In a joint statement issued on Friday, 25 March, the US and EC stated that the upcoming policy will “strengthen the privacy and civil liberties protections applicable to U.S. signals intelligence activities.” Based on its initial description, the Trans-Atlantic Data Privacy Framework will bring closer regulations on how personal data linked to European citizens are processed and used on American soil, in turn seeking to reduce unregulated data access for surveillance tasks.
The body further said that the new policy will “establish a two-level independent redress mechanism with binding authority to direct remedial measures, and enhance rigorous and layered oversight of signals intelligence activities to ensure compliance with limitations on surveillance activities.”
A fact sheet for the Framework states that a Data Protection Review Court would be set-up by the American authorities, which will have independent power to take decisions on any grievances related to data sharing and privacy raised by European authorities. It is also expected to enable “continued data flows underpinning EUR 900 billion in cross-border commerce every year.”
Data sharing regulations in India
In India, the upcoming data privacy bill is expected to lay down regulations regarding cross-border data transfers, as well as localisation of personal data belonging to Indian users. The Bill has raised concerns for businesses that work with international technologies and services.
In January 2022, Ashish Aggarwal, head of public policy at Nasscom, said at a Medianama forum, “If you’re imagining a future where Indian SaaS (software as a service) companies, Indian startups are going to be global unicorns, then those very companies will face a problem with this law because then they want to optimize things and they want to be near to customers in terms of what they are offering as services and solutions. Then this very law will come and bite them right because it will require them to segment the way they architect their data and solution.”
Other industry stakeholders have further underlined how restrictions to data sharing across borders could hamper global services – offered by companies such as Google, Amazon, Facebook etc.
Big Tech companies have been lobbying for more fluid cross-border data transfer policies around the world. In October 2020, Google reportedly told a Joint Parliamentary Committee on the data protection bill that India should avoid data localisation requirements in a bid to keep business flows smooth and operational.
Google, on this note, has acknowledged the US-EU Trans-Atlantic Data Privacy Framework. Yesterday, Karan Bhatia, vice-president of government affairs and public policy at Google, said, “People want to be able to use digital services from anywhere in the world and know that their privacy is respected, and their information safe and protected. This agreement acknowledges that reality: it commits the parties to a high standard of data protection while establishing a reliable and durable foundation for the future of internet services on both sides of the Atlantic.”
He further added that such policies “serve as a floor, not a ceiling” towards allowing Google to operate beyond USA.