SpringerLink
Log in

Data Flows: International Transfer

  • Chapter
  • First Online:
Cybersecurity and Data Laws of the Commonwealth

  • 233 Accesses

Abstract

Data flows regulation has emerged as specific provisions within the broader regulation of data. These provisions help facilitate the transfer of data across international borders. However, not all countries compared in this book have established specific provisions within their data flows. As already highlighted, a central theme of this book is the digital economy and the many benefits that the free flow of data will bring to the Commonwealth. With the advent of technology there has been a steady increase in the amount of transnational flow of personal data, and the implications of this relatively new economy activity are only beginning to be fully understood. Today, personal data can be found in and across every sector, from education, trade, investment, primary industries, defence, national security, intellectual property, amongst others. The international transfer of this data offers significant economic and social benefits. This chapter examines the current day laws that allow for the international transfer of data amongst Commonwealth members.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Robert Walters, The Digital Economy and International Trade: Transnational Data Flows Regulation, WoltersKluwer (2022), Chap. 1.

  2. 2.

    Francesca Casalini, Javier López González (2019), “Trade and Cross-Border Data Flows”, OECD Trade Policy Papers, No. 220, (2019) OECD Publishing, Paris. http://dx.doi.org/10.1787/b2023a47-en.

  3. 3.

    The Commonwealth, Model Privacy Bill, Office of Civil and Criminal Justice Reform, 2017, https://www.asianlaws.org/gcld/cyberlawdb/COM/P15370_9_ROL_Model_Privacy_Bill_0.pdf The Commonwealth, Model Bill on the Protection of Personal Information https://www.asianlaws.org/gcld/cyberlawdb/COM/P15370_6_ROL_Model_Bill_Protection_Personal_Information_2.pdf.

  4. 4.

    Australian Government, Office of the Australian Information Commissioner, https://www.oaic.gov.au/privacy/the-privacy-act/review-of-the-privacy-act/privacy-act-review-issues-paper-submission/part-8.

  5. 5.

    Sam Sacks, Justin Sherman, “Defining Data Governance.” Global Data Governance: Concepts, Obstacles, and Prospects, New America, 2019, pp. 7–8.

  6. 6.

    Ibid.

  7. 7.

    Ibid.

  8. 8.

    Christopher Kuner, Transborder Data Flows and Privacy Law, Oxford University Press (2013), p 25. In Robert Walters, The Digital Economy and International Trade: Transnational Data Flows Regulation, WoltersKluwer (2022), Chap. 1.

  9. 9.

    Ibid, p. 26.

  10. 10.

    World trade Organisation, Trade Services Division, The General Agreement on Trade in Services, 2013, https://www.wto.org/english/tratop_e/serv_e/gsintr_e.pdf, Article I.1. Also see, General Agreement on Trade in Services, Article I.1, https://www.wto.org/english/docs_e/legal_e/26-gats_01_e.htm In Robert Walters, The Digital Economy and International Trade: Regulation of Transnational Data Flows, Kluwer Law (2022), Chap. 1.

  11. 11.

    Ibid, Definition of Services Trade and Modes of Supply, Article I.2.

  12. 12.

    Ibid, p. 3.

  13. 13.

    Privacy Act 1988, section 5B, C2014C00076. Also see Australian Government, Data Transfers, Guidelines for Data Transfers, https://www.cyber.gov.au/sites/default/files/2022-12/24.%20ISM%20-%20Guidelines%20for%20Data%20Transfers%20%28December%202022%29.pdf.

  14. 14.

    Optus affected an estimated 9.8 million individual records, with data now reportedly in the hands of hackers. Australia loses over $242 M to Crypto scams in 2022. Australian Bureau of Statistics, has revealed it has fended off close to a billion cyber-attacks against the census. Australia's No. 1 health insurer says hacker stole patient details Woolworths—personal details of 2.2 million customers. Telstra 300,000 former employers data breach. Costa Group tax, banking, financial passports.

    Sources: https://thecommonwealth.org/news/commonwealth-experts-meet-singapore-explore-solutions-increasing-cyber-risks-asia and https://www.techbusinessnews.com.au/australian-cyber-security-concerns-continue-to-rise-in-2022/ and https://www.theguardian.com/technology/2022/oct/20/census-website-struck-by-a-billion-attempted-cyber-attacks-australian-bureau-of-statistics-reveals and https://www.reuters.com/technology/after-telco-hack-australia-faces-wave-data-breaches-2022-10-20/ and https://www.itnews.com.au/news/large-australian-education-data-leak-traced-to-third-party-service-552781.

