Here’s how cross-border data transfers can be smoothened
Subscribe to enjoy similar stories. When Justice B.N. Srikrishna first introduced the concept of data localization into the draft data protection law he proposed in 2018, I was not in favour of it.
India is the outsourcing capital of the world and restrictions like these that would hamper the free flow of data across borders were bound to have a detrimental effect on the sector. But the more I thought about it, it began to dawn on me that the approach he was proposing was not very different from how the global leader in data protection regulation approaches data transfers. Under the European General Data Protection Regulation (GDPR), personal data can be transferred to only those countries that the European Commission believes offer an “adequate" level of protection.
This, if you think about it, is just another (albeit less in-your-face) way of saying that barring a few countries, all personal data must be localized in the EU. Europe’s approach has always been to set a high standard and insist that other countries level up if they want to continue to trade with Europe. Those that do not must go through a set of increasingly inconvenient hoops—special measures such as safe harbours, standard contractual clauses and binding corporate rules—if their companies want to continue to trade with Europe.
But not all countries believe they have to follow Europe’s lead. The EU includes some of the world’s most advanced nations. As a result, it approaches regulation from a place of privilege.
While this might suit Europe, other countries have different trade-offs to address. Some need to prioritize development, while others may want to promote innovation. So the regulatory frameworks that these countries develop are oriented towards
. Read more on livemint.com
