A big year for Data Protection
A big birthday requires an appropriate gift. And the 10th anniversary of the Data Protection Day on January 28th will get just that: a very busy data protection year.
Governments and industry will start preparing for the new data protection legislation, which was agreed upon at the end of last year. The General Data Protection Regulation (GDPR) was a big milestone. It updates the current legislation from 1995 and will bring into force some sweeping changes.
These will range from a data breach notification regime, a Privacy by Design principle, Data Protection Officer requirements, strong enforcement fines, and many others. At CA Technologies, we have already started the implementation process with internal teams and functions. At the same time, we are helping our customers and partners to understand the GDPR’s impact and to find the right technological solutions.
However, some of the GDPR’s provisions might become outdated before they are implemented, especially those focused on international data transfers. With the current discussion around the uncertain future of the Safe Harbor agreement, we might see some challenging times.
Around this time, the “Safe Harbor” deadline, as imposed by the European Data Protection Authorities (DPAs) will expire. If no agreement between the European Commission and the United States can be found, the DPAs will need to start specific enforcement actions around international transfers. The lack of a new Safe Harbor agreement will send the wrong signal about the importance of global data flows.
At the same time, we can expect a potential statement from the DPAs soon around the other instruments used for transfers: for example Binding Corporate Rules (BCRs) and Standard Contractual Clauses (SCCs).
If the DPAs prohibit the use of these other instruments, data transfers between the EU and US will become even more challenging. International data transfers are the lifeblood of today’s Application Economy. Finding stable solutions that protect users’ data while allowing data to flow are crucial.
We therefore urge all stakeholders to move swiftly to find an agreement and to reinstate legal certainty into the market, including clear guidance around the other existing data transfer mechanisms.
Delivering on such an agreement, underscoring the shared values between the EU and US on data protection, would be the best gift to honour the 10th anniversary.
On behalf of CA Technologies, we wish you a Happy Data Protection Day!