Cross-Border Data Flows, the GDPR, and Data Governance

29 Wash. Int'l L.J. 485 (2020)

48 Pages Posted: 23 Jun 2020 Last revised: 5 Aug 2020

See all articles by W. Gregory Voss

W. Gregory Voss

TBS Business School; Toulouse Business School; University of Toulouse - Toulouse Business School

Date Written: June 17, 2020

Abstract

Today, cross-border data flows are an important component of international trade and an element of digital service models. However, they are impeded by restrictions on cross-border personal data transfers and data localization legislation. This Article focuses primarily on these complexities and on the impact of the new European Union (“EU”) legislation on personal data protection — the GDPR. First, this Article introduces its discussion of these flows by placing them in their economic and geopolitical setting, including a discussion of the results of a lack of international harmonization of law in the area. In this framework, rule overlap and rival standards are relevant. Once this situation is established, this Article turns to an analysis of the legal measures that have filled the gap left by the lack of international regulation and the failure to harmonize law: extraterritorial laws in the European Union (regional legislation) and the United States (state legislation); and data localization laws in China and Russia. Specific provisions restricting cross-border personal data transfers are detailed under EU legislation, as are the international agreements that have been invaluable in allowing flows between the United States and the European Union to continue — first the Safe Harbor, and now the Privacy Shield. Finally, in this context, the role of data governance is investigated, both in the context of data controllers’ accountability for the actions of other actors in global supply chains under EU law and under the Privacy Shield. Thus, this Article goes beyond the law itself, to place requirements in the context of the globalized business world of data flows, and to suggest ways that companies may improve their compliance position worldwide.

Keywords: Cross-Border Data Flows, GDPR, Data Governance, Data Transfers, Data Localization, Privacy Shield, Safe Harbor, Compliance, Personal Data, CCPA

JEL Classification: K2, K33, K39, K22, M15, F53

Suggested Citation

Voss, W. Gregory, Cross-Border Data Flows, the GDPR, and Data Governance (June 17, 2020). 29 Wash. Int'l L.J. 485 (2020), Available at SSRN: https://ssrn.com/abstract=3629348

W. Gregory Voss (Contact Author)

TBS Business School ( email )

1 Place Alphonse Jourdain
CS 66810
Toulouse Cedex 7, Occitanie 31068
France

Toulouse Business School ( email )

20, bd Lascrosses
Toulouse, 31068
France

University of Toulouse - Toulouse Business School ( email )

20, bd Lascrosses
BP 7010
Toulouse, 31068
France

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
480
Abstract Views
1,749
Rank
109,242
PlumX Metrics