Rafi Azim-Khan, Partner and Head of Data Privacy, Europe at Pillsbury and Chair of the British American Business’ Law Forum, was in Washington, DC yesterday to hear the important announcement of a key new data privacy initiative, blessed by regulators across the North America, Europe and Asia Pacific regions.
The initiative is aimed at assisting international businesses struggling to come to terms with increasingly complex global data privacy laws and increasing enforcement risks.
FTC Chairwoman Edith Ramirez and new EU Article 29 Working Party Chair Isabelle Falque-Pierrotin of CNIL were joined by UK Commissioner Christopher Graham, Ted Dean of the US Department of Commerce and Canadian APEC lead Daniele Chatelois in announcing publicly for the first time a new “Checklist” tool known as the “Referential”, designed to assist companies who have to deal with and transfer consumer and other types of data internationally. It applies to all businesses and all sectors.
Azim-Khan, who discussed with the Commissioners the goals behind the initiative, commented, “Whether a social media company or a car manufacturer marketing via its website, businesses of all shapes and sizes have been crying out for some practical help and guidance regarding their use of data and what is or is not likely to land them in hot water. Many feel recent changes to the laws in the EU and beyond, as well as significantly increased fine levels and scrutiny, are making day to day operations much more difficult and risky.”
“Given the world is becoming more connected, business more global and data use increasing, literally by the day, current laws and enforcement are proving very difficult to navigate without detailed analysis and a very careful approach. It can be time intensive and costly to get things right, and equally so if there is a breach, so anything which can help business deal with complex issues such as international data transfers and data use in multiple countries is to be welcomed. That said, this is very much just a first additional step and we will have to see what happens in terms of consultations and feedback.”
“This new initiative is also not a “silver bullet,” i.e. an “adequacy finding” nor “mutual recognition”, for example of Asia’s laws by the EU. Rather, it is one new tool worth exploring in the bigger scheme of compliance and given all the upheaval in the past year or so companies with significant global reach would still be advised to urgently audit what they are currently doing and seriously consider steps needed to bring their compliance up to date, for example considering the benefits of updated schemes such as Binding Corporate Rules”.
Note: The EU and the US have locked horns in recent months over criticisms the US is not doing enough to enforce Safe Harbor breaches by large US companies and the EU is proposing new “atomic weapon” fines of 2 or 5% of global revenue fines for non-compliance as part of new Regulation proposals.
Asia is presenting a problem for international companies as the laws are hugely varied and some are also now adopting tougher EU-style laws which US companies do not like.
This initiative is the first time the differing parties have tried to put aside differences in such a joined up way.