IAPP’s Joe Jones and Isabelle Roccia on data transfers to Russia and India’s privacy law
August 2023 by IAPP’s Joe Jones and Isabelle Roccia
Last week saw major privacy shake-ups like EDPB issuing a decision data transfers to Russia and India passing its data privacy law. Please see the quotes from International Association of Privacy Professionals (IAPP) on what this means to the EU. IAPP’s Managing Director for Europe, Isabelle Roccia, said:
This week’s news about Russia and India confirm that privacy needs to be a Board issue. Data transfers remain the top compliance challenge for global organizations.
The decade-long politically-charged focus on trans-Atlantic data transfers had to mean the EU would eventually have to confront other challenging jurisdictions, such as Russia, to its principles and values.
The EU will also be expected to apply the same level of scrutiny and expectations to Russia and any other trading partners as it has to the U.S.
IAPP’s Director of Research & Insights, Joe Jones, said:
The global privacy aperture has widened. There was a time when it seemed the EU was the sole focus for privacy law and policy.
Indeed, many companies benchmarked their global privacy policies to the EU GDPR. Today, there is great velocity, variety, and scale of global privacy law proposals and law reform.
More countries are in the picture. India will soon finalise its new privacy law, which borrows and rejects different parts of the EU GDPR.
Likewise, Australia is in the midst of its own privacy reforms. Efforts are also underway in multilateral fora – e.g., at the G7, OECD, Commonwealth, Global CBPR Forum, and Council of Europe – to better cohere and coordinate more globally-scalable regulatory approaches to privacy and data flows.
This is all happening against a geo-political backdrop of new-found perspective and sharper focus on real-world privacy harms.