Cross-Border Data Transfers: A Balancing Act through Federal Law

Abstract

Throughout the digital age, corporations have collected, used, and stored individuals’ digital information to efficiently market to consumers and expand their business. In fact, not only do retail companies rely on data, but also farmers, financial institutions, health services, and other businesses heavily depend on one’s in-formation. Despite the importance and necessity of data, the U.S. has failed to establish a comprehensive federal law addressing data issues. Many countries with developed or developing economies, however, have established laws related to data, a company’s usage of such data, and other data-related issues. A key obstacle plaguing U.S. businesses in terms of data law is cross-border data transfers. In adopting data-related laws, countries around the world have focused on an individual’s right to privacy and strengthened their data privacy regimes. However, because of the lack of a comprehensive federal law, other countries have been cautious or refused to allow U.S. companies to transfer the data of individuals to the United States. This wariness is rooted in the fact that current U.S. data privacy laws do not impose stringent enough standards for businesses that collect and use data, and the belief that the U.S. does not offer adequate protections for an individual’s sensitive personal information. Thus, foreign countries bar U.S. businesses from freely transferring data to the United States. As a result, U.S. businesses are required to either incur substantial compliance costs to adhere to foreign standards or cease to do business within countries with stringent data privacy laws. If the U.S. was to adopt a comprehensive data privacy law, businesses would be able to transfer data freely while protecting an individual’s sensitive personal data. Through looking at data privacy and cross-border data transfers through a comparative law lens, this article proposes that the United States should adopt a com-prehensive federal law regarding data privacy. To support this proposal, the article first compares U.S. law to Europe’s General Data Protection Regulation (“GDPR”) and other countries’ laws. This comparative analysis will illustrate how American businesses are disadvantaged by the lack of a general federal law. The comparative analysis also highlights strategies that the U.S. Congress can adopt to strike a better balance to both protect the privacy of U.S. citizens while also allowing U.S. businesses to remain efficient and financially unburdened

    Similar works