We are, perhaps, gradually winning the battle to persuade US lawyers, courts and regulators that the privacy and data protection requirements of other jurisdictions are not to be lightly ignored. When I first started talking about privacy in the US, I would be met with almost incredulous surprise that there were countries which would not fall over backwards to comply with the order of an American court.
Developments are coming thick and fast now, and the next major battleground is to persuade US corporations that the EU General Data Protection Regulation, due to take effect in just under two years time, is likely to affect them. Meanwhile, there is an existing regime, and not just in the EU, which requires attention whenever data is to be collected abroad. That changes as new jurisdictions, particularly in Asia, pass new laws regulating the control of data; it has already changed significantly in Europe with the invalidation of Safe Harbour by the Schrems decision.
What people need is a simple guide to the present data protection regimes by country, something which will give an instant answer at least at a high-level as to the sort of problems which might be faced. Continue reading