Report

A Trusted Framework for Cross-Border Data Flows

October 05, 2023
by
The Tech, Law and Security Program at American University Washington College of Law
The German Marshall Fund of the United States
2 min read
This report, by the German Marshall Fund of the United States and the Tech, Law, and Security (TLS) Program at the American University Washington College of Law, proposes a new global framework that protects rights and allows practicable, scalable, and open data flows among democracies governed by the rule of law. Such a framework is essential as data is now an integral part of global infrastructure with profound societal benefits but also significant risks for individual privacy, commercial confidentiality, and national security.

The report, prepared by American University Law Professor Alex Joel, provides a roadmap for building on recent multilateral breakthroughs at the Organisation for Economic Co-operation and Development (OECD) and the G7, and from EU-US bilateral agreements. It calls on stakeholders to quickly initiate a multilateral, multistakeholder, and transparent process with an initial focus on commercial privacy and trusted government access.

“Without concerted efforts by all stakeholders, current measures for facilitating cross-border data flows could become increasingly difficult to implement in a manner that protects individual rights and enables countries to derive important economic and societal benefits from data flows,” writes Joel. “Although many options exist, it is important to start quickly, work multilaterally across sectors, and build on existing progress.”

The report proposes recommendations to advance a framework that ensures the secure free flow of data. Key elements of this framework include:

  • respect for the rule of law. participating countries must share a demonstrable commitment to democratic governance under the rule of law. Stakeholders should seek agreement on a common benchmark for identifying democracies that respect the rule of law.
  • being rights-protective. A framework for such data flows must consequently include meaningful safeguards that effectuate individual rights and protect data from the risk of abuse and misuse by private-sector entities and governments and must also have in place accountability mechanisms to ensure that those processing data are properly implementing safeguards based on a core set of rights-protective principles.
  • being practicable. The framework must consider that countries have different legal systems and that each, therefore, may establish its own safeguards and accountability mechanisms.
  • being scalable. The framework must keep pace with the speed, scale, and global reach of international data flows, and it must enable fair and efficient cross-border data-flow determinations based on agreed, objective criteria. This can be done through a “certification” or a similar mechanism.

Progress is achievable if stakeholders recognize the importance of the following:

  • ensuring governments are committed to the process
  • enhancing mutual understanding across sectors and borders
  • following up on progress on cross-border law enforcement access
  • building on the OECD trusted government access declaration
  • enhancing international cooperation on oversight and redress

Read the full report here.