Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Regulation of Transborder Data Flows under ... - Tilburg University
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Kuner/<strong>Regulation</strong> <strong>of</strong> <strong>Transborder</strong> <strong>Data</strong> <strong>Flows</strong> <strong>under</strong> <strong>Data</strong> Protection and Privacy Law 33<br />
channels; 110 an example is provided by the APEC Cooperation Arrangement for Cross-<br />
Border Privacy Enforcement. 111 There is also ever-increasing use <strong>of</strong> internal dispute<br />
resolution mechanisms in both the private and public sectors, 112 which may enhance the<br />
ability <strong>of</strong> individuals to assert their rights in other countries.<br />
--Enhancing the confidence <strong>of</strong> consumers and individuals. <strong>Regulation</strong> <strong>of</strong> transborder<br />
data flows may help increase the confidence <strong>of</strong> individuals in the processing <strong>of</strong> their<br />
personal data. <strong>Data</strong> protection authorities have received complaints from individuals and<br />
non-governmental organisations (NGO) regarding data transfers abroad, 113 though the<br />
number does not seem to be large. 114 The increasing complexity <strong>of</strong> data processing on the<br />
Internet caused by phenomena such as cloud computing and outsourcing can make it<br />
difficult for individuals to obtain information as to where their personal data are being<br />
processed and stored, which may lead to a loss <strong>of</strong> confidence. On the other hand, some<br />
studies demonstrate a lack <strong>of</strong> interest by individuals in the regulation <strong>of</strong> transborder data<br />
flows. 115 Parties that export personal data across national borders may also not<br />
comprehend the ubiquity <strong>of</strong> transborder data flows: for example, in a study by the<br />
European Commission published in 2008, only a small percentage (10%) <strong>of</strong> data<br />
controllers stated that their companies transferred personal data outside the European<br />
Union, 116 a figure that must be too low given the widespread use by companies <strong>of</strong> e-mail<br />
and the Internet.<br />
110 See, e.g., OECD, ‘Report on the Cross-Border Enforcement <strong>of</strong> Privacy Laws’ (2006),<br />
, at 23-24.<br />
111 See ‘APEC launches new Cross-border <strong>Data</strong> Privacy Initiative’,<br />
.<br />
112 See OECD, ‘Report on Compliance with, and Enforcement <strong>of</strong>, Privacy Protection Online’ (12 February<br />
2003), , at 14.<br />
113 See, e.g., OECD, ‘Report on the Cross-Border Enforcement <strong>of</strong> Privacy Laws’ (2006),<br />
, at 8-9; Office <strong>of</strong> the Privacy Commissioner <strong>of</strong><br />
Canada, ‘Revisiting the Privacy Landscape a Year Later’ (March 2006),<br />
, in which 94% <strong>of</strong> respondents express<br />
either moderate or high concern about Canadian companies transferring personal information on customers<br />
to other countries; ‘PI extends SWIFT complaints to <strong>of</strong>ficials in six more countries’, 12 July 2007,<br />
, regarding complaints<br />
submitted by the NGO Privacy International to government regulators concerning access to financial data<br />
by the US government.<br />
114 See, e.g., OECD, ‘Report on the Cross-Border Enforcement <strong>of</strong> Privacy Laws’ (n 110), at 9, stating that<br />
‘privacy and data protection authorities do not report receiving cross-border complaints in significant<br />
number. It is certainly the case that few individual complaints have a cross-border element, with spam<br />
being a notable exception. Although this may suggest that there are not many privacy breaches with a<br />
cross-border dimension, it could just as well indicate that we lack good information on this topic’.<br />
115 See Eurobarometer Study (for the European Commission), ‘<strong>Data</strong> Protection in the European Union--<br />
Citizens’ Perceptions--Analytical Report’, February 2008,<br />
, at 33, indicating that only 17% <strong>of</strong> EU citizens<br />
are aware <strong>of</strong> European legal restrictions on transborder data flows.<br />
116 Eurobarometer Study (for the European Commission), ‘<strong>Data</strong> Protection in the European Union--<strong>Data</strong><br />
Controllers’ Perceptions--Analytical Report’, February 2008,<br />
, at 7.