  15. 15.

    Data Protection Act 2013, section 8 http://laws.gov.ag/wp-content/uploads/2019/02/a2013-10.pdf.

  16. 16.

    Data Protection Act 2008, section 17, http://laws.bahamas.gov.bs/cms/images/LEGISLATION/PRINCIPAL/2003/2003-0003/DataProtectionPrivacyofPersonalInformationAct_1.pdf.

  17. 17.

    Ibid.

  18. 18.

    Data Protection Act 2019, section 22 https://gisbarbados.gov.bb/download/data-protection-act-2019/.

  19. 19.

    Data Protection Act 2019, section 23 https://gisbarbados.gov.bb/download/data-protection-act-2019/.

  20. 20.

    Data Protection Act 2019, section 24 https://gisbarbados.gov.bb/download/data-protection-act-2019/ According to section 25, data controllers and processors can develop binding corporate rules.

  21. 21.

    Data Protection Act, No. 32 of 2018, section 48. https://www.bocra.org.bw/sites/default/files/documents/DataProtectionAct.pdf.

  22. 22.

    Data Protection Act, No. 32 of 2018, section 49.

  23. 23.

    Data Protection Act, No. 32 of 2018, section 49.

  24. 24.

    Proposed Data Protection Act, 2022, section 42, 43. https://ictd.portal.gov.bd/sites/default/files/files/ictd.portal.gov.bd/page/6c9773a2_7556_4395_bbec_f132b9d819f0/Data%20Protection%20Bill%20en%20V13%20Unofficial%20Working%20Draft%2016.07.22.pdf.

  25. 25.

    Data Protection Act, 45 of 2021, section 23 https://www.nationalassembly.gov.bz/wp-content/uploads/2021/07/Data-Protection-Bill-2021-updated.pdf.

  26. 26.

    Data Protection Act, 45 of 2021, section 24 https://www.nationalassembly.gov.bz/wp-content/uploads/2021/07/Data-Protection-Bill-2021-updated.pdf.

  27. 27.

    Regulation 2016/679 Of the European Parliament and the European Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union L 119/1. Article 4 (23), defines, cross-border processing to be the processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

  28. 28.

    Regulation 2016/679 Of the European Parliament and the European Council, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union L 119/1. Article 44. Also see Recital 101 and 102.

  29. 29.

    European Commission, Data protection: Commission adopts adequacy decisions for the UK, https://ec.europa.eu/commission/presscorner/detail/en/ip_21_3183.

  30. 30.

    European Commission, Adequacy decisions, How the EU determines if a non-EU country has an adequate level of data protection. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

  31. 31.

    United Kingdom, UK and World Economic Forum to lead regulation revolution to foster industries of the future, 2019, https://www.gov.uk/government/news/uk-and-world-economic-forum-to-lead-regulation-revolution-to-foster-industries-of-the-future.

  32. 32.

    Ministry of Communications and Information Technology, 2011, https://www.meity.gov.in/writereaddata/files/GSR313E_10511%281%29_0.pdf.

  33. 33.

    Law No. 001/2011 on the Protection of Personal Data, https://www.dataguidance.com/notes/gabon-data-protection-overview Note that the law is in French, and utilised https://caseguard.com/articles/promoting-data-privacy-and-protection-in-gabon/ and DLA Piper, https://www.dlapiperdataprotection.com/index.html?t=law&c=GA.

  34. 34.

    Ibid.

  35. 35.

    Data Protection Act, 2020, section 31, https://japarliament.gov.jm/attachments/article/339/The%20Data%20Protection%20Act,%202020.pdf.

  36. 36.

    Data Protection Act 2022, sections 32, 33. https://www.esccom.org.sz/legislation/DATA%20PROTECTION%20ACT.pdf.

  37. 37.

    Data Protection Act 2022, section 33. https://www.esccom.org.sz/legislation/DATA%20PROTECTION%20ACT.pdf.

  38. 38.

    Data Protection Act 2019, https://www.odpc.go.ke/dpa-act/, sections 48, 49, 50.

  39. 39.

    Data Protection (General) Regulations 2021 Kenya.

  40. 40.

    Data Protection (General) Regulations 2021 Kenya, R 40, 41.

  41. 41.

