DeBrae Kennedy-Mayo

This post examines a report issued in March 2022 by the Atlantic Council entitled, “Trading in U.S.-India Data Flows: Prospects for Cooperation in U.S.-India Data Policy.” Noting the opportunity created by the reconvening of the U.S.-India Trade Policy Forum (TPF), this report urges the Biden administration and the Modi government to pursue cooperation on cross-border data flows. [...]

In the paper entitled The Effects of Data Localization on Cybersecurity, CBDF Research Director Peter Swire and CBDF Senior Fellow DeBrae Kennedy-Mayo provide the first systematic examination of the effects of data localization laws on cybersecurity. The authors focus on the effects of “hard” data localization, where transfer of data is prohibited to other countries. The discussion includes both de jure and de facto effects, including China’s explicit laws, recent enforcement actions in the European Union, and proposed privacy legislation [...]

Update: On November 17, 2021, the Committee of Ministers of the Council of Europe adopted the Second Additional Protocol to the Budapest Convention. The Protocol is expected to be open to parties of the Convention for signature in May 2022.[59] ***** This November, the Council of Europe (CoE) hopes to finalize the adoption of the Second Additional Protocol to the Budapest Convention, in time for the 20th anniversary of the opening for signatures of the Convention in Budapest, Hungary.[1] The Convention when [...]

Data localization was a prominent theme among the nearly 200 comments submitted to the European Data Protection Board (EDPB) in response to its November, 2020 draft Guidance (the “Guidance”) about transferring personal data from the EU to third countries.[1] Based on a review of all the comments,[2] approximately 25% of the nearly 200 comments submitted to the EDPB expressed concern that the Draft Guidance would result, in practice, in data localization. Slightly more than 10% of the comments spoke explicitly to [...]