We have launched the 2016 Global Surveillance Law Comparison Guide and Heat Maps as companies around the world continue to address complex laws and data access requests required for compliance.
To date, attempts to analyze the state of surveillance laws in individual jurisdictions within the EEA and elsewhere have proven to be difficult, as actual practices of intelligence authorities are cloaked in secrecy and laws are complex and fragmented in this area.
“Companies are confronted with questions on how to comply with the different laws and data access requests in various jurisdictions, particularly after the Court of Justice of the European Union (CJEU) noted concerns regarding reports of indiscriminate mass surveillance by the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) in the United States,” said Lothar Determann, Partner at Baker & McKenzie.
The CJEU raised the question whether the level of data protection in the USA is adequate and equivalent to the European Economic Area (EEA). The CJEU did not answer this question in its judgment but noted concerns regarding reports of indiscriminate mass surveillance by the NSA and the FBI in the United States. Since then, the EU Commission has published a revised draft adequacy decision relating to the United States data protection level and a proposed new "EU-U.S. Privacy Shield Program," which is accompanied by assurances by a number of U.S. government authorities regarding privacy protections relating to surveillance programs.
"Adoption of the EU-U.S. Privacy Shield is critical to strengthening data protection for data flows, and promoting the growth of business which benefits the economies on both sides of that Atlantic," said Brian Hengesbaugh, Chair of the Baker & McKenzie Global IT/C Data Security Working Group, and formerly a negotiator for the US government of the predecessor arrangement, called the Safe Harbor.
"Our hope with this study is to contribute to the ongoing dialogue about the state of surveillance laws in individual jurisdictions within the EEA and elsewhere, so as to increase transparency and reduce the uncertainty that could otherwise be introduced into the regulation of cross-border data flows," noted Anne-Marie Allgrove, Chair of the Baker & McKenzie Global IT/C Steering Committee.
Baker & McKenzie’s Guide and Heat Maps will provide an overview of the surveillance practices by intelligence services in 39 countries around the world and also summarize the related requirements for businesses (such as to install intercept capabilities and provide access to data) and rights of data subjects. The 2016 Guide aims to shed some light on these issues, providing a global overview of current government surveillance and data access practices. The Heat Maps include jurisdictional information on:
- Surveillance for an Economic Purpose
- Data Subject Notifications
- Right to Court Review
- Publicized Cases
- Challenge to Orders
- Liability for Disclosure
To access the Guide and Heat Maps, visit http://datasecurity.bakermckenzie.com/, or email Elmie Gonzales.