22 February: Cross-Border Data Transfer Rules in the Making: What to expect from new cross-border data transfer regimes emerging in China, Brazil and India and the Global Cross Border Privacy Rules (CBPR) Framework

The Brussels Privacy Hub invites you for a webinar, to be hosted online on 22 February from 12:30 – 14:00 CET, titled ‘Cross-Border Data Transfer Rules in the Making: What to expect from new cross-border data transfer regimes emerging in China, Brazil and India and the Global Cross Border Privacy Rules (CBPR) Framework’. Registration is free but obligatory via this link.

While in the last six months, the European Commission has been busy with setting up the EU-US Privacy Framework and reviewing adequacy decisions adopted prior to the applicability of the GDPR (to recently conclude that no new action was needed), three other jurisdictions have been in the spotlight. First India, with its new Digital Personal Data Protection Act of 2023, has finally opted for a liberal stance towards cross-border data transfers, opting for a blacklist approach: the Central Government can restrict the transfer of personal data to notified countries. If no notification is issued, no restriction applies, although sector-specific restraints will remain in effect. Second, China has made public its will to soften its cross-border data transfer regime, which has been interpreted in the media as a strategy to please investors and in particular EU investors. The draft Provisions on Regulating and Promoting Cross-Border Data Transfers attempt to ease some of the most onerous requirements imposed upon the transfer of important and/or personal data. Third, Brazil now appears a strong candidate for EU adequacy as hinted by the EC. With its General Data Protection Law in force since 2020, Brazil’s data protection authority has recently released a draft regulation on international data transfers. The proposed framework seeks to govern personal data exports and establish guidelines for the implementation of the standard contractual clauses model.

At the same time, strategic jurisdictions such as Singapore (with whom the EC is currently negotiating a digital trade agreement) have been particularly active in the cross-border data transfer space, for example, promoting the Global Cross Border Privacy Rules (CBPR) Framework.

Join our webinar as we delve into the dynamic landscape of cross-border data transfers. Our expert panel will dissect recent evolutions and upcoming regulations and guidance in three key regional markets, as well as discuss attempts to reduce fragmentation at the global level.