image

A big year for privacy just got bigger. On July 16, Europe’s top court ruled on the legality of two mechanisms for cross-border transfers of personal data.

The Court of Justice of the European Union (CJEU) struck down the “EU-US Privacy Shield”, an intergovernmental agreement on which thousands of US companies based their data processing with EU trading partners and consumers. At the same time, the CJEU generally upheld so-called “standard contractual clauses” (SCC) for data exports but imposed new requirements on their use.

The decision has an immediate impact on data flows between the USA and the EU. But it will also create new challenges for Australian companies that engage with Europe.

Read more: Tough new EU privacy regulations could lead to better protections in Australia

The global reach of European privacy laws

In 2018, the EU brought into force the General Data Protection Regulation (GDPR), one of the world’s strongest privacy protection frameworks. This latest decision provides further evidence that the GDPR has impact far beyond the EU. It allows data about European citizens to be exported outside the bloc only if an adequate level of data protection is guaranteed.

Adequacy can be demonstrated at country level, and some major trading partners of the EU (such as Japan, Canada and New Zealand) have been certified by the EU as having a comparable level of privacy protection. Until a fortnight ago, US companies could likewise rely on an adequacy decision for the EU-US Privacy Shield. The Privacy Shield allowed companies to self-certify their data practices against a set of minimum criteria and enhanced US regulatory oversight. The Court has now held that this is not enough.

What does this mean for Australia?

Australian companies and consumers need to be mindful of the new CJEU decision. Data exports are very common, particularly where companies operate multi-nationally, outsource some of their data processing or store data on overseas cloud servers.

Australia was not a party to the EU-US Privacy Shield. It also does not have EU adequacy status. This is because our Privacy Act does not apply to small businesses, employee data, and political parties, amongst others. An EU entity that seeks to export personal data to Australia therefore needs to use other safeguards to ensure that EU personal data remains protected.

This is commonly done in the form of standard contractual clauses, by which the sender and recipient of data agree that their data processing meets GDPR standards. The CJEU has now clarified that companies and regulators must verify in each case that the clauses stand up in light of the recipient country’s data laws.

Governmental surveillance programs and access to effective legal remedies are a particular concern. Privacy professionals around the world now have to work out what this new requirement means.

Read more: Here's what a privacy policy that's easy to understand could look like

Deepening global divisions and the trend to data localisation

To comply with the ruling, companies need to engage in a more detailed risk analysis than before. In some cases, data may no longer be transferred. This is likely to contribute to an international trend to house critical data locally. A recent example of this trend is the COVIDSafe app: the data it collects must remain in Australia.

The CJEU decision comes at a time of intense public debate of privacy in Australia and many other countries. The COVID-19 pandemic has turbo-charged the digitalisation of many aspects of daily life. Every digital transaction leaves traces in the form of personal information, which could be a target for data mining and surveillance by corporate and state actors.

It would be sensible to adopt internationally harmonised data protection standards to regulate global data streams. But the world appears currently headed in the opposite direction.

Despite both the EU and US sides emphasising the need for cooperation after the CJEU ruling, the major trading powers and blocs are increasingly pitted against each other.

Apart from the long-standing EU-US division over privacy, China, India and Russia have also begun to assert their own distinct data processing models. These powers generally give their citizens fewer privacy rights than the EU. They also make increasing use of data localisation requirements, which prohibit or impede data export, to enforce their own data protection protocols. The intensifying conflict between the US and China, most recently erupting over the new security laws for Hong Kong, also marks data governance and cybersecurity as significant battlegrounds.

Australia’s new challenges in data protection

Australia’s data regulation tends to be pragmatic and business-friendly. It steers a middle course between the conflicting privacy approaches of the US and the EU. However, in a world retreating from globalised regulation, it is becoming increasingly difficult not to take sides.

Privacy is looming larger than ever in public consciousness, and Australia’s Privacy Act is due for an overhaul. More than ever, Australia needs to determine its own course in safeguarding personal information against potential overreach by corporations and governments.

Authors: The Conversation

Read more https://theconversation.com/data-privacy-stricter-european-rules-will-have-repercussions-in-australia-as-global-divisions-grow-142980

Loose Leaf Tea Vs. Tea Bags: Everything You Need To Know

After water, tea is the second most consumed beverage on the planet. Legend has it that the very first cup was enjoyed by a Chinese emperor in 2737BC. He was...

How to Create a Video Marketing Strategy

Video marketing is the next best thing when it comes to advertising, campaigns, building trust and raising brand awareness. If you do not have a video on your site now, it is likely that you are...

NewsCo - avatar NewsCo

The Way Education Mobile Apps Can Benefit Students Life

The most common apps are used for socialization and entertainment. However, this is changing with the development of numerous education apps for students at various levels. According to experts at D...

Naomi Whittaker - avatar Naomi Whittaker

What matters is the home: review finds most retirees well off, some very badly off

zstock/ShutterstockThe government’s Retirement Incomes Review paints an encouraging picture of the finances of retired Australians. Most are at least as well off in retirement as they were while...

The Conversation - avatar The Conversation

How to Drink Safely and Responsibly at Christmas

Christmas is a time when many of us take a break from our jobs, meet up with family and friends to share their company, and have fun. It is also a time when many of us like to enjoy drinking alcoh...

News Co - avatar News Co

Why Trump's election fraud claims aren't showing up in his lawsuits challenging the results

Trump lawyer Rudy Giuliani alleges election fraud during a news conference at the Republican National Committee headquarters, Nov. 19, 2020, in Washington. Jacquelyn Martin/AP PhotoThere seems to be ...

Steven Mulroy, Law Professor in Constitutional Law, Criminal Law, Election Law, University of Memphis - avatar Steven Mulroy, Law Professor in Constitutional Law, Criminal Law, Election Law, University of Memphis

Writers Wanted

.