International Data Privacy Laws: Consistently Inconsistent

International Data Privacy Laws

Many multinational enterprises are faced with a plethora of restrictions and regulations both in their home countries and in the countries where they conduct business. While some of these laws are similar, many are not, which forces them to constantly examine their handling of private information.

The end result is a varied list of regulations and restrictions that enterprises must adhere to in order to have successful business practices overseas. It’s inconsistency at its best.

Aren’t all international restrictions the same?

The short answer: No. Each regulation – although it may serve a similar purpose as another country’s restriction – serves a different purpose and/or protects a different target (be they people, companies or industries) in their country or origin.

The goal of the General Data Protection Regulation (GDPR), for example, is to strengthen and unify data protection within the European Union (EU). This means that citizens will have better control over their data. While laws like GDPR are based on an agreed consensus of the individual states, the regulations of individual countries are more based on their responses to the political and technical landscape we see today.

There is an interest in protecting both the personal information of citizens and increasingly a desire to protect sensitive business and political data. The rise of software-as-a-service (SaaS) by multi-national organizations that often need to make large international data transfers between locations is increasing concern over who has control over this information. The desire to ensure that those using cloud-based services are managing the data correctly and compliantly is paramount.

Is there an easy way for international companies to comply with all of the various laws?

Unfortunately, no. Each new set of laws brings its own unique challenges. For example, the scope of both the new Chinese Privacy law covers ‘any citizen’s PII’, which means that any foreign company located anywhere in the world with Chinese citizens as customers is bound by this new regulation. In fact, the Chinese law goes even further than GDPR, and covers any ‘natural persons,’ which is even more expansive than just citizens.

How is privacy changing multinational business?

International Data Privacy Laws

These laws are creating a stricter environment that limits the ways in which data may be collected and used. The new Chinese law seems to favor the security of political and business content, so perhaps the creation of this is just as much about state control as it is about protecting its citizens.

Users and customers now have to be asked if they agree to their information being collected and used in specific ways. Generally, companies are going to request this up front and the majority of the populous will just agree, similar to “Terms of Use Agreements” here in the US. So, while some controls are being put in place for users to opt out of specific things, generally most users are going to opt in up front. With agreements such as EU-US Privacy Shield allowing the transfer of PII data to the US from Europe, personal information is still flowing freely around the world as well.

How will the restrictions impact the business of doing business?

We’re already seeing a shift toward a regionally focused implementation of products and services for data storage and collaboration, as opposed to the centralized versions we have seen previously. Providers who can keep content and PII data physically within each region will find it significantly easier to assuage both user and regulatory fears around the privacy and security of their identity and content. The European data center construction market is seeing a marked increase in large US-based companies (such as Facebook and Microsoft) building out their own data centers. A recent Research and Markets report projects data center construction market growth from US$ 9,558 Million in 2016 to US$ 22,829.1 Million by 2025.

What’s the end cost?

Given the complexities of each individual country’s data privacy laws, it’s understandable many enterprises are concerned with what’s required by each country and how to achieve these standards. These regulations are also changing the face of multinational business, challenging enterprises to change the essential from “HOW should we do business in other countries?” to “WHAT is the cost of doing business in other countries?

There have been clear examples of regulatory pressures causing businesses to withdraw from specific regions. For example, the implementation of FATCA saw Swiss banks (like UBS and Credit Suisse) ask US clients to either re-arrange or close their accounts. The fall of Safe Harbor created a myriad of concerns over the processing and storage or European data in the US, resulting in many of the larger firms initiating programs to move content to Europe to overcome this challenge.

While some of these laws are onerous, businesses are always going to be driven by opportunity. If the value of operating within a specific market is greater than the cost of compliance, then enterprises will work to overcome the regulations or accept the risks. While protectionism is becoming more commonplace, most countries are determined to remain open for business under the guise of globalization.

By Daren Glenister

Patrick Melampy
Cloud On-Ramp and Protecting Performance The expansion of remote work and the massive growth in usage of cloud-based applications have stressed existing infrastructure and put a keen focus on the performance of everyone’s network environment ...
Cybersecurity Bootcamps To Help Build Your Career
Cybersecurity Bootcamps We've discussed the importance of training and the hiring of cybersecurity professionals many times on CloudTweaks over the past 10+ years. Now more than ever as the world enters into a dark era ...
Gary Bernstein
Simplify Your Website Management with VPS Hosting VPS stands for Virtual Private Server, which is a type of web hosting service that allows businesses or individuals to host their websites and applications on a virtual ...
Rob Reinauer
The last few years have brought significant changes, adoption and innovation to the cloud space. As 2023 begins, there’s an opportunity to consider what’s in store for the year ahead. From hybrid and remote work ...
Jen Klostermann
The Fintech Landscape The Nitty Gritty Although the COVID-19 pandemic has highlighted its existence, most of us have been using fintech in some form or another for quite some time. It’s a big part of ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Gary Bernstein
Common DevOps Misconceptions 86% of businesses say it’s important for their company to develop and produce new software fast to win market share and beat the competition, Harvard Business Review reveals. Yet, just 10% of businesses ...