The US. Federal Trade Commission (FTC), together with regulators from the European Union and the Asia-Pacific Economic Cooperation, have announced a new tool that will help reconcile cross-border privacy rules on data transferred among member nations. The tool, unveiled as “Referential” will provide a check-list of privacy standards to help multinational internet businesses structure privacy policies to meet international laws.
According to the IAAP:
The referential is a pragmatic checklist that compares and identifies the common principles among BCRs and CBPRs and aims to help companies identify additional requirements they may need to comply with an order for their data transfers to be legal. Falque-Pierrotin specified, however, that the referential does not aim to create a mutual-recognition system.
“There is no judgment between the two systems, no legal assessment of a certain level of protection, no adequacy-finding mechanism,” she said. “It is just about being pragmatic for companies by developing a common checklist of our specific requirements.”
In other words, the Referential is not some international treaty to be ratified by member countries and, therefore, will not provide any sort of defense for Referential-complaint business.
On the other hand, businesses using the Referential as a guideline will have a good starting point for structuring privacy policies which are, more likely than not, to be “safe” under the varied rules of each member nation.
As a practical matter, e-commerce businesses do not need to worry about the rules of nations outside of their home jurisdiction until they become large enough to expand a physical presence into those outside nations. However, as trends in e-commerce have shown, a small startup can grow into a multinational organization in just a few years, so the Referential should prove to be a pretty decent “forward looking” tool for companies with international aims.
Enter your email to get started.