In the past year, we have seen an increase in the number of countries developing/updating legal frameworks (such as model agreements) that permit the transfer of personal data abroad. Transfer mechanisms, such as the model agreements, are necessary because different countries’ data protection laws may offer different levels of protection to individuals’ personal data. Transfer mechanisms function as an “equalizer” by requiring a base level of protection that all entities must have in place when transferring personal data abroad. Accordingly, transfer mechanisms ensure that protections are in place to safeguard data that leaves a country with strong data protection laws to be transferred to a country that has no such laws. Last June, the European Commission updated its Standard Contractual Clauses (“EU SCCs”) permitting the transfer of data outside the European Economic Area (“EEA”) after a decade. Earlier this year the United Kingdom implemented the UK’s version of transfer clauses with the International Data Transfer Agreement (“UK IDTA”). Like Europe and the United Kingdom, China also has some transfer mechanisms in the works.
Continue Reading Data Transfers and Beyond: China Moves Closer to Finalizing Draft Provisions Permitting the Transfer of Personal Data Abroad