The problem with the cross-border flow of personal data

The transfer of personal data from one country to another is an unavoidable fact in the commercial and social context in which we live daily. What is decisive is that those data that pass from “one hand to another” at least receive a treatment similar to the one they received at home. For example, in the case of Peruvian legislation, we have article 11 of the personal data protection law that mentions the "principle of an adequate level of protection" that indicates the need for the recipient of the data to be able to "ensure a sufficient level of protection of personal data"So that the data that is" exported "can receive a level of protection equivalent to that received in Peru.

Subsequently, article 15 of the same law establishes a conditional for these transfers of personal data: the data flow can be carried out "only if the recipient country maintains adequate levels of protection”. Finally, if this is not possible, an obligation is established for the issuer of personal data to guarantee that the data is processed in accordance with the provisions of the law.

In reality, these obligations are quite reasonable to guarantee the protection of personal data, since otherwise, there would be no way to “protect” them outside the borders.

But, in other legislations, there are additional obligations, such as the fact of the “location of the data”, by which foreign companies receiving the data are usually required to store the information on local servers, or even the request of permission prior to the transfer of data, among other "questionable" obligations. In some cases it is said that these measures are necessary in the case of sensitive data, but in other cases it is simply justified for privacy reasons. And it is these latter data localization obligations that would be causing the problem.

The problem? The reduction in the total volume of trade, the decrease in productivity, and the increase in prices of the sectors involved (which are certainly not few). According to ITIF"a 1% increase in a nation's data restriction reduces its gross commercial production by 7%, reduces its productivity by 2.9%, and increases prices by 1.5% over five years"

The significance of the problem? It happens that international data flows will only increase as a result of the digital transformation of many sectors. In addition to the rise of industries that offer products and services based on data analysis.

Possible solution? The introduction of a “Global governance of data and location”. This will require the initiative of at least some countries that decide “work together to develop new norms, rules, cooperation mechanisms and agreements to address legitimate concerns raised by cross-border data flows while supporting the free flow of data".

Recommendations for such "global governance" to happen?

  1. Governments must provide multiple mechanisms for the cross-border flow of data, these mechanisms must be accessible to all companies regardless of their size.
  2. Companies must improve transparency in the handling of the personal data they process.
  3. Governments should support global market-led and voluntary efforts to develop and use digital and data technology standards.
  4. Governments must protect cloud-based government data and services. In addition to verifying that cloud providers are audited and qualified under national and international standards.
  5. Between others.
- Advertising Notice-
Marilú Lazo
Lawyer from the Pontificia Universidad Católica del Perú (PUCP). Director of The Crypto Legal Blog, she has experience in corporate advice, consumer protection, as well as in matters of personal data protection and new technologies.


1,954Happy fans


*All fields are required
es Spanish