On January 10, 2017, the European Commission published a communication addressed to the European Parliament and European Council on Exchanging and Protecting Personal Data in a Globalized World (the “Communication”). The Communication aims to facilitate commercial data flows and foster law enforcement cooperation. In the Communication, the European Commission states that it will:
- Prioritize discussions on possible adequacy decisions with “key trading partners,” starting with (1) Japan and South Korea in 2017, (2) India, depending on the progress towards the modernization of its data protection laws, and (3) countries in Latin America (Mercosur) and the European Neighborhood.
- Conduct periodic reviews of existing adequacy decisions at least every four years because adequacy decisions are “living” documents. This includes reviewing the implementation of the EU-U.S. Privacy Shield through its annual joint review mechanism.
- Use multilateral fora such as the United Nations, G20 and APEC to foster international cooperation on data protection matters and to develop international enforcement mechanisms. In addition, the European Commission will promote the negotiation of framework agreements with its law enforcement partners, along the lines of the model provided by the “Umbrella Agreement.”
In another communication on Building a European Data Economy, published on the same date, the European Commission explores options (as part of its “Digital Single Market” Strategy) to remove unjustified or disproportionate EU data location restrictions, and outlines legal issues regarding data access and transfer, data portability and liability of non-personal, machine-generated digital data. In this second communication, the European Commission restates that it will seek to use EU trade agreements to set rules for e-commerce and cross-border data flows. The European Commission has launched a public consultation and dialogue with stakeholders on these topics to gather further evidence and to assess next steps.