International data transfers can be likened to international flights. While people travel between different countries on international flights, data takes the journey with international data transfers.
If each country were to assert its own aviation rules, wouldn't international flights become almost impossible? International civil aviation rules provide unity among countries, making international flights harmonious, orderly and safe.
This analogy underscores the necessity for a cohesive framework governing international data transfers.
Today, vastly different regulations at the regional and national level govern data protection. This legal fragmentation will inevitably lead to inconsistent, conflicting regulations. Adapting to diverse regulations can be particularly challenging for companies, especially regarding international data transfers.
Deputy Director-General and Corporate Secretary of the International Air Transport Association Conrad Clifford said, "Airlines respect and comply with national data protection and transfer rules set by almost 140 countries, but the cumulative implementation and compliance with national data protection laws has become so complex that airlines often cannot achieve the goals that these laws pursue."
As Clifford points out, noncompliance with different data protection and transfer regulations can lead to delays, risks and penalties for companies in their business processes.
Additionally, data free flow with trust is fundamental to the global digital economy. For instance, global technology giants and smaller enterprises, alike, rely on seamless data transfers to optimize operations, enhance customer experiences and drive innovation.
Within this framework, states and global organizations are specifically addressing the importance of international data transfers and challenges arising from the current legal fragmentation, with the aim of finding a global solution.
As outlined in a May 2023 report by the UN Intergovernmental Group of Experts on E-commerce and the Digital Economy, data transfers are expected to triple by 2026. According to the UN, a system for trusted and secure data flows is urgently needed, enabling all countries to share in the mutual benefits of data sharing.
The report emphasizes that the lack of a robust framework could widen the digital divide between countries, hindering global economic growth. Additionally, the first milestone would be preparing a draft of the principles to be included in a Global Data Compact, which member states could adopt before the end of 2030. Such a compact could provide a unified approach to data governance, ensuring data flows are secure and beneficial for all parties involved.
The U.K. government, aiming to lead the establishment of a global data transfer system and emphasize the importance of international data transfers, established the International Data Transfer Expert Council, which published a November 2023 report titled "Towards A Sustainable, Multilateral, and Universal Solution for International Data Transfers."
According to the report, data-related legal fragmentation and conflict cannot be resolved through domestic law reforms or through bilateral initiatives between countries alone. The report argues that without international cooperation, efforts to streamline data transfer regulations will remain fragmented and ineffective. It emphasizes the need for the international community to agree on common standards for data transfers at the global level.
Different solutions can be developed to establish global rules for international data transfers. The U.K. report argues one possibility is the Global Cross-Border Privacy Rules Forum, which is considered an example of bridging the gaps between differing national data protection laws across participating jurisdictions that ensures baseline common protections travel with the data.
This system can harmonize data protection standards, reducing the compliance burden on companies and enhancing data security globally. It can serve as a useful model and basis for a multilateral global certification process that ensures universal standards and secure data transfers.
Another solution is collaborating with the International Organization for Standardization to initiate a standard development process for establishing global rules for international data transfers. Considering ISO already has 167 member countries, this global standardization and certification initiative could have extensive coverage. The ISO's experience in developing international standards makes it an ideal candidate to spearhead such an initiative.
Establishing global rules for international data transfers is not just a regulatory necessity, but a critical step toward ensuring a cohesive, efficient and secure global digital economy.
Through the parallels with international aviation, we can appreciate the importance of unified rules in facilitating smooth and safe operations. As data transfers continue to grow exponentially, the need for a harmonized approach becomes ever more urgent.
International cooperation, through frameworks like the Global CBPR System and ISO standards, can pave the way for a more connected and prosperous world.
Ç. Saba Uğurerkan, CIPP/E, is head of compliance at Yılport Holding.