Data Localization Laws and Policy
Show Less

Data Localization Laws and Policy

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon

Countries are increasingly introducing data localization laws, threatening digital globalization and inhibiting cloud computing adoption despite its acknowledged benefits. This multi-disciplinary book analyzes the EU restriction (including the Privacy Shield and General Data Protection Regulation) through a cloud computing lens, covering historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data, and control of access to data through security.
Buy Book in Print
Show Summary Details
You do not have access to this content

Chapter 6: Compliance and enforcement

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon


• Many non-compliant transfers must exist: total likely volumes of transfers must exceed (relatively few) volumes of compliant transfers. • Ubiquity of transfers: figures on trade with non-whitelisted countries, email traffic estimates. • Relatively low transfers under mechanisms, based on numbers of Safe Harbour subscribers and national/Commission statistics – few Member State authorizations notified, possible reasons: ignorance of Restriction, authorization unnecessary, deliberate breach (resources vs transfer volumes). • Enforcement of Restriction: dearth of data subject litigation, regulatory enforcement of data protection laws generally and Restriction specifically (illustrations from Sweden, the Netherlands, Spain, Poland, Italy, Slovenia, Norway); reasons why. Most address breaches of substantive principles, not location per se. Post-Schrems enforcement action particularly Germany, France. Enforcement under GDPR. • Enforcement of breaches of mechanisms: contracts, BCRs, Safe Harbour (EU Data Protection Panel, US FTC). • Focus should instead be on compliance with substantive principles, and increasing cross-border cooperation including under GDPR. Keywords: enforcement, penalties, fines, complaints, litigation, international regulatory cooperation

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information

or login to access all content.