Privacy, the new global trade war: Part 3

March 18, 2019

Green gradient background

What this new global trade war means for businesses and people in the future

In Privacy, the Global Trade War: Part 1, we discussed how, very much like with trade tariffs and taxes on goods, privacy legislation has evolved beyond just protecting personal data during international transfers into another instrument significantly affecting global trade. Part 2 highlighted how privacy laws’ impact goes well beyond privacy to impact businesses.

A new era of ‘Digital Protectionism’ seems to be upon us. As with any kind of trade war, the pressure is not just on the countries, but the main victims are the individuals and businesses that have to somehow adapt in the ever-changing patchwork of global privacy requirements. This means quite significant additional costs and significant pressure for compliance with specific requirements. In many cases, this also means various challenges to the operations and the way services are provided – for instance localization laws can be difficult to comply with by businesses providing AI or analytics services based in cloud.

For individuals, this means that too much regulation might effectively create data islands – preventing their residents from enjoying much of the global economy, like access to digital goods and services, being part of global supply chains and technological innovation.[1]

While facing such additional costs and hurdles, it is certainly tempting to not take the new laws too seriously and adopt ‘wait and see’ tactics depending on enforcement. However, this would not be the smartest call for two reasons.

First, the global regulatory authorities are steadily boosting their employee numbers and doubling down on enforcement action. In China, for instance, the likelihood that any company operating there will find itself in a legal blind spot where it can freely transfer commercial or business data outside the country is estimated at less than 1%.[2]

Second, it is not just the regulators who are much more vigilant now: consumers increasingly understand the part data has to play, and they want organizations to be accountable and transparent about what they’re doing. DMA Research shows that 88% of consumers cite transparency as the key to trust.[3] Consumer trust plays a large factor in overall competitiveness and is gaining strength as a market differentiator. The companies that value and prioritize privacy of individuals will likely see themselves emerging as winners in the market competition.

A general rule applies to privacy as much as to trade wars in general: Trade wars are bad for everybody. EU has been the first one to fully explore the potential of privacy-related regulatory requirements on global trade and to exercise its powers and interests over other states globally. The businesses worldwide are forced to comply with its requests or face restrictions accessing the EU consumer market. The EU has, however, also inspired other states to follow its suit and it is likely that in the near future, we will see a patchwork of states globally embracing this new sphere of potential influence and establishing their own privacy rules, while incurring global businesses additional compliance costs in the process. It is however important to highlight the underlying positive effects too: by establishing privacy laws in an increasing number of countries, a global safety net of data protection is being created and widened. This should ultimately benefit all individuals and hopefully allow for better enforcement of their fundamental human right to privacy and data protection. It is a great opportunity to finally consider the protection of privacy a foundational business principle as in daily life, the businesses will help to advance people’s privacy laws globally.

Manual for businesses

So, what is a business to do? The question is how to best leverage your resources and the work you have already done in order not to spread yourself thin. A good idea is to try and look for overlaps and similarities – for example, CCPA and LGPD are similar to GDPR in many ways. Use these overlaps to your advantage, exploit the commonalities and save your resources for complying with the unique specifics of each law.

The daily business operations in such a varied field can be highly challenging, as well as implementing the specific compliance requirements internally and towards your vendors and business partners. Often, this will mean incurring extra costs of setting up local data storage and segregating some of the information from the rest of the company’s operations. Other times, it will mean stronger push for regionalizing a lot of company operations and setting up local data processing.

Automatization is key for many of the legal compliance tasks. Keeping abreast with new laws ahead of time can be done through reliable software privacy knowledge base. Likewise, having a good analytical overview of what is your compliance readiness per each country and tracking assignments and tasks performance globally in real time are again things where the privacy software can be relied upon for the heavy-lifting. It is much easier to be aware of which specific operations are impacted by which laws and what are the key requirements – when you can display this in one comprehensive dashboard.

In view of the recent flurry of privacy laws, technology is clearly becoming a necessary tool to help every global compliance program. As we are all aware, software solutions cannot solve every privacy and compliance issue for us, but they can effectively free up our hands for the important compliance tasks ahead of us. With the whole issue of a privacy trade war being sparked off by rapid developments of data use by technologies, it is only fair to have technology help us to overcome some of these newly posed challenges.

[1] Harvard Business Review: The Dangers of Digital Protectionism, Yiyang Fan and Anil Gupta, August 30, 2018.



You may also like


Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more


Third-Party Risk

Are your third parties a privacy compliance liability? 5 tips to reduce your exposure

Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.

July 05, 2023

Learn more


Third-Party Risk

TPRM privacy compliance: 10 best practices when working with third parties

How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.

June 28, 2023

Learn more