I am invited to participate in International Data Transfers & Compliance Summit as moderator for breakout session: Data transfers to third countries. I have participated in conferences, summits, seminars and similar events as a speaker (and as a participant, of course), but never as a moderator. So this will be a new experience for me. And I can’t say it is less work already than being speaker!
Data transfers to third countries
The topic of session – Data transfers to third countries – rises a lot of questions, issues and debates. Data transfers outside European Union has been problematic topic since dawn of EU’s data protection. Soon after the inception of requirements regarding data transfers to third countries in EU’s Data protection Directive (Directive 95/46/EC) it became clear that requirement is problematic for fast developing global economy and internet era.
Adequacy mechanism provided in Directive was not working to full potential as only small bunch of countries and territories were found as adequate to EU’s data protection level and therefore safe to transfer data to. And EU’s biggest business partner – US – was not among those countries; and could not be taken their different approach to data protection.
To address this, European Commission created Standard Contractual Clauses (SCCs) and Safe Harbor framework. However, Safe Harbor was found as inadequate means for ensuring safety of transferred data by Court of Justice of EU (CJEU). As its replacement Privacy Shield was set up just to be taken down by CJEU few years later, rising question whether such mechanism can work at all. Even more – CJEU noted that also Standard Contractual Clauses must be used with caution and every data flow outside EU must be carefully analyzed, leaving EU companies with a quest for compliance.
So much trouble around EU. But requirements for transfers of data outside country is not just EU “thing”. Other countries have them, too. For example, Russia and China have announced introduction of stricter data localization rules. Britain, on another hand, announced they want to be in the middle of data transfers and have as business friendly regime as possible. But such approach can jeopardize their (even not yet fully adopted) EU adequacy decision.
Do those problems seem familiar? We’ll try to look at those issues and find best ways to comply with applicable regulations. If you are interested in the event – there is still time to join. And best part – event is free. So head to registration and sign up! On registration page you will also be able to download event’s program.
Already have questions regarding data transfers you would like to ask panelists? Great! Go to contact form and send them in to me and I will ask panelists. See you on session – March 31, 17.00 UTC!
Collaborate with me
I love to share my knowledge and experience. Be it by participating in a conference or leading a seminar, or having a coaching session. I also have plans on organizing similar but simpler virtual GDPR compliance summit and training. So if you have an idea or proposal – drop me a note!