As part of the ongoing CBDF research project on data localization, this post examines a report issued in December, 2020 by the International Regulatory Strategy Group (IRSG) entitled, “How the Trend Towards Data Localization is Impacting the Financial Services Sector.” This report provides the most comprehensive analysis we have seen about the nature of data flows in the financial services sector. After reviewing global laws and regulations which limit or prevent cross-border data flows impacting the financial services sector, the IRSG report concludes that data localization poses an ineffective tool to support legitimate goals of data security, data privacy, regulatory oversight, support for local markets, and choice for customers.

Introduction Over the past year, the European Commission has generated an ever-expanding number of legislative proposals designed to make Europe “fit for the digital age”, in the words of Commission President Ursula von der Leyen.  International attention has focused most on two that would affect how large digital platform companies offer their services within the EU – the Digital Services Act and the Digital Markets Act– and on a third (the Data Governance Act[i]) that would establish a complex regulatory regime for the transfer of government-held non-personal data to third countries.

Professor Jennifer Daskal – senior research fellow at the Cross-Border Data Forum – has been named Deputy General Counsel (Cyber and Technology) at the U.S. Department of Homeland Security (DHS). Her work there will notably include acting as counsel for the Cybersecurity and Infrastructure Security Agency (CISA), as part of her cyber/tech portfolio. Professor Daskal is a prolific scholar, with recent publications including “The Un-Territoriality of Data,” in the Yale Law Journal, and “Borders and Bits,” in the Vanderbilt Law Review.

Introduction When the United States Congress enacted the CLOUD Act in 2018, law enforcement agencies around the world were encouraged that the innovative international agreements envisioned by the legislation would offer a solution to burgeoning difficulties in obtaining access to electronic evidence located in the United States.  Two years later, progress towards that goal has been slow: only one agreement, with the United Kingdom, has been signed, and reservations about this novel type of agreement persist in the privacy and civil liberties community in the United States and abroad.

Dr Clarisse Girot of Asian Business Law Institute, Mark Parsons of Hogan Lovells and Olga Ganopolsky of Macquarie Group discuss practical issues and geopolitical sensitives. The decision of the Court of Justice of the European Union (CJEU) in Schrems and Facebook Ireland v Data Protection Commissioner[1] (“Schrems II”) concerns the interpretation of the GDPR as a matter of EU law, but the implications of this ruling are global in their dimensions.

On December 9, 2020, the U.S. Senate Committee on Commerce, Science, and Transportation convened a hearing entitled “The Invalidation of the EU-US Privacy Shield and the Future of Transatlantic Data Flows”. The hearing: Explored policy issues that led to the Court of Justice of the European Union’s invalidation of the Privacy Shield in the Schrems II ruling; Examined the impact of the Schrems II ruling on U.S. businesses engaging in transatlantic digital commerce; and Examined steps that the U.S. Government is taking to develop a successor to the Privacy Shield.