Determann’s Field Guide to International Data Privacy Law Compliance

Determann’s Field Guide to International Data Privacy Law Compliance

Lothar Determann

Companies, lawyers, privacy officers, developers, marketing and IT professionals face privacy issues more and more frequently. Much information is freely available, but it can be difficult to get a grasp on a problem quickly, without getting lost in details and advocacy. This is where Determann’s Field Guide to International Data Privacy Law Compliance comes into its own – helping to identify issues and provide concise practical guidance in an increasingly complex field shaped by rapid change in international laws, technology and society.

Chapter 2: International Data Transfers: Selecting Compliance Mechanisms

Lothar Determann

Subjects: law - academic, information and media law, internet and technology law, law -professional, technology, media and telecommunications law


If your company does not collect, use or process any personal data from other countries, you can skip this chapter or save it for later. But, most companies do, either because they have employees, customers, suppliers or other business partners in other jurisdictions, or because their customers, suppliers or other business partners do. If so, you will probably have to select and implement specific compliance mechanisms – either because your foreign business partners demand this or because you are responsible for the compliance status of the foreign entities (e.g., because they are your company’s subsidiaries). Then, the considerations set forth in this section will need to be taken into account. In practice, companies tend to agonize over this quite a bit, particularly with respect to European data protection law requirements. That is why the topic receives its own chapter. In general, businesses find international activities challenging because they have to understand and comply with requirements of laws, markets, languages, technology standards, cultures and other factors of multiple countries. This is the case also with respect to data privacy law compliance. Few businesses can satisfy themselves that they do not receive, use, host or send personal data across jurisdictional borders. After all, the decentralized data transmission structure of the Internet means that any company using email, Internet, telephony or the World Wide Web routinely sends and receives data through cables, satellites, antennas, routers and other communication equipment on foreign territories. This is true even for companies that have no other foreign interests...

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information