Daren

International Data Privacy Laws: Consistently Inconsistent

International Data Privacy Laws

Many multinational enterprises are faced with a plethora of restrictions and regulations both in their home countries and in the countries where they conduct business. While some of these laws are similar, many are not, which forces them to constantly examine their handling of private information.

The end result is a varied list of regulations and restrictions that enterprises must adhere to in order to have successful business practices overseas. It’s inconsistency at its best.

Aren’t all international restrictions the same?

The short answer: No. Each regulation – although it may serve a similar purpose as another country’s restriction – serves a different purpose and/or protects a different target (be they people, companies or industries) in their country or origin.

The goal of the General Data Protection Regulation (GDPR), for example, is to strengthen and unify data protection within the European Union (EU). This means that citizens will have better control over their data. While laws like GDPR are based on an agreed consensus of the individual states, the regulations of individual countries are more based on their responses to the political and technical landscape we see today.

There is an interest in protecting both the personal information of citizens and increasingly a desire to protect sensitive business and political data. The rise of software-as-a-service (SaaS) by multi-national organizations that often need to make large international data transfers between locations is increasing concern over who has control over this information. The desire to ensure that those using cloud-based services are managing the data correctly and compliantly is paramount.

Is there an easy way for international companies to comply with all of the various laws?

Unfortunately, no. Each new set of laws brings its own unique challenges. For example, the scope of both the new Chinese Privacy law covers ‘any citizen’s PII’, which means that any foreign company located anywhere in the world with Chinese citizens as customers is bound by this new regulation. In fact, the Chinese law goes even further than GDPR, and covers any ‘natural persons,’ which is even more expansive than just citizens.

How is privacy changing multinational business?

International Data Privacy Laws

These laws are creating a stricter environment that limits the ways in which data may be collected and used. The new Chinese law seems to favor the security of political and business content, so perhaps the creation of this is just as much about state control as it is about protecting its citizens.

Users and customers now have to be asked if they agree to their information being collected and used in specific ways. Generally, companies are going to request this up front and the majority of the populous will just agree, similar to “Terms of Use Agreements” here in the US. So, while some controls are being put in place for users to opt out of specific things, generally most users are going to opt in up front. With agreements such as EU-US Privacy Shield allowing the transfer of PII data to the US from Europe, personal information is still flowing freely around the world as well.

How will the restrictions impact the business of doing business?

We’re already seeing a shift toward a regionally focused implementation of products and services for data storage and collaboration, as opposed to the centralized versions we have seen previously. Providers who can keep content and PII data physically within each region will find it significantly easier to assuage both user and regulatory fears around the privacy and security of their identity and content. The European data center construction market is seeing a marked increase in large US-based companies (such as Facebook and Microsoft) building out their own data centers. A recent Research and Markets report projects data center construction market growth from US$ 9,558 Million in 2016 to US$ 22,829.1 Million by 2025.

What’s the end cost?

Given the complexities of each individual country’s data privacy laws, it’s understandable many enterprises are concerned with what’s required by each country and how to achieve these standards. These regulations are also changing the face of multinational business, challenging enterprises to change the essential from “HOW should we do business in other countries?” to “WHAT is the cost of doing business in other countries?

There have been clear examples of regulatory pressures causing businesses to withdraw from specific regions. For example, the implementation of FATCA saw Swiss banks (like UBS and Credit Suisse) ask US clients to either re-arrange or close their accounts. The fall of Safe Harbor created a myriad of concerns over the processing and storage or European data in the US, resulting in many of the larger firms initiating programs to move content to Europe to overcome this challenge.

While some of these laws are onerous, businesses are always going to be driven by opportunity. If the value of operating within a specific market is greater than the cost of compliance, then enterprises will work to overcome the regulations or accept the risks. While protectionism is becoming more commonplace, most countries are determined to remain open for business under the guise of globalization.

By Daren Glenister

THOUGHT LEADERS

Armen Najarian

Martech: Brand Marketing is the New Demand Generation

Martech: Brand Marketing First, An Apology Sorry, demand generation professionals. We still love you and your jobs aren’t going away. But, as you are well aware, the ...
Kayla Matthews

How to Tell If You’re Using Unethical Data

Unethical Data When people think of unethical data, instances of knowingly tweaking information to make it show misleading conclusions often come to mind. Indeed, that's ...
Nikolas Kairinos

The growing role of AI in Sales and Marketing

AI in Sales and Marketing  Artificial intelligence (AI) as a Sales and Marketing (SaM) tool to help businesses deliver a better customer experience and secure ...
Iot Providers

Choosing A Provider for VMware Workloads? Ask These Questions First

VMware Workloads Provider Most of the cloud fanfare we see in today’s media is focused on application development, specifically, the services that cloud providers offer ...
Mobile Apps Business

It May Not Be Sexy, But Strict Compliance Delivers The Freedom To Innovate

Compliance and Business Innovation When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one ...
Back G Cloud

Five Reasons Why There’s A Digital Stampede To The Cloud

The Digital Stampede As the transfer of digital assets to the cloud gathers momentum, we examine the fundamental reasons why it’s happening Many organizations have ...

Cloud Community Supporters

Isc2 Logo
Aws
Hp
Ca
Cisco Logo

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.