Free Flow of Foreign Data a Department Priority, State Official Says; CTA's Shapiro Cites GDPR
The State Department is fighting to maintain the free flow of data and maximize monetary value of the internet, as new international privacy laws threaten the ease of cross-border data transfer, said Deputy Assistant Secretary-Cyber and International Communications and Information Policy Robert Strayer Thursday. At a Media Institute event, Strayer cited Vietnam’s new digital economy strategy as an area of concern. From the audience CTA CEO Gary Shapiro cited efforts in China to “blockade” American tech sector progress and Europe’s “cumbersome” general data protection regulation, which he said further hampers U.S. competitiveness.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
“We’re certainly defending U.S. companies,” Strayer said, citing the 150 diplomats designated as digital economy and cyber officers at U.S. embassies. The internet is “worth trillions of dollars to the world economy, and it’s been one of the biggest ways we’ve been able to share prosperity around the world,” he said.
Shapiro said it’s clear the U.S. has more successful technology companies than the “rest of the world put together.” Recent findings from venture capital analyst PitchBook show the U.S. dominating (see 1804120055). The list for 2017 “unicorns,” or startups valued at more than $1 billion, includes 32 U.S. companies,18 Chinese, four from the U.K. and zero from continental Europe. But with the shifting regulatory landscape, Shapiro said, “it’s getting increasingly difficult for American companies to be successful outside of the United States.”
The State and Commerce departments are focused on securing a “fair shake abroad” for American companies, and this administration is particularly motivated to secure fair and reciprocal trade relationships for the U.S., Strayer said. It’s important to preserve the internet as an “engine for future growth,” he added.
State is seeking more specificity about how the GDPR will be applied regarding data-sharing and what business models will be explicitly authorized under the new law, Strayer said. This way, the agency can help minimize uncertainty for the GDPR’s May 25 launch, he said. One interesting “revelation” from the GDPR is that unlike the U.S., where a traditional agency implements regulations, the EU will have data protection authorities answer to a board when interpreting how to apply the new law consistently across the region, Strayer said. He also cited ICANN’s discussions with the EU over possible models that can be compliant with the GDPR.
Strayer noted the Clarifying Lawful Overseas Use of Data Act’s impact on cross-border data transfers for law enforcement. The Cloud Act allows bilateral agreements in which law enforcement can request transfer of foreign-stored data (see 1803220057). DOJ and State were lead agencies in crafting the now-law. Justice is responsible for ensuring potential partner nations have adequate due process and legal protections in place, and State for verifying human rights standards. The first country the U.S. is working with is the U.K., Strayer said. The law stems in part from a Supreme Court case in which Microsoft challenged a DOJ warrant demanding emails stored in a server based in Ireland. DOJ has obtained a new search warrant under the act.