Since the GDPR has come into force, many countries and other regions of the world have adopted new rules or updated their existing ones with stricter requirements, often inspired by the European framework. As we are seeing convergence between some of the approaches on privacy taken globally, new opportunities to facilitate data flows across borders and boost international trade are emerging. However, some differences still persist and are impacting the free flow of data across borders – diverging privacy values and the incompatibility of the US surveillance framework with the EU’s privacy principles leading to the recent invalidation of the EU-US Privacy Shield and provoking disruptions to transatlantic data flows are a prime example of this.
Within this context, this session will examine the core privacy principles that the EU system shares with third countries, ask where the main persisting differences lie, and how these can be best addressed to achieve greater compatibility between the different frameworks. It will also explore the concrete work that is being done on the convergence between privacy rulebooks to foster a global culture of respect for privacy, the role of initiatives such as the ‘Data Free Flow with Trust’ (DFFT) in achieving this and will discuss the latest on the development of guidance on the use of certification and codes of conduct for transferring data outside of the EU as well as the work done to modernise mechanisms for data transfers. The session will also raise the issue of the adoption of additional adequacy decisions with third countries, including with the UK following Brexit, and following the CJEU decision on the Privacy Shield. It will address compliance challenges faced by global data-driven businesses relying on international data transfers, explore best practices, and discuss how cooperation between governments, policy-makers, enforcement authorities, and businesses can be best fostered globally in order to harness the full potential of international data transfers.