- Data Transfers & the Accountability Model. The Accountability Model for international data transfers was first established by the Organisation for Economic Co-operation and Development (OECD) and subsequently endorsed and integrated into many legal systems and privacy principles. Under the Accountability Model, organizations that transfer data across transnational digital networks should implement procedures to ensure that data will continue to be protected, even if it is transferred to countries other than where it was first collected. The Accountability Model was first developed by the OECD, and was subsequently endorsed and has been integrated into many legal systems including those of Canada, the EU, Japan, New Zealand, and Singapore. This principle is also a significant feature of the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, the APEC Privacy Recognition for Processors (PRP) system, the APEC Cross Border Privacy Rules (CBPR) system, and the Association of Southeast Asian Nations (ASEAN) Model Contractual Clauses.
- Data Transfers & Cross-Border Interoperability Mechanisms. An important complement to international regulatory convergence efforts are mechanisms that ensure that different national legal regimes are “interoperable”—that is, compatible—with one another. In the context of personal information protection, such mechanisms may include (among other things) private codes of conduct; contractual arrangements; certifications, seals, or marks; white-listing or mutual recognition arrangements; and participation in government programs. These coordination mechanisms help bridge current gaps in international privacy norms while facilitating the safe and secure transfer of personal information.
- Data Transfers & Data Protection in Digital Economy Agreements. Another trust-building mechanism involves negotiating agreements to reaffirm core privacy standards while prohibiting unnecessary data transfer restrictions and data localization mandates. Key privacy principles affirmed in such agreements include limitation on collection, choice, data quality, purpose specification, use limitation, security safeguards, transparency, individual participation, and accountability. These agreements also typically reaffirm that the seamless and responsible movement of information across digital networks is foundational to a healthy, integrated global economy, and that any privacy-based restrictions should be limited to what is necessary to achieve a legitimate governmental policy objective. Overall, these agreements support legal certainty, helping grow digital trust, economic development, and technological innovation. To date, many countries have made, or are negotiating, such commitments under international agreements, including under the United States-Mexico-Canada Agreement (USMCA), the US-Japan Digital Trade Agreement, the Comprehensive and Progressive Trans-Pacific Partnership Agreement (CP-TPP), the Digital Economy Partnership Agreement (DEPA), the Australia-Singapore Digital Economy Agreement (DEA), the UK-Japan Comprehensive Economic Partnership Agreement, and the WTO Joint Statement Initiative on digital trade negotiations. This positive trend should continue.
Global Data Alliance, Cross-Border Data Policy Principles (2021); Global Data Alliance, Trends in International Negotiations on Data Transfers and Data Localization (2020).