G-7 leaders have gathered just recently in June to discuss legal deals underpinning bilateral data flows that exist among most of G-7’s members. G-7 consists of the United States, United Kingdom, Germany, France, Italy, Japan, and Canada.
The goal of the meeting was to align with the regulators’ approaches to privacy and to be able to better understand the domestic rules in each jurisdiction. Methods were discussed to move data and to create options for businesses to choose cross-border transfer tools that are suitable for their business needs. One can think of techniques to properly anonymize data, to strip information of details that identify and individual, and the trend toward the closer cooperation between antitrust and privacy regulars.
An important conclusion after the meeting was that countries need legislation that agrees that an individuals’ personal data is only accessed in case it is strictly necessary for national security purposes. However, that is easier said than done, especially after the Schrems II ruling and European lawmakers that criticized the United States’ intelligence practices. Also, the lack of federal privacy law that guarantees privacy rights is playing a big role in this discussion.
The wish of regulators of the G-7 countries is to smoothen international business for many companies. To enable this, it is imperative to create better understanding on how domestic rules currently affect some kinds of information, and how it can be used and sold. Mr. Wiewiórowski, the European Data Protection Supervisor, does not believe the G-7 countries are ready to create such a market for cross-border data flows.
All in all, the next solution to smoothen cross-border data flows should address these complex points addressed above to make sure that the next data transfer agreement will not be invalidated just like Safe Harbor and the Privacy Shield. There is a lot of work to be done. Until then, it is mandatory to fall back on the GDPR’s international data transfer mechanisms, including Standard Contractual Clauses (SCCs) and by performing Transfer Impact Assessments (TIAs).