Data Localization Laws and Policy
Show Less

Data Localization Laws and Policy

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon

Countries are increasingly introducing data localization laws, threatening digital globalization and inhibiting cloud computing adoption despite its acknowledged benefits. This multi-disciplinary book analyzes the EU restriction (including the Privacy Shield and General Data Protection Regulation) through a cloud computing lens, covering historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data, and control of access to data through security.
Buy Book in Print
Show Summary Details
You do not have access to this content

Chapter 5: Mechanisms and derogations

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon


• Compliance – harmonization, complexities. • ‘Adequate protection’ – individual transfers/sets, third countries. • Commission ‘whitelisting’ adequacy decisions. • GDPR’s ‘adequacy’; self-assessment. • Safe Harbour: doubts (Germany). Schrems, workarounds. • EU-US Privacy Shield: differences; regulators’ concerns; invalidation risk. Data localization misconceptions. • The Restriction as a ‘Frankenrule’ on data location alone: SWIFT; cloud decisions: the Netherlands, Hungary. US response to WP196. • Onward transfers, processors, layered cloud, Privacy Shield requirements – subprocessor contracts. Problems in cloud. • Law enforcement, national security access. • Restriction’s superfluity for ‘transfers’ to processors. • ‘Adequate safeguards’, Member State authorizations: • GDPR’s ‘appropriate safeguards’. • Standard contractual clauses – problems. Transfer, location and/or law/jurisdiction, subprocessors, bipartite/internal/multipartite transfers, law enforcement access, adequacy post-Schrems. Cloud, subprocessors, GDPR. • Binding corporate rules: issues, cloud problems, GDPR. • Ad hoc agreements. • GDPR’s codes and certifications; issues. • Derogations, ‘consent’ difficulties. GDPR, legitimate interests. • Onward transfers, GDPR – problems. • GDPR – technology-neutrality; cloud implications. Keywords: adequate protection, Safe Harbour, Privacy Shield, model clauses, BCRs, Schrems

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information

or login to access all content.