    Data Protection Act 2013, section 52, http://www.nic.ls/lsnic/community/policies/Data_Protection_Act_2011_Lesotho.pdf.

  42. 42.

    Data Protection Bill 2021, Part VI, https://digmap.pppc.mw/wp-content/uploads/2022/03/Malawi-Data-Protection-Bill-final-draft-210630-.pdf.

  43. 43.

    Data Protection Bill 2021, section 34, https://digmap.pppc.mw/wp-content/uploads/2022/03/Malawi-Data-Protection-Bill-final-draft-210630-.pdf.

  44. 44.

    Data Protection Bill 2021, section 35, https://digmap.pppc.mw/wp-content/uploads/2022/03/Malawi-Data-Protection-Bill-final-draft-210630-.pdf.

  45. 45.

    Personal Data Protection Act 2010, section 129, https://www.kkmm.gov.my/pdf/Personal%20Data%20Protection%20Act%202010.pdf.

  46. 46.

    Personal Data Protection Act 2010, section 129(1), https://www.kkmm.gov.my/pdf/Personal%20Data%20Protection%20Act%202010.pdf.

  47. 47.

    Privacy Act 2020, Principle 12 https://www.privacy.org.nz/privacy-act-2020/privacy-principles/

  48. 48.

    Privacy Act 2020, section 193 https://www.privacy.org.nz/privacy-act-2020/privacy-principles/.

  49. 49.

    European Commission, 2013/65/EU: Commission Implementing Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand (notified under document (2012) (9557) Text with EEA relevance, OJ L 28.

  50. 50.

    Data Protection Regulation 2022, section 42 https://ndpb.gov.ng/Files/Nigeria_Data_Protection_Bill.pdf.

  51. 51.

    Law n°058/2021 of 13/10/2021 relating to the protection of personal data and privacy (the Data Protection Law), Article 49, https://www.minijust.gov.rw/fileadmin/user_upload/Minijust/Publications/Official_Gazette/_2021_Official_Gazettes/October/OG_Special_of_15.10.2021_Amakuru_bwite.pdf.

  52. 52.

    Personal Data Protection Act No. 9 of 2022, sections 26 https://www.parliament.lk/uploads/acts/gbills/english/6242.pdf.

  53. 53.

    Protection of Personal Information Act 2013, section 72, South Africa.

  54. 54.

    Privacy and Data Protection Act 2009, section 28, https://www.govt.lc/media.govt.lc/www/resources/legislation/PrivacyAndDataProtectionBill.pdf.

  55. 55.

    Fatma Songoro, Brief Highlight and Analysis of the Tanzania Data Protection Bill, 2002, October 2022, https://victoryattorneys.co.tz/insights-brief-highlight-and-analysis-of-the-tanzania-data-protection-bill-2022/.

  56. 56.

    Tshepiso Hadebe Togolese Republic, 2020, p3, https://dataprotection.africa/wp-content/uploads/2020/03/Togolese-Republic-Factsheet-update-20200331.pdf.

  57. 57.

    Tshepiso Hadebe Togolese Republic, 2020, p. 3, https://dataprotection.africa/wp-content/uploads/2020/03/Togolese-Republic-Factsheet-update-20200331.pdf.

  58. 58.

    Data Protection Regulation 2022, https://ndpb.gov.ng/Files/Nigeria_Data_Protection_Bill.pdf.

  59. 59.

    Data Protection Regulation 2022, section 72, https://ndpb.gov.ng/Files/Nigeria_Data_Protection_Bill.pdf.

  60. 60.

    Data Protection and Privacy Act 2019, sections 19 https://media.ulii.org/files/legislation/akn-ug-act-2019-9-eng-2019-05-03.pdf.

  61. 61.

    Data Protection Act 2021, sections 70, 71. https://www.parliament.gov.zm/sites/default/files/documents/acts/Act%20No.%203%20The%20Data%20Protection%20Act%202021_0.pdf.

Author information

Authors and Affiliations

  1. Victoria University, Melbourne, VIC, Australia

    Robert Walters

Authors
  1. Robert Walters
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robert Walters .

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Walters, R. (2023). Data Flows: International Transfer. In: Cybersecurity and Data Laws of the Commonwealth. Springer, Singapore. https://doi.org/10.1007/978-981-99-3935-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-3935-0_8

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-3934-3

  • Online ISBN: 978-981-99-3935-0

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation