The Times Australia
Business and Money
Times Media

.

stricter European rules will have repercussions in Australia as global divisions grow

  • Written by Normann Witzleb, Associate Professor in Law, Monash University
stricter European rules will have repercussions in Australia as global divisions grow

A big year for privacy just got bigger. On July 16, Europe’s top court ruled[1] on the legality of two mechanisms for cross-border transfers of personal data.

The Court of Justice of the European Union (CJEU) struck down the “EU-US Privacy Shield”, an intergovernmental agreement on which thousands of US companies based their data processing with EU trading partners and consumers. At the same time, the CJEU generally upheld so-called “standard contractual clauses” (SCC) for data exports but imposed new requirements on their use.

The decision has an immediate impact on data flows between the USA and the EU. But it will also create new challenges for Australian companies that engage with Europe.

Read more: Tough new EU privacy regulations could lead to better protections in Australia[2]

The global reach of European privacy laws

In 2018, the EU brought into force[3] the General Data Protection Regulation (GDPR), one of the world’s strongest privacy protection frameworks. This latest decision provides further evidence that the GDPR has impact far beyond the EU. It allows data about European citizens to be exported outside the bloc only if an adequate level of data protection is guaranteed.

Adequacy can be demonstrated at country level, and some major trading partners of the EU (such as Japan, Canada and New Zealand) have been certified[4] by the EU as having a comparable level of privacy protection. Until a fortnight ago, US companies could likewise rely on an adequacy decision for the EU-US Privacy Shield[5]. The Privacy Shield allowed companies to self-certify their data practices against a set of minimum criteria and enhanced US regulatory oversight. The Court has now held that this is not enough.

What does this mean for Australia?

Australian companies and consumers need to be mindful of the new CJEU decision. Data exports are very common, particularly where companies operate multi-nationally, outsource some of their data processing or store data on overseas cloud servers.

Australia was not a party to the EU-US Privacy Shield. It also does not have EU adequacy status[6]. This is because our Privacy Act does not apply to small businesses, employee data, and political parties, amongst others. An EU entity that seeks to export personal data to Australia therefore needs to use other safeguards to ensure that EU personal data remains protected.

This is commonly done in the form of standard contractual clauses, by which the sender and recipient of data agree that their data processing meets GDPR standards. The CJEU has now clarified that companies and regulators must verify in each case that the clauses stand up in light of the recipient country’s data laws.

Governmental surveillance programs and access to effective legal remedies are a particular concern. Privacy professionals around the world now have to work out[7] what this new requirement means.

Read more: Here's what a privacy policy that's easy to understand could look like[8]

Deepening global divisions and the trend to data localisation

To comply with the ruling, companies need to engage in a more detailed risk analysis than before. In some cases, data may no longer be transferred. This is likely to contribute to an international trend to house critical data locally. A recent example of this trend is the COVIDSafe app[9]: the data it collects must remain in Australia.

The CJEU decision comes at a time of intense public debate of privacy in Australia[10] and many other countries. The COVID-19 pandemic has turbo-charged the digitalisation[11] of many aspects of daily life. Every digital transaction leaves traces in the form of personal information, which could be a target for data mining and surveillance by corporate and state actors.

It would be sensible to adopt internationally harmonised data protection standards to regulate global data streams. But the world appears currently headed in the opposite direction.

Despite both the EU and US sides emphasising the need for cooperation[12] after the CJEU ruling, the major trading powers and blocs are increasingly pitted against each other.

Apart from the long-standing EU-US division over privacy[13], China, India and Russia have also begun to assert their own distinct data processing models. These powers generally give their citizens fewer privacy rights than the EU. They also make increasing use of data localisation requirements, which prohibit or impede data export, to enforce their own data protection protocols. The intensifying conflict between the US and China, most recently erupting over the new security laws for Hong Kong, also marks data governance and cybersecurity[14] as significant battlegrounds.

Australia’s new challenges in data protection

Australia’s data regulation tends to be pragmatic and business-friendly. It steers a middle course between the conflicting privacy approaches of the US and the EU. However, in a world retreating from globalised regulation, it is becoming increasingly difficult not to take sides.

Privacy is looming larger than ever in public consciousness, and Australia’s Privacy Act is due for an overhaul[15]. More than ever, Australia needs to determine its own course in safeguarding personal information against potential overreach by corporations and governments.

References

  1. ^ ruled (curia.europa.eu)
  2. ^ Tough new EU privacy regulations could lead to better protections in Australia (theconversation.com)
  3. ^ brought into force (theconversation.com)
  4. ^ certified (ec.europa.eu)
  5. ^ EU-US Privacy Shield (www.privacyshield.gov)
  6. ^ does not have EU adequacy status (www.oaic.gov.au)
  7. ^ now have to work out (iapp.org)
  8. ^ Here's what a privacy policy that's easy to understand could look like (theconversation.com)
  9. ^ COVIDSafe app (theconversation.com)
  10. ^ in Australia (www.cmo.com.au)
  11. ^ turbo-charged the digitalisation (www.computerworld.com)
  12. ^ need for cooperation (www.reuters.com)
  13. ^ long-standing EU-US division over privacy (www.politico.eu)
  14. ^ data governance and cybersecurity (www.politico.com)
  15. ^ Privacy Act is due for an overhaul (treasury.gov.au)

Authors: Normann Witzleb, Associate Professor in Law, Monash University

Read more https://theconversation.com/data-privacy-stricter-european-rules-will-have-repercussions-in-australia-as-global-divisions-grow-142980

The Times Features

FedEx Australia Announces Christmas Shipping Cut-Off Dates To Help Beat the Holiday Rush

With Christmas just around the corner, FedEx is advising Australian shoppers to get their presents sorted early to ensure they arrive on time for the big day. FedEx has reveale...

Will the Wage Price Index growth ease financial pressure for households?

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to increase, it was the smallest increase in two and a half...

Back-to-School Worries? 70% of Parents Fear Their Kids Aren’t Ready for Day On

Australian parents find themselves confronting a key decision: should they hold back their child on the age border for another year before starting school? Recent research from...

Democratising Property Investment: How MezFi is Opening Doors for Everyday Retail Investors

The launch of MezFi today [Friday 15th November] marks a watershed moment in Australian investment history – not just because we're introducing something entirely new, but becaus...

Game of Influence: How Cricket is Losing Its Global Credibility

be losing its credibility on the global stage. As other sports continue to capture global audiences and inspire unity, cricket finds itself increasingly embroiled in political ...

Amazon Australia and DoorDash announce two-year DashPass offer only for Prime members

New and existing Prime members in Australia can enjoy a two-year membership to DashPass for free, and gain access to AU$0 delivery fees on eligible DoorDash orders New offer co...

Business Times

Will the Wage Price Index growth ease financial pressure for hous…

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to i...

Protecting Your Business from Cyber Threats: The Critical Role of…

In today’s digital world, cybersecurity threats pose a significant risk to businesses of all sizes. A data breach can lead ...

Kyndryl ANZ appoints new Head of Strategic Partnerships and Allia…

Former Head of Marketing to lead and grow Kyndryl’s local channel ecosystem and bolster technological capabilities Kyndr...