When any of us go on holiday, if we want to access services while we're abroad, our data goes with us.

Agreement on International Data Transfer Regulations could unlock innovation

When any of us go on holiday, if we want to access services while we’re abroad, our data goes with us. This can be a problem, as we’re transferring data across global borders where there is no international agreement on privacy and data security standards.

Volume, Velocity And Variety

Not only is the volume and velocity of data transfers increasing at an exponential rate, but the number of jurisdictions where that data is going to is also widening. Say someone from your country wants to go on holiday to a remote location, like the beautiful but remote island of Socotra, and they’ve purchased holiday insurance. As soon as they have an accident, as their insurer, a huge number of third party data handlers will need to interact with you. The hospital will need to agree finance and will need to contact your local doctor who has all their medical records and information to be able to offer safe treatment. It might be necessary to arrange repatriation and deal with a large number of transport companies. Each time, you’re risking breaching sensitive and legally protected data.

The challenge is, whatever business you are operating, at the point of making a sale or a purchase, you don’t know the full extent of data flows that you have just committed yourself to making in future. This is particularly true with anyone who works in the finance industries, but many more organisations could be more reliant on international data flows than they imagine. When the Ukraine war started earlier this year and international sanctions were introduced, many companies were scrambling to find out what exposure they had to Russia through data brokers and a complex network of 3rd party vendors.

Solutions Are Coming

Work is beginning to find opportunities for international agreement on data flows. No one nation owns ‘the best’ approach to privacy regulation or data sharing, and local principles need to be respected. A number of organisations are looking for some common threads running through their frameworks, though. A number of documents have been published since March this year, and I would recommend this chapter as a good introduction to the topic.


The decision to agree to try to agree may not seem like a large step forward, but the lack of consensus on international data flows is harming those who could benefit the most. Small to Medium Sized Enterprises do not have the resources to be able to keep track of vast data flows in varying legislative jurisdictions. Many local insurance companies in developing markets, for example, may not have the funds to be able to underwrite high cost risks, but could access international markets, such as Lloyds, to make that offering, but only if they can guarantee compliance with certain data standards.

We look forward to seeing an update in this field soon.