International cooperation for data protection


Data security breaches including leaks of business-critical data and sensitive information that arose out of international data exchanges, laid bare the need for having robust data privacy laws as well as more coordination between the stakeholder nations involved. What often happened is that, while law-enforcement agencies could make companies comply with their national data-privacy laws and could prosecute those involved in data security breaches in their own nations, the same was not possible when it happened at an international level. Reason for this was the lack of a common legal framework spanning across borders.

Passed in the year 2018, the General Data Protection Regulation (GDPR) was the first such law that sought to regulate companies that processed any personal data (including biometrics) from any EU citizen or/and had operations in Europe. With the passage of time, new developments, and evolutions in the arena of data privacy laws continue to take place.

On 21 March 2022, the European Union along with 9 other nations including Australia, Comoros, India, Japan, Mauritius, New Zealand, South Korea, Singapore, and Sri Lanka passed the 'Joint Declaration on Privacy and the Protection of Personal Data: Strengthening trust in the digital environment'. This joint declaration seeks to strengthen international cooperation in the arena of data protection and privacy standards. The participating nations noted that although rapid developments in information technology resulted in unprecedent benefits for their economies and societies, they brought along with them unique challenges with respect to privacy and the protection of personal data.

The declaration further stated, in recognition of the G20 Rome Leaders' Declaration, that fostering data free flow with trust is necessary for maximizing benefits provided by the digital economy – therefore it also becomes indispensable to cultivate respect for individuals' right to privacy and the protection of personal data as a core value and fundamental freedom, in accordance with these countries' respective legal frameworks. The declaration also states that mistrust regarding data handling practices has negatively affected their diverse societies and economies since it creates reluctance among individuals and communities towards adopting modern technologies, public authorities become hesitant in sharing personal data with foreign partners, and commercial exchanges face more hurdles than usual. This is becoming a roadblock towards achieving UN 2030 Agenda for Sustainable Development and the ninth goal of building resilient infrastructure, promoting sustainable industrialisation, and fostering innovation.”

Built upon core principles of fairness, transparency, purpose limitation, data minimisation, limited data retention, data security and accountability, one of the major objectives of this declaration is having comprehensive cross-border legal frameworks and policies covering both the private and public sector. The declaration affirmed its commitment towards fostering and developing international policy discussions on the subject thereby promoting a shared vision and convergence amongst data protection frameworks. Moreover, today data traverses freely across multiple jurisdictions and this has led to a situation wherein data breaches that take place outside the confines of a particular nation-state escape the long arm of law. Consequently, member-nations stressed upon the need for independent operations to be conducted by an autonomous authority and having an effective redressal mechanism, so that data privacy offenders cannot escape prosecution anywhere in the world. This joint declaration is a major step towards achieving that.

International cooperation for data protection
Image credit:

For questions and comments, please visit our forum on Futurium.