TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, 20 July 2018 Related reading: What does it mean to be a chief data ethics officer?

rss_feed
PrivacyTraining_ad300x250.Promo1-01

""

Greetings from Brussels,

Not everything needs to be "doom and gloom" on the international world stage; you’ll know what I am referring to if you followed recent events and meetings in Europe these last 10 days. In more positive news, at least from the European perspective, the EU signed the world’s largest bilateral trade deal Tuesday with Japan — the EU-Japan Economic Partnership Agreement — which will cover more than 600 million consumers and nearly a third of the global economy. It is quite the deal, cutting or eliminating tariffs on nearly all goods. For example, it will remove tariffs on European exports, such as cheese and wine, while Japanese automakers and electronics firms will face fewer barriers in the European Union.

Importantly, both the EU and Japan send strong endorsements of the global trading system in the face of growing protectionist sentiment emanating from certain quarters. The trade deal itself is expected to come into force in 2019, after being approved by lawmakers on both sides.

From a data-flow and -protection standpoint, the trade decision also means that personal data could eventually flow from the European Economic Area to Japan without needing further safeguards or authorizations. An agreement was signed recognizing the EU's and Japan's data protection systems as "equivalent." That said, however, the existing agreement does not include substantive clauses on the free flow of data. Rather, it includes a review clause to examine the issue within three years. Provided those processes reach a positive conclusion, they would be subject to a separate ratification procedure through the new European Parliament. Moreover, and crucially, the EU would need to obtain a positive opinion from the newly created European Data Protection Board under the GDPR.

Conversely, to fulfill and live up to the high standards of European protection, Japan has committed to implementing additional safeguards to protect EU citizens' personal data before the European Commission formally adopts its adequacy decision. This includes strengthening their current data protection law in what concerns EU data subjects in areas such as sensitive data and onward transfer to third countries, as well as individual rights to access and rectification — enforceable under Japanese law and regulations. Similarly, as under Privacy Shield, the Japanese have also agreed to implement a complaint-handling mechanism to investigate and resolve complaints from European citizens regarding access to their data by Japanese public authorities. In the interim, the "adequacy decision" process is and will continue to be monitored by the Parliament's LIBE Committee to ensure that high data protection standards are being met.

All in all, this agreement speaks strategic volumes for transparency, mutual (bi-multilateral) cooperation, and the rules-based international order. Moreover, in what concerns data protection, it emphasizes a desire to agree on common regulatory approaches to free data flow in an age when data localization measures have seen a surge; think China, Russia, India, Indonesia and Vietnam. The good fight is on. Undoubtedly, one of the stress tests for future global trade deals will be whether free data flows can be protected and facilitated under effective adequacy frameworks and additional measures such as the Privacy Shield.

Comments

If you want to comment on this post, you need to login.