The absence of harmonised data protection principles at a global scale is increasingly taking centerstage in the discourse of cross-border data flows. This calls for a forward-looking and principles-based approach to facilitate global convergence of data protection norms.
Before pushing for a global framework for data protection, the desirability thereof ought to be established. The social value of using data should be balanced against not only individual, but the collective harms caused by disclosure of personal data as well. The research project endeavours to establish a link between data protection and sustainable development. In doing so data protection emerges as an intermediate global public good. Utilising the literature available on ‘production technologies’ for provision of global public goods, the project seeks to determine the reasons for lack of international cooperation to provide data protection globally.
EU’s imposition of restrictions on cross-border flow of data to non-EU member countries and reliance on extraterritorial jurisdiction as a strategy to command compliance to its standards of data protection is not bearing desired results. In this regard, the inadequacy of standard contractual clauses and adequacy decisions in achieving effective diffusion of data protection principles enshrined in the GDPR is also analysed. Further, the CJEU’s ruling in Schrems II makes it amply clear that data transfer mechanisms cannot be used as a silver bullet to make up for weak data protection environment of the transferee country.
In the context of data-driven trade, the EU data protection framework acts as an impediment to the cross-border transfer of data and can be said to have negative implications for free trade. In the event of a GATS based challenge to the EU data protection framework embodied in the GDPR, provisions restricting cross-border data transfer run significant risk of being rendered incompatible. Nonetheless, divergent or the absence of data protection frameworks also impede cross-border trade in data. The inadequacy of GDPR to facilitate cross-border data flows between EU and non-EU countries adds to its handicap in securing convergence of data protection principles. Accordingly, the project underpins the need for principles-based approach towards global data protection.
International trade presents itself as an effective tool to aid international consensus building. In order to assimilate data protection principles in the policy framework of governments across the globe, their introduction as minimum standards in trade agreements would be a step in the right direction. EU jurisprudence on essence of fundamental rights can be relied upon to arrive at core principles of data protection which ought to be the pivot for desired convergence. In furtherance of this, my research project suggests leveraging trade agreements for securing international harmonization in the realm of data protection.