The Future of International Data Transfers: Managing New Legal Risk with a ‘User-Held’ Data Model
Publikation: Bidrag til tidsskrift › Tidsskriftartikel › Forskning › fagfællebedømt
Standard
The Future of International Data Transfers : Managing New Legal Risk with a ‘User-Held’ Data Model . / Jurcys, Paulius ; Corrales Compagnucci, Marcelo; Fenwick, Mark.
I: Computer Law & Security Review, Bind 46, 105691, 2022.Publikation: Bidrag til tidsskrift › Tidsskriftartikel › Forskning › fagfællebedømt
Harvard
APA
Vancouver
Author
Bibtex
}
RIS
TY - JOUR
T1 - The Future of International Data Transfers
T2 - Managing New Legal Risk with a ‘User-Held’ Data Model
AU - Jurcys, Paulius
AU - Corrales Compagnucci, Marcelo
AU - Fenwick, Mark
PY - 2022
Y1 - 2022
N2 - The General Data Protection Regulation (GDPR) contains a blanket prohibition on the transfer of personal data outside of the European Economic Area (EEA) unless strict requirements are met. The rationale for this provision is to protect personal data and data subject rights by restricting data transfers to countries that may not have the same level of protection as the EEA. However, the ubiquitous and permeable character of new technologies such as cloud computing, and the increased inter-connectivity between societies, has made international data transfers the norm and not the exception. The Schrems II case and subsequent regulatory developments have further raised the bar for companies to comply with complex and, often, opaque rules. Many firms are, therefore, pursuing technology-based solutions in order to mitigate this new legal risk. These emerging technological alternatives reduce the need for open-ended cross-border transfers and the practical challenges and legal risk that such transfers create post-Schrems. This article examines one such alternative, namely a user-held data model. This approach takes advantage of ‘personal data clouds’ that allows data subjects to store their data locally and in a more decentralised manner, thus decreasing the need for cross-border transfers and offering end-users the possibility of greater control over their data.
AB - The General Data Protection Regulation (GDPR) contains a blanket prohibition on the transfer of personal data outside of the European Economic Area (EEA) unless strict requirements are met. The rationale for this provision is to protect personal data and data subject rights by restricting data transfers to countries that may not have the same level of protection as the EEA. However, the ubiquitous and permeable character of new technologies such as cloud computing, and the increased inter-connectivity between societies, has made international data transfers the norm and not the exception. The Schrems II case and subsequent regulatory developments have further raised the bar for companies to comply with complex and, often, opaque rules. Many firms are, therefore, pursuing technology-based solutions in order to mitigate this new legal risk. These emerging technological alternatives reduce the need for open-ended cross-border transfers and the practical challenges and legal risk that such transfers create post-Schrems. This article examines one such alternative, namely a user-held data model. This approach takes advantage of ‘personal data clouds’ that allows data subjects to store their data locally and in a more decentralised manner, thus decreasing the need for cross-border transfers and offering end-users the possibility of greater control over their data.
U2 - 10.1016/j.clsr.2022.105691
DO - 10.1016/j.clsr.2022.105691
M3 - Journal article
VL - 46
JO - Computer Law and Security Review
JF - Computer Law and Security Review
SN - 0267-3649
M1 - 105691
ER -
ID: 289918618