Multinational organizations subject to privacy laws, such as the EU General Data Protection Regulation, are sometimes also subject to seemingly conflicting trade law. One area of U.S. trade law requires that before exporting certain products or technologies, companies screen against U.S. sanctions lists to prevent the goods from being available to states or individuals deemed bad actors. It can be challenging to justify the screenings under the GDPR, which furthers a historical tension between EU privacy law and U.S. export control law. In this piece for Privacy Tracker, Baker McKenzie’s Helena Engfeldt, CIPP/E, CIPP/US, and Jennie Nilsson explore how a decision from the Swedish data protection authority may offer a solution to this problem.
If you want to comment on this post, you need to login.