ICC tackles concerns about cross-border access to company data

  • 20 March 2012
Cybersecurity

The International Chamber of Commerce (ICC) has issued a policy statement pointing out conflicts that can arise between law enforcement requirements and privacy commitments when governments seek access to personal data held by companies across national borders

Entitled “Cross-border law enforcement access to company data – current issues under data protection and privacy law”, the statement analyses the issues that can arise in such situations, and makes recommendations that can help ensure respect for both law enforcement interests and those under data protection and privacy laws and commitments.

“Companies that process data in different countries are facing increasing government pressure to comply with law enforcement and regulatory requests that may conflict both with data protection and privacy laws in other countries in which they operate, and with consumer expectations and commitments to business partners,” said Christopher Kuner, Chair of the Task Force on Protection of Personal Data and Privacy, established by the ICC Commission on the Digital Economy.

“While some countries or regions have legal frameworks for reconciling law enforcement requirements with requirements under data protection and privacy law, many do not, and this can cause companies major problems,” Mr Kuner added. “These sorts of problems are only increasing, given the growth in trans-border data flows.”

Such problems can include conflict with privacy and data protection laws; the violation of commitments to individuals, employees and/or customers; the risk of causing political tensions; and the negative impact a conflict of laws can have on companies’ decisions to invest in certain countries, thus impeding the flow of international commerce.

Drawn up by the ICC Task Force on Protection of Personal Data and Privacy, the statement aims to point out to governments and law enforcement authorities the conflicting requirements many companies are expected to meet; to make recommendations to allow these requirements to be reconciled, and thus to strengthen the flow of global commerce by giving companies the increased legal security they need.

“Implementation of the policy recommendations would allow for improved compliance with legitimate public and law enforcement requests, and would permit companies to better cope with conflicting legal obligations, promote compliance with data protection and privacy laws in general, and ultimately strengthen the flow of international commerce by giving companies increased legal security to plan further investments,” Mr Kuner said.

The ICC statement represents the participation of 95 companies, organizations and ICC national committees in 25 countries worldwide.

Read the entire policy statement.