Why We Need a Transatlantic Charter for Data Security and Mobility

Setting common guidelines for data flows is crucial both to protect the goods and services that already depend on big data and to support the next generation of productivity gains and business opportunities.

While trade and tax remain at the heart of the difficult economic conversations between Europe and the US, a new issue has emerged as a potential source of even greater friction: data.

Growth in the traditional global trade in goods and services has levelled off, but cross-border data flows continue to expand rapidly and the challenges of developing policies that protect privacy, security and innovation are already tremendous. For example, data analytics are driving dramatic productivity gains in industry, particularly for large and complex installations whose safety and efficiency will increasingly depend on flows of those data across jurisdictions. Meanwhile, ‘fintech’ (financial technology) start-ups and large banks alike are testing new modes of accumulating, analysing and deploying customer data to provide less expensive services and manage the risk profile of their businesses.

The rules that govern the collection, transmission and storage of data are perhaps one of the more surprising controversies in the transatlantic relationship. Similar liberal democracies with similar geostrategic interests might be expected to approach the handling of personal, corporate and government data in more or less the same way. And yet the US and its key European partners have struck different balances in the trade-offs between national security and citizens’ rights, between freedom of expression and personal privacy, and between free enterprise and market regulation.

While the US debate on the use of data has often been framed around the trade-off between national security and personal privacy, Europeans often face an even more complex set of concerns that include worries that their digital and technology firms lag behind dominant US competitors. The political and regulatory uncertainty helps neither side, and leaves transatlantic companies struggling to comply with uncertain and conflicting rules in different jurisdictions.

This makes more determined efforts by US and European policymakers to agree basic principles that will guide the usage and protection of personal and commercial data all the more important. While common regulations or even greater alignment among regulators seem out of reach, a ‘Transatlantic Charter for Data Security and Mobility’ would provide a set of principles for more specific rules amid political landscapes and technological developments that are evolving rapidly. It could also provide the basis for firms, whether in manufacturing or financial services or health care, to draft their own voluntary standards on how they protect data even as they develop new algorithms that improve productivity, safety and customer satisfaction.

Embarrassing leaks, careful denials and endless lawsuits will continue to shape the awkward efforts of policymakers to find common ground around issues like cyberespionage, defence of common networks and the sharing of personal data with law enforcement. Cyberattacks with the aim of disrupting government operations or influencing election campaigns will add still further pressures. These will all serve as a noisy backdrop to a related but separate debate over how commercial firms should exploit the opportunities of global networks and ‘big data’ analytics while protecting national interests and privacy.

Yet, setting common guidelines for commercial data transmission and storage remains crucial both to protect the goods and services that already depend on sophisticated data-gathering and analysis, and to support the next generation of productivity gains and business opportunities.

Global firms yearn for clarity and predictability as they organize themselves to make the most of the data revolution. Neither is likely to become a reality soon. The EU’s new General Data Protection Regulation will take effect in 2018, but its implementation will inevitably be coloured by the fact that American firms currently dominate the information technology business. Last year’s ‘Privacy Shield’ agreement between the US and the EU renews the permission for firms with transatlantic business interests to transfer data, subject to compliance with basic standards of protection, but the agreement remains vulnerable to European court challenges. Britain’s decision to leave the EU adds a further complication, as it establishes its own set of data protection rules that may not easily align with either European or US requirements. Meanwhile, the World Trade Organization continues to debate new rules for digital trade, even as markets like China, Russia and Brazil make up their own.

If this ‘Transatlantic Charter for Data Security and Mobility’ were adopted bilaterally, say as part of the annual reviews of the US–EU Privacy Shield agreement, it could form the basis for broader cooperation on these issues, helping to drive progress in the G7 and G20 and ultimately perhaps in trade agreements under the WTO. It would hardly secure complete alignment on these questions, but it could help establish the framework for a debate that all too often lurches to extremes and risks damaging a fundamental alliance for global stability – along with a fundamental driver of 21st-century economic progress.

Chatham House Expert Comment:

Dr Christopher Smart is Whitehead is Senior Fellow, US and the Americas Programme at The Royal Institute of Internatona Affairs

 

« Moneysupermarket.com Spammed 7 Million
Cyberterrorism: The Next Threat From Islamic State »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

Blancco Technology Group

Blancco Technology Group

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

Avatar Managed Services

Avatar Managed Services

Avatar offers proven, process driven IT support to companies who want to utilize their technology to their best advantage.

Coalition for Secure AI (CoSAI)

Coalition for Secure AI (CoSAI)

CoSAI is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research.