Daily Bulletin


News

  • Written by Normann Witzleb, Associate Professor in Law, Monash University
Data privacy: stricter European rules will have repercussions in Australia as global divisions grow

A big year for privacy just got bigger. On July 16, Europe’s top court ruled on the legality of two mechanisms for cross-border transfers of personal data.

The Court of Justice of the European Union (CJEU) struck down the “EU-US Privacy Shield”, an intergovernmental agreement on which thousands of US companies based their data processing with EU trading partners and consumers. At the same time, the CJEU generally upheld so-called “standard contractual clauses” (SCC) for data exports but imposed new requirements on their use.

The decision has an immediate impact on data flows between the USA and the EU. But it will also create new challenges for Australian companies that engage with Europe.

Read more: Tough new EU privacy regulations could lead to better protections in Australia

The global reach of European privacy laws

In 2018, the EU brought into force the General Data Protection Regulation (GDPR), one of the world’s strongest privacy protection frameworks. This latest decision provides further evidence that the GDPR has impact far beyond the EU. It allows data about European citizens to be exported outside the bloc only if an adequate level of data protection is guaranteed.

Adequacy can be demonstrated at country level, and some major trading partners of the EU (such as Japan, Canada and New Zealand) have been certified by the EU as having a comparable level of privacy protection. Until a fortnight ago, US companies could likewise rely on an adequacy decision for the EU-US Privacy Shield. The Privacy Shield allowed companies to self-certify their data practices against a set of minimum criteria and enhanced US regulatory oversight. The Court has now held that this is not enough.

What does this mean for Australia?

Australian companies and consumers need to be mindful of the new CJEU decision. Data exports are very common, particularly where companies operate multi-nationally, outsource some of their data processing or store data on overseas cloud servers.

Australia was not a party to the EU-US Privacy Shield. It also does not have EU adequacy status. This is because our Privacy Act does not apply to small businesses, employee data, and political parties, amongst others. An EU entity that seeks to export personal data to Australia therefore needs to use other safeguards to ensure that EU personal data remains protected.

This is commonly done in the form of standard contractual clauses, by which the sender and recipient of data agree that their data processing meets GDPR standards. The CJEU has now clarified that companies and regulators must verify in each case that the clauses stand up in light of the recipient country’s data laws.

Governmental surveillance programs and access to effective legal remedies are a particular concern. Privacy professionals around the world now have to work out what this new requirement means.

Read more: Here's what a privacy policy that's easy to understand could look like

Deepening global divisions and the trend to data localisation

To comply with the ruling, companies need to engage in a more detailed risk analysis than before. In some cases, data may no longer be transferred. This is likely to contribute to an international trend to house critical data locally. A recent example of this trend is the COVIDSafe app: the data it collects must remain in Australia.

The CJEU decision comes at a time of intense public debate of privacy in Australia and many other countries. The COVID-19 pandemic has turbo-charged the digitalisation of many aspects of daily life. Every digital transaction leaves traces in the form of personal information, which could be a target for data mining and surveillance by corporate and state actors.

It would be sensible to adopt internationally harmonised data protection standards to regulate global data streams. But the world appears currently headed in the opposite direction.

Despite both the EU and US sides emphasising the need for cooperation after the CJEU ruling, the major trading powers and blocs are increasingly pitted against each other.

Apart from the long-standing EU-US division over privacy, China, India and Russia have also begun to assert their own distinct data processing models. These powers generally give their citizens fewer privacy rights than the EU. They also make increasing use of data localisation requirements, which prohibit or impede data export, to enforce their own data protection protocols. The intensifying conflict between the US and China, most recently erupting over the new security laws for Hong Kong, also marks data governance and cybersecurity as significant battlegrounds.

Australia’s new challenges in data protection

Australia’s data regulation tends to be pragmatic and business-friendly. It steers a middle course between the conflicting privacy approaches of the US and the EU. However, in a world retreating from globalised regulation, it is becoming increasingly difficult not to take sides.

Privacy is looming larger than ever in public consciousness, and Australia’s Privacy Act is due for an overhaul. More than ever, Australia needs to determine its own course in safeguarding personal information against potential overreach by corporations and governments.

Authors: Normann Witzleb, Associate Professor in Law, Monash University

Read more https://theconversation.com/data-privacy-stricter-european-rules-will-have-repercussions-in-australia-as-global-divisions-grow-142980

Writers Wanted

How To Find The Right Emergency Plumber Lismore

arrow_forward

Delivery rider deaths highlight need to make streets safer for everyone

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Business News

Nisbets’ Collab with The Lobby is Showing the Sexy Side of Hospitality Supply

Hospitality supply services might not immediately make you think ‘sexy’. But when a barkeep in a moodily lit bar holds up the perfectly formed juniper gin balloon or catches the light in the edg...

The Atticism - avatar The Atticism

Buy Instagram Followers And Likes Now

Do you like to buy followers on Instagram? Just give a simple Google search on the internet, and there will be an abounding of seeking outcomes full of businesses offering such services. But, th...

News Co - avatar News Co

Cybersecurity data means nothing to business leaders without context

Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some...

Scott McKinnel, ANZ Country Manager, Tenable - avatar Scott McKinnel, ANZ Country Manager, Tenable



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion