Daren Glenister

International Data Privacy Laws: Consistently Inconsistent

International Data Privacy Laws

Many multinational enterprises are faced with a plethora of restrictions and regulations both in their home countries and in the countries where they conduct business. While some of these laws are similar, many are not, which forces them to constantly examine their handling of private information.

The end result is a varied list of regulations and restrictions that enterprises must adhere to in order to have successful business practices overseas. It’s inconsistency at its best.

Aren’t all international restrictions the same?

The short answer: No. Each regulation – although it may serve a similar purpose as another country’s restriction – serves a different purpose and/or protects a different target (be they people, companies or industries) in their country or origin.

The goal of the General Data Protection Regulation (GDPR), for example, is to strengthen and unify data protection within the European Union (EU). This means that citizens will have better control over their data. While laws like GDPR are based on an agreed consensus of the individual states, the regulations of individual countries are more based on their responses to the political and technical landscape we see today.

There is an interest in protecting both the personal information of citizens and increasingly a desire to protect sensitive business and political data. The rise of software-as-a-service (SaaS) by multi-national organizations that often need to make large international data transfers between locations is increasing concern over who has control over this information. The desire to ensure that those using cloud-based services are managing the data correctly and compliantly is paramount.

Is there an easy way for international companies to comply with all of the various laws?

Unfortunately, no. Each new set of laws brings its own unique challenges. For example, the scope of both the new Chinese Privacy law covers ‘any citizen’s PII’, which means that any foreign company located anywhere in the world with Chinese citizens as customers is bound by this new regulation. In fact, the Chinese law goes even further than GDPR, and covers any ‘natural persons,’ which is even more expansive than just citizens.

How is privacy changing multinational business?

These laws are creating a stricter environment that limits the ways in which data may be collected and used. The new Chinese law seems to favor the security of political and business content, so perhaps the creation of this is just as much about state control as it is about protecting its citizens.

Users and customers now have to be asked if they agree to their information being collected and used in specific ways. Generally, companies are going to request this up front and the majority of the populous will just agree, similar to “Terms of Use Agreements” here in the US. So, while some controls are being put in place for users to opt out of specific things, generally most users are going to opt in up front. With agreements such as EU-US Privacy Shield allowing the transfer of PII data to the US from Europe, personal information is still flowing freely around the world as well.

How will the restrictions impact the business of doing business?

We’re already seeing a shift toward a regionally focused implementation of products and services for data storage and collaboration, as opposed to the centralized versions we have seen previously. Providers who can keep content and PII data physically within each region will find it significantly easier to assuage both user and regulatory fears around the privacy and security of their identity and content. The European data center construction market is seeing a marked increase in large US-based companies (such as Facebook and Microsoft) building out their own data centers. A recent Research and Markets report projects data center construction market growth from US$ 9,558 Million in 2016 to US$ 22,829.1 Million by 2025.

What’s the end cost?

Given the complexities of each individual country’s data privacy laws, it’s understandable many enterprises are concerned with what’s required by each country and how to achieve these standards. These regulations are also changing the face of multinational business, challenging enterprises to change the essential from “HOW should we do business in other countries?” to “WHAT is the cost of doing business in other countries?

There have been clear examples of regulatory pressures causing businesses to withdraw from specific regions. For example, the implementation of FATCA saw Swiss banks (like UBS and Credit Suisse) ask US clients to either re-arrange or close their accounts. The fall of Safe Harbor created a myriad of concerns over the processing and storage or European data in the US, resulting in many of the larger firms initiating programs to move content to Europe to overcome this challenge.

While some of these laws are onerous, businesses are always going to be driven by opportunity. If the value of operating within a specific market is greater than the cost of compliance, then enterprises will work to overcome the regulations or accept the risks. While protectionism is becoming more commonplace, most countries are determined to remain open for business under the guise of globalization.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

View Website
Comic - Private Cloud
The Lighter Side Of The Cloud - Cloud Therapy
The Lighter Side Of The Cloud - Xoogler
The Lighter Side Of The Cloud - Disaster Prevention
The Lighter Side Of The Cloud - Machine Learning
The Lighter Side Of The Cloud - Inferiority Complex
A Smart Data Approach to Assurance in a Hybrid Cloud Environment

A Smart Data Approach to Assurance in a Hybrid Cloud Environment

Smart Data Microsoft and Amazon both reported significant growth in their cloud businesses recently. Revenue for Microsoft’s Azure increased by ...
Open APIs Alone Won’t Change Banking

Open APIs Alone Won’t Change Banking

Open Banking API's Most people think of banks as one monolithic entity, but they are actually made up of hundreds ...
Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security Don’t count on cloud providers to provide all your UCaaS security It’s official: Unified Communications-as-a-Service (UCaaS) has ...
Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare ...
MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape Mapping the customer journey is one of the biggest strategic shifts currently underway in the marketing industry ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
The Shift from Monolithic to Microservices: What It Means for CTOs.

The Shift from Monolithic to Microservices: What It Means for CTOs.

The Shift to Microservices The shift in application development strategies is moving from monolithic design to isolated and resilient components ...

CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more... Stand out as an expert in your field.

The program is currently available to consultants, influencers or executive level contributors.