Why We Need a Transatlantic Charter for Data Security and Mobility

Setting common guidelines for data flows is crucial both to protect the goods and services that already depend on big data and to support the next generation of productivity gains and business opportunities.

While trade and tax remain at the heart of the difficult economic conversations between Europe and the US, a new issue has emerged as a potential source of even greater friction: data.

Growth in the traditional global trade in goods and services has levelled off, but cross-border data flows continue to expand rapidly and the challenges of developing policies that protect privacy, security and innovation are already tremendous. For example, data analytics are driving dramatic productivity gains in industry, particularly for large and complex installations whose safety and efficiency will increasingly depend on flows of those data across jurisdictions. Meanwhile, ‘fintech’ (financial technology) start-ups and large banks alike are testing new modes of accumulating, analysing and deploying customer data to provide less expensive services and manage the risk profile of their businesses.

The rules that govern the collection, transmission and storage of data are perhaps one of the more surprising controversies in the transatlantic relationship. Similar liberal democracies with similar geostrategic interests might be expected to approach the handling of personal, corporate and government data in more or less the same way. And yet the US and its key European partners have struck different balances in the trade-offs between national security and citizens’ rights, between freedom of expression and personal privacy, and between free enterprise and market regulation.

While the US debate on the use of data has often been framed around the trade-off between national security and personal privacy, Europeans often face an even more complex set of concerns that include worries that their digital and technology firms lag behind dominant US competitors. The political and regulatory uncertainty helps neither side, and leaves transatlantic companies struggling to comply with uncertain and conflicting rules in different jurisdictions.

This makes more determined efforts by US and European policymakers to agree basic principles that will guide the usage and protection of personal and commercial data all the more important. While common regulations or even greater alignment among regulators seem out of reach, a ‘Transatlantic Charter for Data Security and Mobility’ would provide a set of principles for more specific rules amid political landscapes and technological developments that are evolving rapidly. It could also provide the basis for firms, whether in manufacturing or financial services or health care, to draft their own voluntary standards on how they protect data even as they develop new algorithms that improve productivity, safety and customer satisfaction.

Embarrassing leaks, careful denials and endless lawsuits will continue to shape the awkward efforts of policymakers to find common ground around issues like cyberespionage, defence of common networks and the sharing of personal data with law enforcement. Cyberattacks with the aim of disrupting government operations or influencing election campaigns will add still further pressures. These will all serve as a noisy backdrop to a related but separate debate over how commercial firms should exploit the opportunities of global networks and ‘big data’ analytics while protecting national interests and privacy.

Yet, setting common guidelines for commercial data transmission and storage remains crucial both to protect the goods and services that already depend on sophisticated data-gathering and analysis, and to support the next generation of productivity gains and business opportunities.

Global firms yearn for clarity and predictability as they organize themselves to make the most of the data revolution. Neither is likely to become a reality soon. The EU’s new General Data Protection Regulation will take effect in 2018, but its implementation will inevitably be coloured by the fact that American firms currently dominate the information technology business. Last year’s ‘Privacy Shield’ agreement between the US and the EU renews the permission for firms with transatlantic business interests to transfer data, subject to compliance with basic standards of protection, but the agreement remains vulnerable to European court challenges. Britain’s decision to leave the EU adds a further complication, as it establishes its own set of data protection rules that may not easily align with either European or US requirements. Meanwhile, the World Trade Organization continues to debate new rules for digital trade, even as markets like China, Russia and Brazil make up their own.

If this ‘Transatlantic Charter for Data Security and Mobility’ were adopted bilaterally, say as part of the annual reviews of the US–EU Privacy Shield agreement, it could form the basis for broader cooperation on these issues, helping to drive progress in the G7 and G20 and ultimately perhaps in trade agreements under the WTO. It would hardly secure complete alignment on these questions, but it could help establish the framework for a debate that all too often lurches to extremes and risks damaging a fundamental alliance for global stability – along with a fundamental driver of 21st-century economic progress.

Chatham House Expert Comment:

Dr Christopher Smart is Whitehead is Senior Fellow, US and the Americas Programme at The Royal Institute of Internatona Affairs

 

« Moneysupermarket.com Spammed 7 Million
Cyberterrorism: The Next Threat From Islamic State »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

Paladion

Paladion

Paladion is a provider of managed IT security services.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

International Association of Security Awareness Professionals (IASAP)

International Association of Security Awareness Professionals (IASAP)

IASAP provides a members-only virtual sharing platform where security awareness professionals engage in a lively, year-round exchange of information and ideas.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

Nudge Security

Nudge Security

Nudge Security offer the world's first-ever SaaS security solution to discover shadow IT and curb SaaS sprawl across any device or location and nudges employees towards optimal security behavior.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

Triovega

Triovega

Triovega are a leading provider for production security and efficiency. Our solutions enhance OT security, and reduce production downtime.