Globalization has utterly redefined the state of the world we live in. People, businesses, and governments are now more interconnected than at any other moment in history, and the flow of information has become the lifeblood of this new era. For countries to maintain a leadership role in the global economy, it is essential that they embrace this new reality and adapt their policies to take advantage of the opportunities cross-border data flows present.
One area where this is particularly relevant is data sharing. In the past, businesses and governments were able to keep their data close to the chest, using it as a competitive advantage or simply keeping it out of the hands of others. However, in today’s interconnected world, this is no longer an option. Countries that want to remain competitive need to be able to share data with others, while still ensuring that sensitive information is protected.
This has been a top priority for members of the G-7, who recently concluded a two-day summit on the topic of cross-border data flow regulation. It was one of several recent meetings in the group’s ongoing effort to standardize law around the matter, which while not completely revolutionary, marked an important step forward in developing a global framework for data sharing.
Defining Cross-border Data Flows
Before we get into the specifics of the G-7 summit, it’s important to first establish what is meant by cross-border data flows. In short, these are the electronic transmission of data across national borders. This can include everything from email and text messages to more complex data sets used by businesses and governments.
Cross-border data flows have become increasingly important in recent years as our world has become more connected. They provide a way for businesses to operate in multiple countries, for people to keep in touch with loved ones who live far away, and for governments to share information and resources.
However, cross-border data flows can also pose a risk to national security and public safety.
When data is transmitted across borders, it often goes through multiple jurisdictions and may be subject to different laws in each country. This can make it difficult to protect sensitive information, as there may be holes in the security net. In addition, cross-border data flows make it easier for criminals and terrorists to operate across borders. And finally, they can also be used to evade taxes or launder money.
This is why it’s so important for countries to strike a balance between encouraging data sharing and protecting sensitive information.
What Types of Data Are We Talking About?
It’s important to note that not all data is created equal. When we talk about cross-border data flows, we are usually referring to three different types of data: PII, PHI, ETC.
PII, or Personally Identifiable Information, is any data that can be used to identify an individual. This includes things like name, address, date of birth, Social Security number, and so on.
PHI, or Protected Health Information, is any data related to an individual’s health. This includes things like medical records, prescriptions, and insurance information.
ETC, or Encrypted Taxpayer Communications, is any data related to an individual’s taxes. This includes things like tax returns, W-2 forms, and 1099 forms.
All three of these types of data are considered sensitive and need to be protected.
What Types of Risks Are We Talking About?
As we mentioned earlier, cross-border data flows can pose several risks to national security and public safety. Here are a few of the most common:
Data breaches: When sensitive data is transmitted across borders, it increases the chances of a data breach. This is because there are more opportunities for hackers to intercept the data. In addition, cross-border data flows make it difficult to track down the source of a breach, as the data may have gone through multiple jurisdictions.
Identity theft: Cross-border data flows make it easier for criminals to steal people’s identities. This is because sensitive data, like Social Security numbers and date of birth, can be used to open new accounts or get new credit cards.
Fraud: Cross-border data flows can also be used to commit fraud. For example, criminals may use stolen credit card numbers to make purchases online. Or they may use fake identities to take out loans or open new bank accounts.
Money laundering: Cross-border data flows can be used to launder money. This is when criminals use legitimate businesses to move money around, so it’s difficult to track. For example, they may use a cross-border money transfer service to send money from one country to another.
The G-7 Meeting
Top privacy regulators from member nations of the G-7 met in Bonn, Germany last month to discuss the issue of cross-border data flows in detail. The main priority of the meeting was to find a way to standardize data privacy laws across borders, in order to make it easier for businesses to operate in multiple countries and to protect sensitive information.
The Group of Seven already has several legal deals in place addressing this exact issue, however none specifically between the United States and European Union.
“The only piece of the puzzle that is missing is the trans-Atlantic agreement,” says Wojciech Wiewiórowski, the European Data Protection Supervisor who attended the two-day meeting.
