The future of international data transfers: managing legal risk with a ‘user-held’ data model

The Computer Law and Security Review, Vol. 46 (2022)

26 Pages Posted: 17 Jan 2022 Last revised: 28 Jul 2022

See all articles by Paul Jurcys

Paul Jurcys

Prifina; Vilnius University - Faculty of Law

Marcelo Corrales Compagnucci

Centre for Advanced Studies in Biomedical Innovation Law (CeBIL), Faculty of Law, University of Copenhagen

Mark Fenwick

Kyushu University - Graduate School of Law

Date Written: January 17, 2022

Abstract

The General Data Protection Regulation (GDPR) contains a blanket prohibition on the transfer of personal data outside of the European Economic Area (EEA) unless strict requirements are met. The rationale for this provision is to protect personal data and data subject rights by restricting data transfers to countries that may not have the same level of protection as the EEA. However, the ubiquitous and permeable character of new technologies such as cloud computing, and the increased inter-connectivity between societies, has made international data transfers the norm and not the exception. The Schrems II case and subsequent regulatory developments have further raised the bar for companies to comply with complex and, often, opaque rules.

Many firms are, therefore, pursuing technology-based solutions in order to mitigate this new legal risk. These emerging technological alternatives reduce the need for open-ended cross-border transfers and the practical challenges and legal risk that such transfers create post-Schrems. This article examines one such alternative, namely a user-held data model. This approach takes advantage of ‘personal data clouds’ that allows data subjects to store their data locally and in a more decentralised manner, thus decreasing the need for cross-border transfers and offering end-users the possibility of greater control over their data.

Keywords: GDPR, cross-border data transfers, new Standard Contractual Clauses, personal data clouds, user-held data model, Schrems II

JEL Classification: K00, K1, K10, K2, K20, K29, K33

Suggested Citation

Jurcys, Paul and Corrales Compagnucci, Marcelo and Fenwick, Mark, The future of international data transfers: managing legal risk with a ‘user-held’ data model (January 17, 2022). The Computer Law and Security Review, Vol. 46 (2022), Available at SSRN: https://ssrn.com/abstract=4010356 or http://dx.doi.org/10.2139/ssrn.4010356

Paul Jurcys (Contact Author)

Prifina ( email )

1 Market Street
San Francisco, CA California 94105
United States

Vilnius University - Faculty of Law ( email )

Saulėtekio ave. 9, building I
Vilnius, LT-10222
Lithuania

Marcelo Corrales Compagnucci

Centre for Advanced Studies in Biomedical Innovation Law (CeBIL), Faculty of Law, University of Copenhagen ( email )

HOME PAGE: http://https://research.ku.dk/search/?pure=en%2Fpersons%2F662698

Mark Fenwick

Kyushu University - Graduate School of Law ( email )

744 Motooka, Nishi-ku,
Fukuoka, Fukuoka 819-0395
Japan

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
430
Abstract Views
6,655
Rank
131,459
PlumX Metrics