Why We Need a Transatlantic Charter for Data Security and Mobility

Setting common guidelines for data flows is crucial both to protect the goods and services that already depend on big data and to support the next generation of productivity gains and business opportunities.

While trade and tax remain at the heart of the difficult economic conversations between Europe and the US, a new issue has emerged as a potential source of even greater friction: data.

Growth in the traditional global trade in goods and services has levelled off, but cross-border data flows continue to expand rapidly and the challenges of developing policies that protect privacy, security and innovation are already tremendous. For example, data analytics are driving dramatic productivity gains in industry, particularly for large and complex installations whose safety and efficiency will increasingly depend on flows of those data across jurisdictions. Meanwhile, ‘fintech’ (financial technology) start-ups and large banks alike are testing new modes of accumulating, analysing and deploying customer data to provide less expensive services and manage the risk profile of their businesses.

The rules that govern the collection, transmission and storage of data are perhaps one of the more surprising controversies in the transatlantic relationship. Similar liberal democracies with similar geostrategic interests might be expected to approach the handling of personal, corporate and government data in more or less the same way. And yet the US and its key European partners have struck different balances in the trade-offs between national security and citizens’ rights, between freedom of expression and personal privacy, and between free enterprise and market regulation.

While the US debate on the use of data has often been framed around the trade-off between national security and personal privacy, Europeans often face an even more complex set of concerns that include worries that their digital and technology firms lag behind dominant US competitors. The political and regulatory uncertainty helps neither side, and leaves transatlantic companies struggling to comply with uncertain and conflicting rules in different jurisdictions.

This makes more determined efforts by US and European policymakers to agree basic principles that will guide the usage and protection of personal and commercial data all the more important. While common regulations or even greater alignment among regulators seem out of reach, a ‘Transatlantic Charter for Data Security and Mobility’ would provide a set of principles for more specific rules amid political landscapes and technological developments that are evolving rapidly. It could also provide the basis for firms, whether in manufacturing or financial services or health care, to draft their own voluntary standards on how they protect data even as they develop new algorithms that improve productivity, safety and customer satisfaction.

Embarrassing leaks, careful denials and endless lawsuits will continue to shape the awkward efforts of policymakers to find common ground around issues like cyberespionage, defence of common networks and the sharing of personal data with law enforcement. Cyberattacks with the aim of disrupting government operations or influencing election campaigns will add still further pressures. These will all serve as a noisy backdrop to a related but separate debate over how commercial firms should exploit the opportunities of global networks and ‘big data’ analytics while protecting national interests and privacy.

Yet, setting common guidelines for commercial data transmission and storage remains crucial both to protect the goods and services that already depend on sophisticated data-gathering and analysis, and to support the next generation of productivity gains and business opportunities.

Global firms yearn for clarity and predictability as they organize themselves to make the most of the data revolution. Neither is likely to become a reality soon. The EU’s new General Data Protection Regulation will take effect in 2018, but its implementation will inevitably be coloured by the fact that American firms currently dominate the information technology business. Last year’s ‘Privacy Shield’ agreement between the US and the EU renews the permission for firms with transatlantic business interests to transfer data, subject to compliance with basic standards of protection, but the agreement remains vulnerable to European court challenges. Britain’s decision to leave the EU adds a further complication, as it establishes its own set of data protection rules that may not easily align with either European or US requirements. Meanwhile, the World Trade Organization continues to debate new rules for digital trade, even as markets like China, Russia and Brazil make up their own.

If this ‘Transatlantic Charter for Data Security and Mobility’ were adopted bilaterally, say as part of the annual reviews of the US–EU Privacy Shield agreement, it could form the basis for broader cooperation on these issues, helping to drive progress in the G7 and G20 and ultimately perhaps in trade agreements under the WTO. It would hardly secure complete alignment on these questions, but it could help establish the framework for a debate that all too often lurches to extremes and risks damaging a fundamental alliance for global stability – along with a fundamental driver of 21st-century economic progress.

Chatham House Expert Comment:

Dr Christopher Smart is Whitehead is Senior Fellow, US and the Americas Programme at The Royal Institute of Internatona Affairs

 

« Moneysupermarket.com Spammed 7 Million
Cyberterrorism: The Next Threat From Islamic State »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

RHEA Group

RHEA Group

RHEA Group offers aerospace and security engineering services and solutions, system development, and technologies including cyber security.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)

ICS-ISAC is a non-profit, public/private Knowledge Sharing Center established to help facilities develop situational awareness in support of local, national and international security.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

Bleckwen

Bleckwen

Bleckwen is a proven fraud detection system that helps financial institutions build trust with customers.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Barrier Networks

Barrier Networks

Barrier Networks are a Cyber Security Managed Service Provider that specialises in Network and Application security.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

XY Cyber

XY Cyber

XY Cyber enable Generative AI for Cyber Operations. We simplify the complex world of cyber threats into actionable strategies, empowering your defense with AI-powered solutions.