durable, interoperable global data transfer architecture.
About the author
Related content
The Europe Center promotes leadership, strategies, and analysis to ensure a strong, ambitious, and forward-looking transatlantic relationship.