International Data Privacy Laws: Consistently Inconsistent

International Data Privacy Laws

Many multinational enterprises are faced with a plethora of restrictions and regulations both in their home countries and in the countries where they conduct business. While some of these laws are similar, many are not, which forces them to constantly examine their handling of private information.

The end result is a varied list of regulations and restrictions that enterprises must adhere to in order to have successful business practices overseas. It’s inconsistency at its best.

Aren’t all international restrictions the same?

The short answer: No. Each regulation – although it may serve a similar purpose as another country’s restriction – serves a different purpose and/or protects a different target (be they people, companies or industries) in their country or origin.

The goal of the General Data Protection Regulation (GDPR), for example, is to strengthen and unify data protection within the European Union (EU). This means that citizens will have better control over their data. While laws like GDPR are based on an agreed consensus of the individual states, the regulations of individual countries are more based on their responses to the political and technical landscape we see today.

There is an interest in protecting both the personal information of citizens and increasingly a desire to protect sensitive business and political data. The rise of software-as-a-service (SaaS) by multi-national organizations that often need to make large international data transfers between locations is increasing concern over who has control over this information. The desire to ensure that those using cloud-based services are managing the data correctly and compliantly is paramount.

Is there an easy way for international companies to comply with all of the various laws?

Unfortunately, no. Each new set of laws brings its own unique challenges. For example, the scope of both the new Chinese Privacy law covers ‘any citizen’s PII’, which means that any foreign company located anywhere in the world with Chinese citizens as customers is bound by this new regulation. In fact, the Chinese law goes even further than GDPR, and covers any ‘natural persons,’ which is even more expansive than just citizens.

How is privacy changing multinational business?

International Data Privacy Laws

These laws are creating a stricter environment that limits the ways in which data may be collected and used. The new Chinese law seems to favor the security of political and business content, so perhaps the creation of this is just as much about state control as it is about protecting its citizens.

Users and customers now have to be asked if they agree to their information being collected and used in specific ways. Generally, companies are going to request this up front and the majority of the populous will just agree, similar to “Terms of Use Agreements” here in the US. So, while some controls are being put in place for users to opt out of specific things, generally most users are going to opt in up front. With agreements such as EU-US Privacy Shield allowing the transfer of PII data to the US from Europe, personal information is still flowing freely around the world as well.

How will the restrictions impact the business of doing business?

We’re already seeing a shift toward a regionally focused implementation of products and services for data storage and collaboration, as opposed to the centralized versions we have seen previously. Providers who can keep content and PII data physically within each region will find it significantly easier to assuage both user and regulatory fears around the privacy and security of their identity and content. The European data center construction market is seeing a marked increase in large US-based companies (such as Facebook and Microsoft) building out their own data centers. A recent Research and Markets report projects data center construction market growth from US$ 9,558 Million in 2016 to US$ 22,829.1 Million by 2025.

What’s the end cost?

Given the complexities of each individual country’s data privacy laws, it’s understandable many enterprises are concerned with what’s required by each country and how to achieve these standards. These regulations are also changing the face of multinational business, challenging enterprises to change the essential from “HOW should we do business in other countries?” to “WHAT is the cost of doing business in other countries?

There have been clear examples of regulatory pressures causing businesses to withdraw from specific regions. For example, the implementation of FATCA saw Swiss banks (like UBS and Credit Suisse) ask US clients to either re-arrange or close their accounts. The fall of Safe Harbor created a myriad of concerns over the processing and storage or European data in the US, resulting in many of the larger firms initiating programs to move content to Europe to overcome this challenge.

While some of these laws are onerous, businesses are always going to be driven by opportunity. If the value of operating within a specific market is greater than the cost of compliance, then enterprises will work to overcome the regulations or accept the risks. While protectionism is becoming more commonplace, most countries are determined to remain open for business under the guise of globalization.

By Daren Glenister

Stacey Farrar
Document Migrations Require More Diligence Data creation has risen dramatically in recent years and shows no signs of slowing. According to analyst firm IDC, widespread remote work led to a spike of new data in ...
Louis
Real-time Enterprise Software Data Enterprise software startups are capitalizing on real-time data to continually improve revenue, costs, cash flow, marketing, and sales as their business grows. The majority of software startup CEOs spoken with have ...
Episode 16: Bigger is not always better: the benefits of working with smaller cloud providers
The benefits of working with smaller cloud providers A conversation with Ryan Pollock, VP Product Marketing and Developer Relationships for Vultr.com - Everyone knows who the big players are in the cloud business. But sometimes, ...
Using Data Scraping to Learn What You Need to Know
Data Scraping Opportunities How can you know what you don’t know? It sounds like a rhetorical question, but it is in fact a vital component of business strategy. As much as any company or organization ...
Louis
Manufacturers’ Top Demands For Quality Software Competing on product quality has never been more urgent as rising raw material and component costs continue to squeeze manufacturers’ margins. At the same time, unpredictable supply chains make ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.