While a final legal text of the new U.S.-European Union agreement hasn’t been published yet, negotiators said in March that they reached a preliminary deal. This is a big step forward, as it’s the first time that both sides have been able to agree on a framework for data sharing.
The new agreement will likely build on the EU-U.S. Privacy Shield, which was proposed years ago but eventually ruled illegal by the EU’s top court in 2020.
In that case, challengers had successfully argued that American government surveillance posed a threat to Europeans’ privacy if their data was moved to the United States.
Dismantling the Privacy Shield “basically left data transfers in limbo” for all international companies, says Svetlana Stoilova, digital economy adviser at Business Europe.
Businesses have urged lawmakers from both member nations to speed up the process of finding a new replacement. Some companies have been using other legal mechanisms to transfer data, but they are seen as being more cumbersome.
The new agreement is still being negotiated and no final text has been published yet. However, both sides have said that they are committed to finding a solution that will protect people’s data while also allowing businesses to operate across borders.
Ultimately, the goal is to align the data privacy laws of the United States and the European Union, so that businesses can operate in multiple countries without having to worry about breaching data privacy laws. This would also make it easier for people to know their rights when it comes to their data being shared across borders.
Last month’s meeting saw several suggestions to make such a system work, including…
Applying data anonymization techniques: This would involve stripping transferred information of personally identifiable details. For example, a user’s name, address, and credit card number could be replaced with a unique identifier. This would make it more difficult for someone to identify an individual from the data. (Tokenizer+)
Pseudonymizing data: This would involve replacing personally identifiable information with a pseudonym. For example, a user’s name could be replaced with a randomly generated identifier. This would make it more difficult to identify an individual, but not impossible. (Tokenizer+)
Applying data redaction techniques: This would involve the redaction of data that can’t be shared in any safe fashion so that only appropriate users may access the data. (Redactor+)
Using encryption to protect information in transit: This would involve encrypting data so that it can’t be read by anyone who doesn’t have the key to decrypt it. This would make it more difficult for someone to intercept and read the data as it’s being transferred between countries.
Arguably the most important outcome of the meeting, however, was the renewed commitment from both sides to find a solution to this problem.
In summaries published after the meeting Thursday, regulators committed to collaborating on legal methods to move data and provide businesses with options for choosing cross-border transfer tools that fit their business needs. The document also stated that nations need legislation ensuring that personal data is only accessed as “essential” for national security purposes.
This is a big issue for businesses operating in multiple countries, as well as for people who may have their data shared across borders. The goal is to find a way to standardize data privacy laws across borders so that businesses can operate in multiple countries without having to worry about breaching data privacy laws. This would also make it easier for people to know their rights when it comes to their data being shared across borders.
It’s still early, but the meeting was a step in the right direction toward finding a solution that will work for everyone.
Conclusion
Being the world’s seven largest economies, the G-7 has a responsibility to lead the way in developing policies that will allow for cross-border data transfers while also protecting people’s privacy. Their actions will set a precedent for how other countries should and will approach this issue. Time will tell whether they will be successful in finding a balance between these two competing interests. The rise of big data and the global interconnectedness of trade and business have necessitated new ways to facilitate cross-border data transfers. At the same time, data privacy concerns have grown, as has public awareness of the ways that companies collect and use personal data. These trends have created both opportunities and challenges in implementing cross-border data transfers.
As the world becomes more digitized, it’s important that we find a way to protect people’s data while also allowing businesses to operate across borders. This is not an easy task, as data privacy laws vary from country to country. But it’s an important one, as cross-border data transfers are essential for businesses and trade. Regulated companies will soon turn to providers like TeraDact to protect their sensitive data. Our products Tokenizer+, Redactor+, and Secrets+ were developed to help protect people’s sensitive data while still allowing businesses to operate in the most efficient way possible. The products mentioned above are the answer to properly protect your data from cyber threats across the world.
