The European Union is taking active steps to ensure the smooth flow of data between member countries and the rest of the world in the future while also ensuring the privacy of users.
The European Union aims to conduct businesses with countries that will not mandate the storage and processing of customer data only within their borders and whose privacy regulations will be consistent with the GDPR.
According to documents accessed by Reuters, while the European Union seeks to insert the strict provisions of the upcoming GDPR into future trade deals, it is also taking steps to fight back against protectionist measures implemented by certain nations that require personal data of citizens to be stored and processed only within their borders.
According to the European Union, such protectionist measures will only create more barriers to data flows and may balkanise the Internet. As of now, it allows businesses to store and process data in countries whose privacy regulations are similar to existing privacy regulations in Europe, thereby ensuring that user privacy is not compromised.
In August last year, China passed a new cyber security law which stated that critical personal data of Chinese citizens could not be stored outside China without express permission from the Chinese government. The law is binding on international firms that run web services in China and these include network operators and operators of critical information infrastructure.
According to The Information Age, China’s new cybersecurity law impacted ‘manufacturing, business services, tourism, media, online advertising, or gaming services’ that ran web services in China. Companies that hosted cloud-based services in China also had to adhere to the new law.
Similarly, Russia also told Facebook last year that it would allow the firm to conduct business in its territory only if the latter agreed to store the personal data of Russian citizens on servers located in Russia.
‘Data protection is a fundamental right in the EU and therefore cannot be the subject of negotiation in trade deals. But the growing digitalization of the economy has prompted the EU to look at how it can foster data flows without compromising privacy,’ said Reuters. The EU is now negotiating fresh trade deals with the United States and Japan and hopes to conclude them in the near future.
Back in 2016, the European Union and the United States negotiated a new Privacy Shield which aimed to ensure the security and privacy of personal data of anyone in the EU transferred to companies in the U.S. for commercial purposes.
In October last year, after completing the first annual review of the EU- U.S. Privacy Shield, the European Commission noted that U.S. authorities had implemented ‘necessary structures and procedures’ to ensure the functioning of the Privacy Shield and had also set up complaint-handling and enforcement procedures.
However, it also added that despite ensuring an adequate level of data protection, the Privacy Shield still needed some improvement to better protect consumer data and to get rid of existing loopholes.
‘Transatlantic data transfers are essential for our economy, but the fundamental right to data protection must be ensured also when personal data leaves the EU. Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation,’ said Věra Jourová, Commissioner for Justice, Consumers and Gender Equality.
‘The Privacy Shield is not a document lying in a drawer. It’s a living arrangement that both the EU and U.S. must actively monitor to ensure we keep guard over our high data protection standards,’ she added.