Extract from Cassandre Coyer’s article “Beyond the DPF: A Look at Global Data Transfers Mechanisms for E-Discovery”
Many practitioners breathed a sigh of relief this summer when the European Union adopted an adequacy decision for the EU-U.S. Data Privacy Framework. But while transatlantic data transfers may have gotten a bit easier, in the background, 71 countries now have either drafted or standardized contractual clauses or other mechanisms for international data transfers, according to the IAPP.
For cross-border discovery, this means navigating a plethora of statutes and data localization laws enforced by local regulatory authorities.
A panel of experts at the “Navigating the Cross-Border Data Maze: Global eDiscovery in an Era of Fragmented Regulations” session at Georgetown University Law Center’s annual Advanced e-Discovery Institute conference on Friday attempted to paint a global picture of data transfers requirements, from mechanisms available in the U.K., France and China, among others.
For Rohan Massey, partner at Ropes & Gray and leader of the firm’s Data, Privacy and Cybersecurity practice, what is partially needed is “a localized approach and understanding of who you’re dealing with and what the political and cultural sensitivities will be as well because there is no standardization.”