The argument over data flows – flows on

I attended a Roundtable Discussion with Google`s Director for Law Enforcement and Information Security, Richard Salgado, at the American Chamber of Commerce (AmCham) on 6 June and raised the issue of data flows. This is becoming a major global trade issue, led by India which has introduced rules to reduce the flows of Indian data outside its territories, as reported in the Newsletter last month. Mr Salgado confirmed that in order to encrypt data it is normally spread throughout the internet cloud. The issue has also attracted the attention of the Ministers of Trade meeting in parallel with the G20 in Osaka on 28-29 June. The Ministers released a statement saying:

“Cross-border flow of data, information, ideas and knowledge generates higher productivity, greater innovation, and improved sustainable development. At the same time, we recognize that the free flow of data raises certain challenges. By continuing to address challenges related to privacy, data protection, intellectual property rights, and security, we can further facilitate data free flow and strengthen consumer and business trust. In order to build trust and facilitate the free flow of data, it is necessary that legal frameworks both domestic and international should be respected. Such data free flow with trust will harness the opportunities of the digital economy. We will cooperate to encourage the interoperability of different frameworks, and we affirm the role of data for development.”

On another important issue, Mr Salgado outlined the new US “CLOUD Act”. There has been an ongoing problem for years between the USA and other countries over jurisdiction in matters where US companies are involved. The US law has held that any data (financial records etc) related to criminal or civil investigations which belong to a US company and are lodged in the USA may not be released to a foreign jurisdiction without a lengthy process taking place to establish mutual recognition. This was a splendid delaying tactic for criminals to manipulate and has become increasingly problematic when, for example, an internet giant such as Google is asked by, eg South Africa to provide supporting data during a court case. The solution is the new Clarifying Lawful Overseas Use of Data (CLOUD) Act of last year designed specifically to address the issue of the release to non-USA jurisdictions of US company data held in the USA. One more step towards more effective cyber-security.