About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

29 Wash. Int'l L.J. 485 (2019-2020)
Cross-Border Data Flows, the GDPR, and Data Governance

handle is hein.journals/pacrimlp29 and id is 508 raw text is: 
Copyright © 2020 Washington International Law Journal Association


           CROSS-BORDER DATA FLOWS, THE GDPR,
                         AND DATA GOVERNANCE



                                    W.  Gregory Vosst


            Abstract:   Today, cross-border data flows  are an  important component  of
        international trade and an element of digital service models. However, they are impeded
        by restrictions on cross-border personal data transfers and data localization legislation. This
        Article focuses primarily on these complexities and on the impact of the new European
        Union  (EU) legislation on personal data protection-the GDPR. First, this Article
        introduces its discussion of these flows by placing them in their economic and geopolitical
        setting, including a discussion of the results of a lack of international harmonization of law
        in the area. In this framework, rule overlap and rival standards are relevant. Once this
        situation is established, this Article turns to an analysis of the legal measures that have
        filled the gap left by the lack of international regulation and the failure to harmonize law:
        extraterritorial laws in the European Union (regional legislation) and the United States
        (state legislation); and data localization laws in China and Russia. Specific provisions
        restricting cross-border personal data transfers are detailed under EU legislation, as are the
        international agreements that have been invaluable in allowing flows between the United
        States and the European Union to continue-first the Safe Harbor, and now the Privacy
        Shield. Finally, in this context, the role of data governance is investigated, both in the
        context of data controllers' accountability for the actions of other actors in global supply
        chains under EU law and under the Privacy Shield. Thus, this Article goes beyond the law
        itself, to place requirements in the context of the globalized business world of data flows,
        and to suggest ways that companies may improve their compliance position worldwide.

        Cite as: W. Gregory Voss, Cross-Border Data Flows, the GDPR, and Data Governance,
        29 WASH. INT'L L.J. 485 (2020).

1.      INTRODUCTION: THE ECONOMIC AND GEOPOLITICAL SETTING

        So,  when we start talking about regulation and we start talking
        about   GDPR, and we start talking about this extra territorial
        reach where the Europeans are going to find American





        Associate Professor of Business Law, TBS Business School, Toulouse, France. The author would
like to thank the dedicated editors and staff of the Washington International Law Journal for their helpful
suggestions and their diligent editing work on this Article, amid a worldwide pandemic, which made a
discussion of global data supply chains ever more poignant. The author may be contacted at g.vossotbs-
education.fr.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most