Cross-Border Data Transfer Mechanisms

Legislatures in many countries currently are drafting or amending data protection laws. Often, these drafts and amendments attempt to regulate cross-border data transfers by imposing restrictions on transfers of personal data to other countries that do not have similar data privacy laws. Sometimes they also include so-called data localization provisions that require data or copies of data to remain in the country of origin. Yet, global data flows are the product of the increasing globalization and digitalization of business processes and society and are foundational to the modern economy. The ability to use, share and access information across borders stimulates innovation, enables data-driven products and services and fuels economic growth and ideas, and is often the lifeline for remote communities. Any limitation on cross-border data flows, therefore, presents serious challenges to these key attributes and benefits of the global movement of data.

This paper does not attempt to prove this particular point, however, as it has been discussed extensively elsewhere. Instead, the paper enumerates important cross-border transfer mechanisms that should be included in any law that regulates or limits data transfers to other countries.

* This paper is an updated version of the August 2015 Cross-Border Data Transfer Mechanisms paper, which was submitted in response to the Indonesian Ministry of Communications and Information Technologies’ request for public comments concerning its Draft Regulation on the Protection of Personal Data in Electronic Systems. 

Download the Paper

Download Now