Global Perspective and Cross-Border Data Transfer Mechanisms
More than 160 nations have significant privacy laws; the GDPR draws the most attention, with fines based on worldwide revenue. Cross-border trust mechanisms include domestic/unilateral (adequacy, SCCs), multilateral arrangements, trade agreements, and standards/PETs - amid a rising data localization trend.
More than 160 nations have enacted significant privacy laws. The most attention focuses on companies' duty to comply with the GDPR, whose fines are based on worldwide revenues. Many countries adopted GDPR-similar laws partly to gain preferential trading status (free data flow with Europe), but the regimes are not identical - companies must comply with each country's specifics. Notable recent enactors include China, India, Brazil, Japan, and South Korea.
| Mechanism | Description |
|---|---|
| Domestic / unilateral | Pre-authorization safeguards - government adequacy determinations and/or standard contractual clauses (SCCs); used by over half of countries with such safeguards |
| Multilateral arrangements | OECD Privacy Guidelines; APEC Cross-Border Privacy Rules; Council of Europe Convention 108 and 108+ |
| Trade agreements | Increasingly include data-flow provisions; binding ones still allow restrictions for legitimate public policy objectives |
| Standards and technology-driven | ISO standards and privacy-enhancing technologies (PETs) |